[tor-talk] Benefits of Running TBB in a VM?

Bobby Brewster bobbybrewster203 at yahoo.com
Thu Jul 3 19:04:18 UTC 2014


--------------------------------------------
On Thu, 7/3/14, Tempest <tempest at bitmessage.ch> wrote:

 Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
 To: tor-talk at lists.torproject.org
 Date: Thursday, July 3, 2014, 5:48 AM
 
 Bobby Brewster:
 >
 What are the benefits of running TBB in a VM? 
 > 
 > AIUI, there are two
 advantages.
 > 
 >
 1.    If malware infects the VM, then just the VM is
 compromised. If your Windows/Mac/Linux system is infected,
 then your entire system is affected (yes, I realise that it
 should be only the user account for Linux unless you are
 root).
 > 
 > 2.   
 If your system is comprimised, your real IP cannot be
 discerned.  For example, in my non-VM Ubuntu machine, my
 wlan0 IP is listed as 192.168.1.50. However, on my NAT'd
 VirtualBox Ubuntu, there is no wlan0, only eth1. This gives
 an IP of 10.0.2.15 which is obviously not the IP assigned by
 my ISP. 
 > 
 > Does
 this make sense?  Are there other benefits?  Any
 disadvantages?  Thanks. 
 
 point 1 makes sense. it's not bullet proof.
 but, unless you are dealing
 with malware
 that is designed to break out of the restrictions imposed
 by a vm, you have spared yourself a headache.
 you can further mitigate
 against such common
 malware risks by using a system of snapshots. while
 not as ideal as a "live"
 configuration, after you set up your virtual
 machine for use, you can make a snapshot of it
 and, after each completed
 session, restore
 your vm from the snapshot. unless you received malware
 designed to exploit a vm, this will result in
 the malware being gone the
 next time you use
 the vm as well.
 
 point 2
 does not work.  any malware that phones home will show your
 ip
 address in that configuration.  however,
 if you use something like
 whonix, where you
 have a gateway vm that pushes all of your workstation
 vm traffic through tor, you have another layer
 of protection against
 malware with phone
 home capabilities.
 
--------------

Currently, my Tor use model is as follows:

Me (TBB in Ubuntu) ---> VPN ---> Tor (entry node) ---> Tor network

I could, instead, do:

Me (TBB Ubuntu VM) ---> VPN (configured in VM) ---> Tor (entry node) ---> Tor network

However, from what I've read, there isn't really any advantages to using a VM unless the non-VM system has been compromised (e.g. trojan / rootkit / whatever).

Also, one thing I'm unclear about is, if one is using a VM, whether a bridged or NAT'd connection is superior.

The only difference I can see is that the bridge provides a 192.168.x.x address while the NAT provides a 10.0.2.x address. Both appear as the interface eth1.

Any opinions?



More information about the tor-talk mailing list