Ben Tasker wrote:
But don't, please, follow the suggestion of using root for routine non-internet tasks. You should use privileged accounts only when you actually require that level of privilege. Also keep in mind that while malware running as an unpriviliged user cannot (generally) hose the system, it can still steal/corrupt whatever data that user has access to. Unless this is a shared system, you probably care more about that data than the OS files themselves.
Ben is right about not using root for routine tasks. But you can still follow your original idea by creating one or more *nonprivileged* accounts for non-internet tasks. Even w/o using VMs you can block these accounts from *initiating* connections to the Internet with iptables rules. If you set up permissions correctly, then so long as malware does not achieve root level privilege the information in these non-internet accounts should remain safe. So you have a range of options from no VMs to fully isolated VMs on separate machines to running a live CD/DVD for internet access. HTH Jim -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk