[tor-talk] Designing a secure "Tor box" for safe web browsing?

[Maxim Kammerer]

On Mon, Mar 26, 2012 at 00:52, intrigeri <intrigeri at boum.org> wrote:
> I'm curious about what resources proved to be limiting during your
> experiments, and what "too demanding" means in your usecases.

Well, Intel VT / AMD-V virtualization extensions are rarely available
on laptops, and without these extensions (accessible, e.g., via KVM),
running a virtualized instance is extremely slow (startup time is also
very high if only doing that for specific applications, even with
KVM). There are also RAM requirements — how much do you allocate? This
needs to be decided in advance, regardless of how much memory the user
needs for performing the task in the VM.

> I would be happy to learn why you consider this is pointless.

Relying on such (intrinsically complex) VM separation for security of
specific applications means that you don't trust your system to
perform basic tasks like user privileges separation (e.g., when unsafe
browser is run under dedicated user credentials). This is somewhat
contradictory. For tasks like abstracting network interfaces and other
hardware, the user can run everything in a VM by themselves — why
force it on everyone? For approaches like Qubes OS, see my comment
here: https://forum.dee.su/topic/gui-isolation.

-- 
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)