[clug] Whom could I approach to answer a Security question... How safe are Virtual M/c on
Stephen Boyd
bunyipr at gmail.com
Thu Oct 11 22:03:59 MDT 2012
On 12/10/2012, at 12:58, steve jenkin <sjenkin at canb.auug.org.au> wrote:
> Is there someone I can write to for good/definitive advice on a security
> question:
>
> Are programs (like a browser) running within a VM on a Windows m/c
> safe from being 'sniffed'?
>
No. The isolation provided by the VM will block some, but not all, attacks.
> Obviously, any sniffer program on the Host system will capture all
> input, but will it necessarily give away passwords and account/card numbers?
>
If the malware is a key logger it will capture everything entered by keyboard.
> Just how safe is it to give someone a Linux VM-image to run on their
> dodgy Winders box to do their banking and use on-line credit card?
>
If the host is owned, how can you trust anything running on it?
Best approach would be to have a secure hyperviser and launch a clean VM each time one needs to do banking etc. This is the approach used by qubes-os.org (doesn't yet support Windows VMs).
> I've thought of SANS and Auscert.
> Does anyone on-list know if they answer questions like that (by
> non-memebers)?
I wouldn't expect either to provide this type of advice for free.
>
> Is there someone/body that you can suggest I can ask my question of?
>
There are plenty of security forums and lists, but sorting the good advice from the noise might be an issue.
Stephen.
More information about the linux
mailing list