Topic: Stop telling people that VMs could protect anything - page 2. (Read 9143 times)
as i asked above, wouldn't confining your browsing to the VM go a long way to protecting your wallet on the host?
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin.
Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users.
The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible.
yes. isolation.
there are more ways to achieve that than taking yourself off the network, though.
i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9?
so not much via email or downloads?
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin.
Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users.
The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible.
yes. isolation.
there are more ways to achieve that than taking yourself off the network, though.
i've given some recent thought to how malware is propagated. it's targeted to OSs and browsers. i wonder how much effort has been spent on writing the stuff for operating systems like... oh... Plan9?
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin.
Yes, but a VM is only a bad solution, a BSD system with a Windows guest wouldn't work for most users.
The only solution is a small isolated computer. Actually that computer could write transactions offline to a file, and the online-computer uses the transaction file only. Then no counterfeiting is possible.
from http://kerneltrap.org/OpenBSD/Virtualization_Security
The author was Theo de Raadt, (from the OpenBSD project)
Quote
> Virtualization seems to have a lot of security benefits.
You've been smoking something really mind altering, and I think you
should share it.
x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.
You've seen something on the shelf, and it has all sorts of pretty
colours, and you've bought it.
That's all x86 virtualization is.
You've been smoking something really mind altering, and I think you
should share it.
x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.
You've seen something on the shelf, and it has all sorts of pretty
colours, and you've bought it.
That's all x86 virtualization is.
The author was Theo de Raadt, (from the OpenBSD project)
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
that would be the first line of defense - that (especially pre-7) windows users have surrendered by default: not running as admin.
Use a separate user account for your bitcoin/wallet. Then (assuming your main user account doesn't have administrator privileges), any wallet stealing processes you may encounter won't be able to access the wallet.
so the same goes for the encrypted USB stick. when its plugged into the host and unencrypted, its wide open?
Yes. A program can just ask for files and the system will decrypt them automatically.
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
No, that's total rubbish. You don't understand anything, do you?
possibly more than you think.
dual boot two OSs on the same hard drive - one on the network, the other off. put a VM on the OS that is off the network.
explain how infecting the on-network machine could get to the off-network VM, installed on an encrypted partition?
When the VM is running, nothing is encrypted.
so the same goes for the encrypted USB stick. when its plugged into the host and unencrypted, its wide open?
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
No, that's total rubbish. You don't understand anything, do you?
possibly more than you think.
dual boot two OSs on the same hard drive - one on the network, the other off. put a VM on the OS that is off the network.
explain how infecting the on-network machine could get to the off-network VM, installed on an encrypted partition?
Oh, you do it the other way around. I already said that it would work this way, but it is a total waste.
i think the thing to keep in mind with VMs is that there really isn't any cross-platform malware. the browser-based stuff will infect any platform, but adapts to the platform it infects: the sophistication to reside (for example) on a windows machine, and look for a mac file system, isn't there.
i would suggest installing a VM of a different operating system, which also uses a different browser. for example:
on a windows host machine using internet explorer, install a VM of linux/firefox. on a mac/safari host, install windows/firefox. etc.
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
i would suggest installing a VM of a different operating system, which also uses a different browser. for example:
on a windows host machine using internet explorer, install a VM of linux/firefox. on a mac/safari host, install windows/firefox. etc.
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
seems to me that if you have a VM on board, its smart to do your browsing and email in the VM and have your bitcoin client on the host with your malware scanner/antivirus programs. in this scenario does having a USB key with the data directory plugged into the host side provide any further protection?
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
No, that's total rubbish. You don't understand anything, do you?
possibly more than you think.
dual boot two OSs on the same hard drive - one on the network, the other off. put a VM on the OS that is off the network.
explain how infecting the on-network machine could get to the off-network VM, installed on an encrypted partition?
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
No, that's total rubbish. You don't understand anything, do you?
Encryption only helps until you open the encrypted file or container yourself on an infected machine. At that point its just a matter of how smart the malware is.
i think the thing to keep in mind with VMs is that there really isn't any cross-platform malware. the browser-based stuff will infect any platform, but adapts to the platform it infects: the sophistication to reside (for example) on a windows machine, and look for a mac file system, isn't there.
i would suggest installing a VM of a different operating system, which also uses a different browser. for example:
on a windows host machine using internet explorer, install a VM of linux/firefox. on a mac/safari host, install windows/firefox. etc.
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
i would suggest installing a VM of a different operating system, which also uses a different browser. for example:
on a windows host machine using internet explorer, install a VM of linux/firefox. on a mac/safari host, install windows/firefox. etc.
one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that! has anybody tried that?
Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.
where do most trojans/viruses/malware come from; email or browsing?
I don't know, I haven't had Windows for a while.
are u implying Macs are much safer?
Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.
where do most trojans/viruses/malware come from; email or browsing?
I don't know, I haven't had Windows for a while.
are u implying Macs are much safer?
Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.
where do most trojans/viruses/malware come from; email or browsing?
I don't know, I haven't had Windows for a while.
Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).
It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.
It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.
Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.
where do most trojans/viruses/malware come from; email or browsing?
I was thinking about that, too. It should be perfect in principle. But to make it comfortable, we need to implement a lot and it takes a while until it all works safely.
Yeah, I mean I haven't really looked at the RPC stuff for Bitcoind at all... it could theoretically be done simply by generating the 100 addresses, sticking them in a DB in my billing software, then raping blockexplorer all day looking for those addresses - but that really wouldn't scale well.
I was thinking about writing up an RPC daemon which simply watched for transactions, reported them to the billing software and immediately shipped the money off to another box. But that has two downsides that immediately spring to mind: 1) it'll get eaten alive by transaction fees and 2) if the box running bitcoind gets owned, they could change the payout address and you may not notice until some BTC is gone.
I think not having the private keys anywhere online is a much more suitable idea.
It's just that the client software is so far from finished. It is not meant to be broadly used. The media attention brought a lot of users, but actually, it's too early for them.
There is not even a key export, or a feature that makes password-protected backup files that one could just carry around and store anywhere.
Jump to: