Been browsing the internet using VM's for years but available hardware is getting too old for this and now the host will have to be used for browsing, with browser sandboxing or even system sandboxing (deepfreeze).
If all personal data is kept encrypted in a VM from now on, and this VM has no access to the internet, and the host gets infected or owned by a hacker, then how can the host infection be prevented from spreading to the VM?
Can a hacker's keylogger running in the host make a recording of what I am typing inside the VM? And therefore steal the password typed to access truecrypt-encrypted personal data in the VM?
1) Well if you are sure that your VM is not yet infected, I would recommend you to take the backup of entire VM or, take snapshot of the current state.
Second, install any latest version of Antivirus programs ( Avast, macaffe ) .
And if you are concerned about keyloggers on host, connect a secondary keyboard to your guest directly. For Details, refer this Article
1) Well if you are sure that your VM is not yet infected, I would recommend you to take the backup of entire VM or, take snapshot of the current state.
Second, install any latest version of Antivirus programs ( Avast, macaffe ) .
And if you are concerned about keyloggers on host, connect a secondary keyboard to your guest directly. For Details, refer this Article
Thanks. Aren't there some .vmx options to completely isolate the VM from the host so no access to the (encrypted) VM is possible even if the hacker finds a way to disable antivirus software?
Yes there is. But it can be done in gui itself.
1) If you do not want internet connection in guest at all, change the network setting to host only.
2) Disable shared folders
3) disable drag and drop / copy and paste under guest sharing.
This way you can have total isolation
I was concerned with virtual hardware backdoors that vmware have put in to make VIX possible. Can this sort of thing be safely disabled?
avanish wrote:
Yes there is. But it can be done in gui itself.
1) If you do not want internet connection in guest at all, change the network setting to host only.
2) Disable shared folders
3) disable drag and drop / copy and paste under guest sharing.
This way you can have total isolation
You do not have total isolation because the Host Only Network is a path between Host and Guest and vice verse. Even disabling the NIC along with other things you mention doesn't completely isolate the VM if VMware Tools are installed since vmrun and or VIX API technically could be called into play.
What sites are you going to that has you so concerned!? In addition to normal best practices for safe surfing you might also employ the use of the free Norton DNS.