Delivery-Date: Wed, 02 Jul 2014 17:27:15 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DC6381E0CA0
	for <archiver@seul.org>; Wed,  2 Jul 2014 17:27:10 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8D8B12C42A;
	Wed,  2 Jul 2014 21:27:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 09EC42C2D9
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 21:19:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id V0Mb8DbvS5mO for <tor-talk@lists.torproject.org>;
 Wed,  2 Jul 2014 21:19:45 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D6BFB2BC12
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 21:19:45 +0000 (UTC)
Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id DDCFC50B74
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 14:19:42 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mikewolf@fruiteater.riseup.net)
 with ESMTPSA id 66D788F9
Message-ID: <53B4776E.8050709@riseup.net>
Date: Wed, 02 Jul 2014 17:19:42 -0400
From: Michael Wolf <mikewolf@riseup.net>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <1404320578.38195.YahooMailBasic@web122401.mail.ne1.yahoo.com>
In-Reply-To: <1404320578.38195.YahooMailBasic@web122401.mail.ne1.yahoo.com>
X-Enigmail-Version: 1.6
OpenPGP: id=CA6A1F17
Subject: Re: [tor-talk] Benefits of Running TBB in a VM?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 7/2/2014 1:02 PM, Bobby Brewster wrote:
> What are the benefits of running TBB in a VM? 
> 
> AIUI, there are two advantages.
> 
> 1.	If malware infects the VM, then just the VM is compromised. If your Windows/Mac/Linux system is infected, then your entire system is affected (yes, I realise that it should be only the user account for Linux unless you are root).
> 
> 2.	If your system is comprimised, your real IP cannot be discerned.  For example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP. 
> 
> Does this make sense?  Are there other benefits?  Any disadvantages?  Thanks. 
> 
#1 -- Unless the malware breaks out of the VM. [1]

#2 -- Not true.  You're assuming the malware is looking at your IP
address and then reporting it.  Well, it may... but the act of
connecting to another server to report your IP address exposes your
actual public IP address.

BTW, 192.168.1.50 is *also* not the IP address assigned by your ISP,
it's a local NAT address given out by your router.  If you could hide
behind NAT, you'd already be safe :)


-- Mike


[1]http://www.darkreading.com/risk/hacking-tool-lets-a-vm-break-out-and-attack-its-host/d/d-id/1131254?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

