Is that just like running a .iso "live" in a virtualbox without installing? Should one just update the web browser and make sure it is secure?Mattyboy wrote:Just use a none-persistent ( after you've updated it ) Linux VM for banking if it really concerns you.
Using a live system for banking is something, what you can often read. IMO a bad advice, as the software is far away from current security patches. Updating the browser would be the very minimum measurement, but in the days of Spectre and Meltdown not enough. And obviously updating the kernel is impossible on a live system.Marziano wrote:Is that just like running a .iso "live" in a virtualbox without installing? Should one just update the web browser and make sure it is secure?
Am I right in assuming that an installed OS in VB can be equally vulnerable as the same OS installed already in the host? Or...?Cosmo. wrote: Using a live system for banking is something, what you can often read. IMO a bad advice, as the software is far away from current security patches. Updating the browser would be the very minimum measurement, but in the days of Spectre and Meltdown not enough. And obviously updating the kernel is impossible on a live system. I wrote already in the past on several places, that this is a not a good advice, nowadays it is a disaster.
Yes.Marziano wrote:Am I right in assuming that an installed OS in VB is equally vulnerable as the same OS installed already in the host?
Can you please rephrase; I don't understand this question.Marziano wrote:Anyhow what one does within the VB is of importance also here, right?
I mean, since even an installed OS in the VB is equally vulnerable as the one in the host, then the same security thinking and measures must be applied even there. Otherwise you are equally exposed to "dangers" even in there.Cosmo. wrote:Can you please rephrase; I don't understand this question.Marziano wrote:Anyhow what one does within the VB is of importance also here, right?
If you mean, if assumed attacks do also affect the host: Well that depends from several conditions. E. g. if you use a shared ciipboard for host and guest.
Kinda. A live version however isn't updated. The 18.3 ISO for example comes with the older Kernels. Switch between persistence and none persistence the former for updating, update manager, only the latter for when you wish to go online/Browser etc.Marziano wrote:Is that just like running a .iso "live" in a virtualbox without installing? Should one just update the web browser and make sure it is secure?Mattyboy wrote:Just use a none-persistent ( after you've updated it ) Linux VM for banking if it really concerns you.
Correct. If you use the same OS as host and guest, you have to apply all security fixes on both.Marziano wrote:I mean, since even an installed OS in the VB is equally vulnerable as the one in the host, then the same security thinking and measures must be applied even there. Otherwise you are equally exposed to "dangers" even in there.
@cosmo seems to be of another opinion regarding the use of non-persistence when it comes to online activities like banking for example.Mattyboy wrote: Kinda. A live version however isn't updated. The 18.3 ISO for example comes with the older Kernels. Switch between persistence and none persistence the former for updating, update manager, only the latter for when you wish to go online/Browser etc.
I don't even use third party anti virus programs on my Windows. Windows defender, a user account and a properly set up browser and that's it. Never had an issue. There's no replacement for common sense and basic education to avoid falling into traps.
Please correct me if I got it wrong. Everything here applies to what is going on in the VB, no? So you make an snapshot of the machine at a point when everything is stable and fine and the you go on doing all those weird things you do and if/when things go wrong you just restart the machine from the snapshot. Right?Cosmo. wrote: At second you can create in VB snapshots for the guests. So it is very easy to revert completely, if something should really go wrong. I use this sometimes to do really weird things for experimenting. If I have set a snapshot beforehand and the system gets really unusable I simply revert to the snapshot and I am back in business.
Cosmo. wrote:
More technically: If you create a snapshot, VB creates a so called differential drive. The original virtual hard drive does now only get used for reading, all changes get written to the differential drive. If you now revert to the snapshot, the differential drive gets no longer used by VB and so it reads again all from the original virtual hard drive.
Snapshots can get created as often as you want - and as long, as you have enough room on the drive of the host. So you can even go forward and backwards to all existing snapshots.
Not really an opinion to be fair, more a suggestion or 'making you aware'. I don't do it, I don't feel I need to. I'm comfortable with online banking, making purchases etc on my daily Linux install. I wouldn't do it on my Windows install because I feel less secure ( regardless of if I were running anti virus or not ) .. not to mention M$ know everything I do on that machine and send the telemetry off to the wild. Who knows where, what and to whom?Marziano wrote:@cosmo seems to be of another opinion regarding the use of non-persistence when it comes to online activities like banking for example.Mattyboy wrote: Kinda. A live version however isn't updated. The 18.3 ISO for example comes with the older Kernels. Switch between persistence and none persistence the former for updating, update manager, only the latter for when you wish to go online/Browser etc.
By the way, can a system like Tails be an alternative. If I am not mistaken an installed Tails on USB is updatable/upgradable.
.
This is really interesting! Is this done once you have already installed the guest OS?Cosmo. wrote: VB can even use write-through drives. Example: You create a separate virtual drive to place home inside, than make it write-through. If you now go back to an stored snapshot this write-through drive does not get reverted. Now it would behave similar to a Windows restore point or as TimeShift in Linux.
You are so right! I just got carried away in the other thread by all the interesting topics that popped up. AVs, security, vulnerabilities and ...P. S. I just saw the post by Moem, which is correct. Can you move those posts to a separate thread (e. g. in the virtualization board)? I think, that the discussion by itself would be worth it.
You are right, it was a bit unfortunate wording from my side. I understood Cosmo was pointing out the security risks involved even in such a procedure.Mattyboy wrote:Not really an opinion to be fair, more a suggestion or 'making you aware'.Marziano wrote: @cosmo seems to be of another opinion regarding the use of non-persistence when it comes to online activities like banking for example.
Yes, I've learned to pay attention to these things. One thing that I still have to learn or rather get used to, is to do everything in a new surrounding which is that of Linux.Just make sure you're updated, using browsers that are reliably updated ( Firefox ) and you see the https padlock symbol on any page you enter private information into.... and that, on Linux, is that.
There was this thread viewtopic.php?f=58&t=262833 with the following link to an article on the subject of privacy and/or security:.. not to mention M$ know everything I do on that machine and send the telemetry off to the wild. Who knows where, what and to whom?
This does not care. In practical sense you will do it mostly afterwards. The point is, that you need to have for a VM more than 1 virtual drive. (Having several partitions on the same virtual drive is not enough, as the drive gets set to write through state, not a partition.) The setting gets done in the manager for virtual drives (ctrl-d from the VB manager) via the change icon. third option in the sub-dialog.Marziano wrote:This is really interesting! Is this done once you have already installed the guest OS?
Installing Mint with ubiquity does not work differently in a VM than on bare metal. That means, you go via "something else" in the Mint installer.Marziano wrote:I have just done a "traditional" install of 18.3 and just let Ubiquity take care of everything. Though I did try to create /, /home and swap with Gparted prior to the installation but the installer somehow refused to recognize the partitions which I could't understand why.
You mean sudoing from the guest?Marziano wrote:The only additional thing was to a have a shared folder with my host. I have this separate "Storage" partition which I wanted to share with the guest and even though it is mounted automatically, it always denies me access. I have to sudo-open it with Thunar.
