Should virtual machines be used to protect home data?

Tpy6okyp2016-04-12 00:16:29

linux

Tpy6okyp, 2016-04-12 00:16:29

Good day!
The question is whether it is worth installing a clean distribution on the Linux kernel - by connecting only the official free repositories to it. And install virtual machines on this system, through which all the main activities on the computer will be carried out (surfing, movies, torrents, etc.) and a separate virtual machine for authentication (mail, etc.).

In simple terms: We have a main Fedora system with connected repositories with free software. On this system, kvm or Virtualbox was installed in which two OSes were installed for the above operations. Is the game worth the candle?

Answer the question

In order to leave comments, you need to log in

7 answer(s)

viiy, 2016-04-12
@Tpy6okyp

Costs.
Just use LXC instead of kvm and virtualbox.
Installation is a breeze and performance is comparable to a host system.
sudo lxc-create -n new-vm -t ubuntu - create a "new-vm" container with ubuntu.
The main profit is less garbage on the main system, you can update the software without fear that you will break something else.

index0h, 2016-04-12
@index0h

For development and experimentation, this is quite a good approach. At the expense of all other activities - it looks like paranoia, you still have a common input ip.
True, this paranoia can be developed a little if your virtual machines are:
* scattered around the world
* will not contain information about you
* will not contain information about each other
* in case of a hacking attempt, they will self-destruct at the iron level (for example, using industrial pyrotechnics)
* you you will use them from different places with different "one-day" devices
* use different secure communication channels
* you will use elements of steganography for messages.
In this case, revealing you will be quite laborious and expensive.
-- --
I almost forgot, be sure to take off your tinfoil hat before someone sees you, when without a hat - think about boobs and cats. If there were cases of mumbling in a dream - something needs to be done about it, you can give yourself away.

Sanes, 2016-04-12
@Sanes

We remember the "Elusive Joe" and follow the basic rules of hygiene. It's also good to get rid of paranoia.

alexq2, 2016-04-12
@alexq2

What is the point of all this? As soon as you entered the Internet, you were deanonymized. This is my purely personal opinion.

lovecraft, 2016-04-12
@lovecraft

Of course you can. It is better to use a specialized distribution - Qubes OS , in which each application runs in a separate VM. By the way, this is what the lead developer looks like

xmoonlight, 2016-04-12
@xmoonlight

I do not advise you to keep the system for working with mail on this PC.
It is best to use "cloud" remote access - much safer.

Andrew, 2016-04-12
@OLS

Costs.
All work with potentially dangerous code must be done in a virtual machine. The host machine should not have access to the Internet at all (through an iron firewall).
Plus, do not forget the rules of the SRP model: the user cannot modify the directories from which the code is run; the user cannot run code from directories to which they have write permission.