Delivery-Date: Thu, 03 Jul 2014 09:27:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 54C921E048C
	for <archiver@seul.org>; Thu,  3 Jul 2014 09:27:05 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 201F62FAEC;
	Thu,  3 Jul 2014 13:26:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0039B2D704
 for <tor-talk@lists.torproject.org>; Thu,  3 Jul 2014 13:19:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id LklM7UYyXnOq for <tor-talk@lists.torproject.org>;
 Thu,  3 Jul 2014 13:19:17 +0000 (UTC)
Received: from mail.bitmessage.ch (mail.bitmessage.ch [146.228.112.252])
 by eugeni.torproject.org (Postfix) with SMTP id 8673A2C6B3
 for <tor-talk@lists.torproject.org>; Thu,  3 Jul 2014 13:19:17 +0000 (UTC)
Received: from 127.0.0.1 (BITMESSAGE [127.0.0.1]) by mail.bitmessage.ch
 ; Thu, 3 Jul 2014 14:48:17 +0200
Message-ID: <53B55107.5070004@bitmessage.ch>
Date: Thu, 03 Jul 2014 12:48:07 +0000
From: Tempest <tempest@bitmessage.ch>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <1404320578.38195.YahooMailBasic@web122401.mail.ne1.yahoo.com>
In-Reply-To: <1404320578.38195.YahooMailBasic@web122401.mail.ne1.yahoo.com>
Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Bobby Brewster:
> What are the benefits of running TBB in a VM? 
> 
> AIUI, there are two advantages.
> 
> 1.	If malware infects the VM, then just the VM is compromised. If your Windows/Mac/Linux system is infected, then your entire system is affected (yes, I realise that it should be only the user account for Linux unless you are root).
> 
> 2.	If your system is comprimised, your real IP cannot be discerned.  For example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP. 
> 
> Does this make sense?  Are there other benefits?  Any disadvantages?  Thanks. 

point 1 makes sense. it's not bullet proof. but, unless you are dealing
with malware that is designed to break out of the restrictions imposed
by a vm, you have spared yourself a headache. you can further mitigate
against such common malware risks by using a system of snapshots. while
not as ideal as a "live" configuration, after you set up your virtual
machine for use, you can make a snapshot of it and, after each completed
session, restore your vm from the snapshot. unless you received malware
designed to exploit a vm, this will result in the malware being gone the
next time you use the vm as well.

point 2 does not work.  any malware that phones home will show your ip
address in that configuration.  however, if you use something like
whonix, where you have a gateway vm that pushes all of your workstation
vm traffic through tor, you have another layer of protection against
malware with phone home capabilities.

-- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

