You could also try to run whonix, which you can also use as a sort of sandbox.
Apr 2, 2019, 1:01 PM by npd...@zoho.com: > Hi Jim, > > Can you elaborate or give example on how to run a live CD/DVD for internet > access. > > One has to install an OS on the CD/DVD and there needs to be some means for > CD/DVD to access a network-specific firmware etc for using the internet, am I > right? > > > > > > ---- On Sat, 30 Mar 2019 00:13:43 -0700 Jim <> jimmy...@copper.net > <mailto:jimmy...@copper.net>> > wrote ---- > > > > Ben Tasker wrote: > >> >> >> But don't, please, follow the suggestion of using root for routine >> >> non-internet tasks. You should use privileged accounts only when you >> >> actually require that level of privilege. Also keep in mind that while >> >> malware running as an unpriviliged user cannot (generally) hose the system, >> >> it can still steal/corrupt whatever data that user has access to. Unless >> >> this is a shared system, you probably care more about that data than the OS >> >> files themselves. >> > > > > Ben is right about not using root for routine tasks. But you can > > still follow your original idea by creating one or more > > *nonprivileged* accounts for non-internet tasks. Even w/o using > > VMs you can block these accounts from *initiating* connections to > > the Internet with iptables rules. If you set up permissions > > correctly, then so long as malware does not achieve root level > > privilege the information in these non-internet accounts should > > remain safe. So you have a range of options from no VMs to fully > > isolated VMs on separate machines to running a live CD/DVD for > > internet access. > > > > HTH > > > > Jim > > > > > > -- > > tor-talk mailing list - mailto:> tor-talk@lists.torproject.org > <mailto:tor-talk@lists.torproject.org> > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > -- > tor-talk mailing list - > tor-talk@lists.torproject.org > <mailto:tor-talk@lists.torproject.org> > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
