[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Benefits of Running TBB in a VM?



>>>if your non-VM host system has been compromised, there is absolutely no
>>>notable advantage to using a vm.  your vm will be affected by the
>>>malware that sits on the host system.  


I don't understand this. If my Ubuntu system has a virus / rootkit / whatever then what I do on it is compromised.

The VM is, in effect, a seperate OS. How would it be affected by the malware on the non-VM system?



On Saturday, July 5, 2014 3:19 PM, Tempest <tempest@xxxxxxxxxxxxx> wrote:
 


Bobby Brewster:
> 
> Currently, my Tor use model is as follows:
> 
> Me (TBB in Ubuntu) ---> VPN ---> Tor (entry node) ---> Tor network
> 
> I could, instead, do:
> 
> Me (TBB Ubuntu VM) ---> VPN (configured in VM) ---> Tor (entry node) ---> Tor network
> 
> However, from what I've read, there isn't really any advantages to using a VM unless the non-VM system has been compromised (e.g. trojan / rootkit / whatever).

if your non-VM host system has been compromised, there is absolutely no
notable advantage to using a vm.  your vm will be affected by the
malware that sits on the host system.  however, if you use a vm and the
vm gets infected by malware, you have an extra layer of protection
against the malware infecting your host system. thus, with the snapshot
method i described, you can effectively wipe away malware in certain
scenarios.

from an anonymity standpoint, whether running from your host or from a
vm, malware with a phone home system has a greater chance of
successfully identifying you than if you used a system like whonix.

> Also, one thing I'm unclear about is, if one is using a VM, whether a bridged or NAT'd connection is superior.
> 
> The only difference I can see is that the bridge provides a 192.168.x.x address while the NAT provides a 10.0.2.x address. Both appear as the interface eth1.
> 
> Any opinions?

for anonymity, it doesn't make any difference. you're better off running
it as an "internal network" and using an additional vm as a gateway that
has rules to push all traffic through the tor network.

-- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk