-------------------------------------------- On Thu, 7/3/14, Tempest <temp...@bitmessage.ch> wrote:
Subject: Re: [tor-talk] Benefits of Running TBB in a VM? To: tor-talk@lists.torproject.org Date: Thursday, July 3, 2014, 5:48 AM Bobby Brewster: > What are the benefits of running TBB in a VM? > > AIUI, there are two advantages. > > 1. If malware infects the VM, then just the VM is compromised. If your Windows/Mac/Linux system is infected, then your entire system is affected (yes, I realise that it should be only the user account for Linux unless you are root). > > 2. If your system is comprimised, your real IP cannot be discerned. For example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP. > > Does this make sense? Are there other benefits? Any disadvantages? Thanks. point 1 makes sense. it's not bullet proof. but, unless you are dealing with malware that is designed to break out of the restrictions imposed by a vm, you have spared yourself a headache. you can further mitigate against such common malware risks by using a system of snapshots. while not as ideal as a "live" configuration, after you set up your virtual machine for use, you can make a snapshot of it and, after each completed session, restore your vm from the snapshot. unless you received malware designed to exploit a vm, this will result in the malware being gone the next time you use the vm as well. point 2 does not work. any malware that phones home will show your ip address in that configuration. however, if you use something like whonix, where you have a gateway vm that pushes all of your workstation vm traffic through tor, you have another layer of protection against malware with phone home capabilities. -------------- Currently, my Tor use model is as follows: Me (TBB in Ubuntu) ---> VPN ---> Tor (entry node) ---> Tor network I could, instead, do: Me (TBB Ubuntu VM) ---> VPN (configured in VM) ---> Tor (entry node) ---> Tor network However, from what I've read, there isn't really any advantages to using a VM unless the non-VM system has been compromised (e.g. trojan / rootkit / whatever). Also, one thing I'm unclear about is, if one is using a VM, whether a bridged or NAT'd connection is superior. The only difference I can see is that the bridge provides a 192.168.x.x address while the NAT provides a 10.0.2.x address. Both appear as the interface eth1. Any opinions? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
