VM Page #1064
@@ -9,15 +9,15 @@
|
||||
|
|
||||
<ol>
|
||||
<li><strong>Choosing a strong hyperviser.</strong>
|
||||
```suggestion
<li><strong>Choosing a strong hypervisor</strong>
```
|
||||
<ul>
|
||||
<li>Use one that is [free software](https://www.wikipedia.org/wiki/Free_software) like QEMU</li>
|
||||
|
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
<li>Stay wary of KVM as it can be a security flaw.</li>
|
||||
|
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
<li>Use one that is href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li>
|
||||
|
There is a dot missing in the end while other lines end to a dot. There is a dot missing in the end while other lines end to a dot.
How about Virtualbox OSE/CE? I don't remember which name it is. I haven't used QEMU personally that I remember of. How about Virtualbox OSE/CE? I don't remember which name it is. I haven't used QEMU personally that I remember of.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If I remember properly, Virtual box uses non-free code for GPU exceleration. I've looked at others too, like GNOME (Linux) boxes and VMM (OpenBSD and UNIX-based OSes) but they only support a few platforms. XEN also looked promising, but if I remember properly they don't work on any LIbreboot laptop and many Coreboot machines as they require non-free code for the CPU. QEMU-kvm may require non-free code as well. If I remember properly, Virtual box uses non-free code for GPU exceleration.
I've looked at others too, like GNOME (Linux) boxes and VMM (OpenBSD and UNIX-based OSes) but they only support a few platforms.
XEN also looked promising, but if I remember properly they don't work on any LIbreboot laptop and many Coreboot machines as they require non-free code for the CPU.
QEMU-kvm may require non-free code as well.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
```suggestion
<li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU.</li>
```
|
||||
<li>Stay wary of KVM as it can be a security risk (accesses kernel).</li>
|
||||
|
Citation needed? Citation needed?
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
KVM's in general widen your attack surface. For more info just look up the micro vs monolithic kernel debate. KVM's in general widen your attack surface.
For more info just look up the micro vs monolithic kernel debate.
Gives you plenty of information and instances.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
<li>Choose one with managable settings like shared clipboard.</li>
|
||||
|
Is shared clipboard a secure setting? What if untrusted application from the VM copies a malicious script to your clipboard and you accidentally paste it to your root terminal or it includes Is shared clipboard a secure setting? What if untrusted application from the VM copies a malicious script to your clipboard and you accidentally paste it to your root terminal or it includes `sudo` while your sudo cooke is still in force? What do you mean with manageable settings here?
It is handy, but it generally should be turned off.
I mean that you (the user) should be able to control it. Not sure what edit your recommending (if any) :) > Is shared clipboard a secure setting?
It is handy, but it generally should be turned off.
> manageable settings
I mean that you (the user) should be able to control it.
__________
Not sure what edit your recommending (if any) :)
```suggestion
<li>Choose one with manageable settings like shared clipboard.</li>
```
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li><strong>Choosing an OS.</strong>
|
||||
```suggestion
<li><strong>Choosing an operating system</strong>
```
|
||||
<ul>
|
||||
<li>View our [OS section](https://www.privacytools.io/operating-systems/) for information on OSes that respect your privacy.</li>
|
||||
|
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
<li>View our <a href="https://www.privacytools.io/operating-systems/">OS section</a> for information on OSes that respect your privacy.</li>
|
||||
|
I wonder if this should directly tell hardware users to use Qubes and for VMs to pick Tails and then mention our OS section for other options? I wonder if this should directly tell hardware users to use Qubes and for VMs to pick Tails and then mention our OS section for other options?
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
Tails is proprietary, not generally a good OS for stuff like this (uses Debian
Qubes OS is iffy, it doesn't support most privacy focused hardware (Libreboot). It has non-free dependencies: https://github.com/QubesOS/qubes-issues/issues/5163 Tails is proprietary, not generally a good OS for stuff like this (uses Debian `non-free`).
- Whonix might be a good choice.
Qubes OS is iffy, it doesn't support most privacy focused hardware (Libreboot). It has non-free dependencies: https://github.com/QubesOS/qubes-issues/issues/5163
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
|
||||
|
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse. I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
If this is the general consensus, I'll remove it. If this is the general consensus, I'll remove it.
|
||||
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
If this is the general consensus, I'll remove it.
If this is the general consensus, I'll remove it.