Live CD under Virtualization

Discussion in 'sandboxing & virtualization' started by Serapis, Jan 26, 2012.

Thread Status:
Not open for further replies.
  1. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    On a physical machine, using livecds ensures that the computer is safe because it's a read only medium. This also makes it optimum for privacy. In a virtual machine however, can this be done? Disabling the pagefile in this case seems imperative. But is this enough? Does caching to host I/O need to be disabled too?

    This assumes that the host is completely clean. The idea here is to prevent debris from the Guest session from being transferred to host at any given time.
     
  2. BrandiCandi

    BrandiCandi Guest

    You can configure a virtual machine to be non-persistent. You can also take snapshots of a known good configuration, then you can just revert back to the snapshot every time you restart it. (That's the part I love about virtualization- you can irreversibly break a machine and simply revert to a snapshot in seconds to save it.)

    You have networking choices: you can isolate the guest, link it to only the host, or network the guest with your LAN.

    Your presupposition is a live CD (and possibly virtualization) would be good security measures in general? I guess I don't really see how. How do they prevent browser exploits? If someone gets your email login & password they don't need your OS to be persistent to (say) use your email account to send spam to your contacts. In that sense you would have "debris from the Guest session transferred to host."
     
  3. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    What I meant was a way to prevent the live cd iso session from writing anything to the hdd during operation. This is to prevent any files from being recovered for privacy reasons.

    It's not possible from what I've heard, since running a live os in a virtualizer means that there is no way to control what the host OS could cache to disk. From another thread on Wilders its also apparent that a live cd running on baremetal, there is evidence of writes to the hdd even though it was in an inhert state. https://www.wilderssecurity.com/showpost.php?p=2008865&postcount=5
     
  4. BrandiCandi

    BrandiCandi Guest

    Oh, it's a privacy thing. That's not my forte at all, sorry. I guess you could write zeros on the free space of your computer after every session you want to keep private. That would be fantastically time-consuming and would only cover up stuff that was deleted. If there was something left that you didn't delete then it would persist.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,703
    You can configure a live CD virtual machine without a disk.
    And then nothing gets written. As simple as that.
    Mrk
     
  6. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    @ Mrkvonic

    So there would be no data that windows keeps about live cd use under VirtualBox?

    Another last important point that I re-bringing up if you don't mind:
    What about the Use host I/O cache option? Does that save sensitive info to disk? I am not really sure as to what this option does by default and would like to know if I should just disable it in case.
     
  7. BrandiCandi

    BrandiCandi Guest

    I just read the virtualbox manual regarding host I/O caching. (Have you seen it? It's here). It appears that virtualbox uses host I/O caching when the guest writes to the disk. Seems to me that if you never write to the disk then host I/O caching wouldn't be used.

    But it would be nice to hear from someone who has a lot more experience than I regarding this.
     
  8. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    I had come across it before, but didn't understand it until your explanation. Thanks BrandiCandi!
     
Loading...
Thread Status:
Not open for further replies.