Safe Browsing - VM vs Portable apps

Discussion in 'sandboxing & virtualization' started by mrchip, Mar 8, 2012.

Thread Status:
Not open for further replies.
  1. mrchip

    mrchip Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    2
    I would like to increase my security for online banking and other sites. I also would like to prevent attacks on my system. I have 3 solutions I am contemplating.

    1) use a portable app, on a write protected stick, that fires up a browser like firefox and do online banking / secure website. Does the portable app still use the machines OS? If so am I any safer than just using the installed broswer. If the o/s is compromised with hijackers/malware will it be just like using the browser in the o/s?

    2) use a virtual machine load small linux distro and fire up a browser. I know this route would protect my system from infected sites and attacks once I shut down the virtual machine (providing I didn't save the state) but does it work the opposite way? If my machine is already infected & I open up the vm am I at risk of the main o/s infection capturing infromation from the vm?

    3) Booting from a live cd (write protected flash drive) This is my last option and frankly a pain as I often do a lot of research and don't like closing all my programs to reboot into a "safe" o/s of a thumbdrive.

    What are your thoughts? Is the portable apps the same as running a virtual machine without the overhead? Is there a way to protect your browsing if your infected?

    Thanks
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Portable apps still interact with the OS. Any vulnerability in a portable app can affect the system they're plugged into. They're more for convenience than security.

    The virtual option is good, especially if you don't save changes. If the host is infected, it can access the virtual system to a degree, screen capture and keyloggers being examples. The host also handles all the traffic. If the host system is compromised, how secure the virtual system is doesn't really matter.

    The live CD is the most secure, but depending on the tools you use for research, it can be inconvenient. You might look into building your own live CD or flash drive that has the tools you need on it and eliminate the need to switch completely.
     
  3. mrchip

    mrchip Registered Member

    Joined:
    Mar 8, 2012
    Posts:
    2
    That's what I thought...nice to have a 2nd confirm this
    I understand the keyloggers and screen capture problems. Would a virtual keyboard in the VM overcome the keylogger issue? I'm assuming the screen loggers take snapshots every "x" minutes so the likely hood of capturing a mouse clicking a series of virtual keyboard strokes would be "improbable"? Am I correct in this thinking?
    If the host is infected and the vm has established an encrypted connection to a bank or other encrypted site. Wouldn't the infected host only see the encrypted packets pass through it? Kind of like if one of the servers on your way to a bank/encrypted site has been compromised.
    I agree the live cd is the most secure...I just hate the thought of having to close my system down to reboot a live cd into the bank site for a 2 minute account lookup then reboot back into my main system and restart all my programs I previously had open.

    Thanks for the reply
     
    Last edited: Mar 9, 2012
  4. badkins79

    badkins79 Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    60
    Location:
    Maryland
    A virtual keyboard would mitigate problems from a keylogger but not a screen capture spyware. A screencap may do captures every x minutes, but they could also do every mouse click or every keypress.

    Yes if you are using an encrypted connection with a trusted root certificate to a website, an infected host would not be able to snoop your data en route.

    Yeah like most security solutions, the more secure, the more hassle. And even the live cd isn't bulletproof.
     
Loading...
Thread Status:
Not open for further replies.