[clug] Whom could I approach to answer a Security question... How safe are Virtual M/c on

Stephen Boyd bunyipr at gmail.com
Thu Oct 11 22:03:59 MDT 2012

On 12/10/2012, at 12:58, steve jenkin <sjenkin at canb.auug.org.au> wrote:

> Is there someone I can write to for good/definitive advice on a security
> question:
>  Are programs (like a browser) running within a VM on a Windows m/c
> safe from being 'sniffed'?
No.  The isolation provided by the VM will block some, but not all, attacks.

> Obviously, any sniffer program on the Host system will capture all
> input, but will it necessarily give away passwords and account/card numbers?
If the malware is a key logger it will capture everything entered by keyboard. 

> Just how safe is it to give someone a Linux VM-image to run on their
> dodgy Winders box to do their banking and use on-line credit card?
If the host is owned, how can you trust anything running on it?

Best approach would be to have a secure hyperviser and launch a clean VM each time one needs to do banking etc.  This is the approach used by qubes-os.org (doesn't yet support Windows VMs).

> I've thought of SANS and Auscert.
> Does anyone on-list know if they answer questions like that (by
> non-memebers)?

I wouldn't expect either to provide this type of advice for free.
> Is there someone/body that you can suggest I can ask my question of?
There are plenty of security forums and lists, but sorting the good advice from the noise might be an issue.


More information about the linux mailing list