3

I read from a computer security expert that if you really want to keep your personal data safe, don't connect your computer to the internet, as everything can be hacked.

The more I think about it, it is really insane that I use the same OS for internet-use as I do for things that are never ever intended for online sharing. Even if all software were to have zero security flaws, it would STILL only be a couple of clicks of human stupidity to accidentally chose to upload the wrong item to the internet, instead of uploading a clients final product, I might accidentally click on wrong folder to upload my secret source codes, my diary or my sex-tapes that I've sworn to keep secure.

After much research I came to the conclusion that VM is what I want. So I've now set up my Host OS to be my lifes command center, completely disconnected from any internet access, and a VM (Windows 7 VirtualBox) for all my internet activities.

Sure the VM communicates with the host through a shared folder (one only intended for files with public intention) as well as any potential software flaws, but I consider these risks to be severely more unlikely. Something would have to be leaked from the host as well as leaked from the internet-connected-VM, highly unlikely since my VM is also following strict security measures.

Upon near completion of this goal however I've came the the shocking surprise, that when I finally disconnect my host from the network adapter, my VM also gets disconnected. Which I've since read is normal, you normally let your VM's piggyback on your host's connection.

However like I said I want my host to be disconnected, How can I do this? The only solution I have found is to run wifi from a external usb, but that solution is unacceptible unfortunately.

Timman
  • 35

3 Answers3

3

First use bridged mode to connect the VM to the network. That means that the VM is only reliant on the ethernet level functionality in the host and not relying on the IP level functionality.

Then on the host you need to block the internet connection without completely disabling the adaptor. One method would be to assign the host a static IP that is outside the range normally used on your LAN and with no default gateway. It may also be possible to disable TCP/IP for the adaptor completely.

plugwash
  • 6,193
  • Thanks, I tried it and for cable it works great! I can't get bridged mode to work at all for wireless and I'm not sure if II can make a cable-only commitment right now, but I'm experimenting with new wifi drivers and stuff now to see if I can get it working. – Timman Jan 30 '16 at 03:19
  • Having fixed the bridge issue, I can now try the same technique on wifi and even there it works! Thanks! – Timman Jan 30 '16 at 05:07
2

What you are trying to do is pretty strange. If your internet activities are that delicate, you should simply dual boot your PC with another, safe OS like Tails and use a shared partition to exchange data.

You can in theory tunnel your internet connection through your host OS to the VM and isolate your host completely, but that's an extreme effort. Also it's not really more secure as your host is definitely connected to the internet anyways. The other way around would be far easier, having your VM isolated from the internet.

AdHominem
  • 468
  • "The other way around would be far easier, having your VM isolated from the internet." I considered that, but: a) I prefer to have a VM be potentially breached than my host. For example a host keylogger would span both, whereas a VM keylogger would only damage the VM. b) The host runs significally faster, so it's a better place for my offline activities like movie editing, compiling source code, doing 3d renders.

    Dual boot would be too cumbersome unfortunately, everytime I want to see if my client responded to my mail I would have to reboot my computer.

     – Timman Jan 30 '16 at 01:34
0

First, make sure your VM is using nonpersistent disks except when upgrading it/patching it (i.e. when you shut the VM down, all changes that session - including viruses - are gone). I'd also switch over to VMWare Player from the Windows product.

Second, you're best off using a Linux VM, not a Windows VM - then you'd have to get hit with malware that can successfully attack Linux, then get through to the VM host, then attack Windows, the VM host.

Third, what you actually want here is a USB to Ethernet or USB Wifi adapter; connect the USB device to your VM directly, thus the guest has internet access through the adapter, instead of the host.

I've used a Startech USB31000S USB3.0 to Gigabit Ethernet adapter with both Linux and Windows, and a J5Create JUE303 802.11ac SISO adapter for Wifi successfully. I've also used Alfa USB Wifi adapters with serious antennas very successfully for long distance Wifi communications.

Anti-weakpasswords
  • 532
  • 3
  • 10