[clug] Whom could I approach to answer a Security question... How safe are Virtual M/c on

Angus Gratton gus at projectgus.com
Thu Oct 11 21:38:40 MDT 2012


Hi Steve,

On Fri, 12 Oct 2012 12:58:45 +1100
steve jenkin <sjenkin at canb.auug.org.au> wrote:
>   Are programs (like a browser) running within a VM on a Windows m/c
> safe from being 'sniffed'?
> 
> Obviously, any sniffer program on the Host system will capture all
> input, but will it necessarily give away passwords and account/card numbers?

As you say, if something's keylogging on the host system then I'm
pretty sure it's going to hook the Windows keyboard events as they
come into the host, before they get to the VM guest. So if you type
passwords and account/card numbers, I'm pretty sure it'll see them.

If someone's really smart they can even hook the VM host process
and poke around in the "physical" memory of the VM itself to get at
absolutely anything in there, but your run of the mill malware probably
doesn't need that to get what they want.


> Just how safe is it to give someone a Linux VM-image to run on their
> dodgy Winders box to do their banking and use on-line credit card?

Assuming you can't teach them to keep their Windows box free of
malware, how about:

- A USB-based live image they can boot standalone. Recent live images
let you allocate space for persistent changes so you can easily give
them something that will remember browser history, bookmarks, etc.

- Swapping the order so Linux runs as the host and Windows runs in
the guest (assuming they have Windows-only programs they need to run,
but aren't opposed to learning to use Linux for browser/email/whatever.)

Hope this helps,

- Angus


More information about the linux mailing list