![]() If your browser is attacked by an 0day of any sort, or malware or whatever, it will have access to the shared credentials and information inside your browser. This means any and all cookies, shared logins, account access, tab information - is all game. That's where all the actual value is why would I care if it's inside a VM or not when I can get credentials to your mail provider from the browser itself and just exfiltrate? It doesn't matter if you restart the browser once or a million times anytime it has sensitive information, it is a target. Unless you plan to literally restart/wipe after every interaction with every domain in a separate same-origin policy where any sensitive information exposure occurs.īut if you're that careful, what is the VM really doing for you, and why the hell are you even exposing yourself that much? Just use Lynx or something. The real solution is this: Install Firefox, install noscript to nuke all javascript, install ublock too, and get a password manager. Selectively allow any webpage interactivity, as necessary. The world isn't a Tom Clancy novel so you don't actually need to do anything more than this to be very secure and on top of almost all active threats. Ultimately to achieve what we all actually want (strong isolation guarantees that would prevent a full browser exploit from both A) your SSH keys from getting stolen and B) also your gmail spool from being attacked, and let's be honest, B is the worst case scenario) requires a rethinking of the fundamental software stack from OS to user-visible applications. No amount of Browsers-in-a-VM are a substitute. You can't just say it could be bad one day therefore everyone should do now - that's just fear mongering not supportive reasoning. ![]() For instance it could be everyone falls victim to a hypervisor security bug so nobody should trust VM browsing. It could be everyone falls victim to a firmware big so nobody should trust reusing a device. ![]() At some point you have to accept that having the possibility of a bad scenario isn't enough on its own, it needs to be actually weighed and compared. certain high security businesses or certain high risk individuals that should consider higher security options (or in some cases regulation therefore). ![]() That it's certain conditions is precisely why it isn't for the vast majority though, if it were you wouldn't need to specify corner cases. Security is about judging how to stay as far up the curve as you can without it costing you more than you'd realistically lose to do so. It is not about closing every conceivable hole in your attack surface to achieve minimal risk. I'd also add there is a counter to the always increasing cost/reward ratio of targeting: the always decreasing amount of complexity of implementing the security mitigations for the "next level" of security. In a decade browsing via VM may be commonplace for the average user (though probably more persistently for that use case) and not require a thought to use. You can't just say it could be bad one day therefore everyone should do now That doesn't make it any different for today but it points out there is more than "threats have increased" that can change what's a reasonable place to be on the security curve.
0 Comments
Leave a Reply. |