[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?
On Mon, Mar 26, 2012 at 00:52, intrigeri <intrigeri@xxxxxxxx> wrote:
> I'm curious about what resources proved to be limiting during your
> experiments, and what "too demanding" means in your usecases.
Well, Intel VT / AMD-V virtualization extensions are rarely available
on laptops, and without these extensions (accessible, e.g., via KVM),
running a virtualized instance is extremely slow (startup time is also
very high if only doing that for specific applications, even with
KVM). There are also RAM requirements — how much do you allocate? This
needs to be decided in advance, regardless of how much memory the user
needs for performing the task in the VM.
> I would be happy to learn why you consider this is pointless.
Relying on such (intrinsically complex) VM separation for security of
specific applications means that you don't trust your system to
perform basic tasks like user privileges separation (e.g., when unsafe
browser is run under dedicated user credentials). This is somewhat
contradictory. For tasks like abstracting network interfaces and other
hardware, the user can run everything in a VM by themselves — why
force it on everyone? For approaches like Qubes OS, see my comment
here: https://forum.dee.su/topic/gui-isolation.
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk