[tor-talk] Benefits of Running TBB in a VM?
Tempest
tempest at bitmessage.ch
Thu Jul 3 12:48:07 UTC 2014
Bobby Brewster:
> What are the benefits of running TBB in a VM?
>
> AIUI, there are two advantages.
>
> 1. If malware infects the VM, then just the VM is compromised. If your Windows/Mac/Linux system is infected, then your entire system is affected (yes, I realise that it should be only the user account for Linux unless you are root).
>
> 2. If your system is comprimised, your real IP cannot be discerned. For example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP.
>
> Does this make sense? Are there other benefits? Any disadvantages? Thanks.
point 1 makes sense. it's not bullet proof. but, unless you are dealing
with malware that is designed to break out of the restrictions imposed
by a vm, you have spared yourself a headache. you can further mitigate
against such common malware risks by using a system of snapshots. while
not as ideal as a "live" configuration, after you set up your virtual
machine for use, you can make a snapshot of it and, after each completed
session, restore your vm from the snapshot. unless you received malware
designed to exploit a vm, this will result in the malware being gone the
next time you use the vm as well.
point 2 does not work. any malware that phones home will show your ip
address in that configuration. however, if you use something like
whonix, where you have a gateway vm that pushes all of your workstation
vm traffic through tor, you have another layer of protection against
malware with phone home capabilities.
--
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34
More information about the tor-talk
mailing list