Zorin VM (12.04) and mouse issue?

Just noticed something and wanted to bounce this off some folks here. I recently created a VM running in VirtualBox and using Zorin 6, which is a 12.04 based linux distro. It is amazingly similar in presentation to a windows desktop. I am developing this VM for a windows friend, but I am having fun with it too. The host system is Win 7 Pro. I have used a bunch of VMs but I have never seen what this one does.

I don't know if its because this distro of 12.04 is so window's like in configuration but I can move the mouse between the host and guest without having to click to change as I normally do with other VM's. Its very easy to go back and forth although when I am running a VM I tend to stay inside it most of the time. Why would my mouse be so free to move around in this configuration? Both the host and guest are clean and run great. The 12.04 VM is "hosting" the TBB and I am concealing as much personal machine hardware id as possible. While its very convenient to have a mouse working this freely, in my mind I am trying to make sure other info cannot pass freely between the host and guest. The configuration and parameters all look solid. Do I have anything to be concerned about regarding strictly this mouse thing?

 

Either install Guest Additions (which you should for better drivers, clipboard sharing, shared folders, unlimited resizable resolution, etc.) or change to this machine settings: General > System > Point Device> USB Tablet.

 

I have considered guest additions. My "pause" is to consider any security implications by adding those. While this linux VM is being used (specifically for TBB) I am going to want to concentrate on hardening any escapes from the guest to the host. My friend will not use Whonix, which I love, so that is out. I would be interested in hearing some thoughts on guest additions with respect SOLELY to security and not convenience. Also any recommended links for trying to lock down the VM for guest to host leaks would be appreciated. The VM is going to be used exclusively for TOR. So its either TOR hosted on the linux VM, or he is back on the 7 host. The machine/host is tunneled at all times so TOR use would be hidden from the ISP. I am trying to get him to setup a separate host OS and use it only to host the VM but for now that is perceived as over the top. Its tough to keep someone secure when they aren't "all in". LOL!!

 

You'll have to ask someone with inside knowledge for that, all I can think of is how clipboard sharing, drag'n'drop, and shared folders might be manipulated by the guest (especially if not read-only). Those features are opt-in though.

Have you tried my other suggestion? USB Tablet should work on most operating systems without adding much attack surface, if any. To change to widescreen and higher resolution without Guest Addfitions, try custom VESA resolutions. To share files, you can use a FTP server on the host.

 

No I have not tried these. Remember this setup is not for me so I need a really low maintenance user friendly scenario. Setting up the linux VM was pretty easy. Adding TBB and then having zero changes to the profile will make this guy stand out only as a typical TOR user. He knows to never log in using a password while in this VM. Just reading mostly. I wish I had never volunteered to do this. Live and learn.