[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: More Secure Tor Browsing Through A Virtual Machine in Ubuntu

Ringo wrote:
> I would appreciate any feedback people have on this. This is just an
> idea and it's kind of beta, so don't use this unless you know what
> you're doing. PGP key at bottom of message
> More Secure Tor Browsing Through A Virtual Machine in Ubuntu

IMHO, you're on the right track.

Due to limited resources on my laptop, I've used (hardened) chroot jails
to contain tor, my browser, mail client, dhcpd client, etc. - primarily
to contain any successful intruder. Hotspot laptop users are constantly
being probed and subjected to the latest attack scripts.

But ISTM that small, optimized, hardened little VMs would be ideal -
additionally protecting anonymity; perhaps reasonably allowing the use
of JS on your browser within your browser VM.

Your post begs the questions:

1. Which VM software are the most breakout proof, should an attacker
gain access with a root shell?

2. Which VMs' guest software are the most opaque - i.e. have NO
information available to a roving root?

3. Which VMs require the least overhead?

4. IIUC, one can attach a VM to his existing OS, or one can first
install some sort of hypervisor followed by a primary OS, and a series
of secondary OS's? If this is true, what are the pros and cons of either
approach. (I presume that you want a number of VMs - each containing
sensitive or vulnerable applications)