Bobby Brewster: > What are the benefits of running TBB in a VM? > > AIUI, there are two advantages. > > 1. If malware infects the VM, then just the VM is compromised. If your > Windows/Mac/Linux system is infected, then your entire system is affected > (yes, I realise that it should be only the user account for Linux unless you > are root). > > 2. If your system is comprimised, your real IP cannot be discerned. For > example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. > However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This > gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP. > > Does this make sense? Are there other benefits? Any disadvantages? Thanks.
point 1 makes sense. it's not bullet proof. but, unless you are dealing with malware that is designed to break out of the restrictions imposed by a vm, you have spared yourself a headache. you can further mitigate against such common malware risks by using a system of snapshots. while not as ideal as a "live" configuration, after you set up your virtual machine for use, you can make a snapshot of it and, after each completed session, restore your vm from the snapshot. unless you received malware designed to exploit a vm, this will result in the malware being gone the next time you use the vm as well. point 2 does not work. any malware that phones home will show your ip address in that configuration. however, if you use something like whonix, where you have a gateway vm that pushes all of your workstation vm traffic through tor, you have another layer of protection against malware with phone home capabilities. -- gpg key - 0x2A49578A7291BB34 fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk