Bitcoin Forum
December 06, 2016, 06:13:06 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Stop telling people that VMs could protect anything  (Read 8425 times)
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 03:14:58 PM
 #1

If you set up a guest VM on a host computer, the programs in the guest VM can not (easily) attack the host computer.

But in the other direction, it is not true. Programs on the host machine can just manipulate the guest VM, e.g. just modify the disk image file.

Thus, a guest machine for bitcoin does not make sense at all (at least when the intended goal is protection).




But a hint may help:
A wallet file does not have to be online to receive money. You can just create a wallet on a offline computer and use the addresses.
Only if you want to spend money from that wallet, it has to be taken to an online machine.

Misspelling protects against dictionary attacks NOT
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 11, 2011, 03:26:05 PM
 #2

If you set up a guest VM on a host computer, the programs in the guest VM can not (easily) attack the host computer.

But in the other direction, it is not true. Programs on the host machine can just manipulate the guest VM, e.g. just modify the disk image file.

Thus, a guest machine for bitcoin does not make sense at all (at least when the intended goal is protection).




But a hint may help:
A wallet file does not have to be online to receive money. You can just create a wallet on a offline computer and use the addresses.
Only if you want to spend money from that wallet, it has to be taken to an online machine.

tell me how VMWare Fusion with Win 7 works on a Mac.  same principle?  in this situation, would u put the client on the Mac or Windows side?
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
June 11, 2011, 03:29:20 PM
 #3

It ups the bar (malware can't just look in common locations for wallet.dat, it would have to understand that a VM is there and how to look at the FS in the VM), but you're right - VMs/jails/zones/sandboxes/whatever are only really any use to protect the host from the jail... there is nothing protecting the jail from the host.

A wallet file does not have to be online to receive money.

I was thinking about this for securely processing BTC transactions in an automated fashion... I wonder if it's possible to hack up bitcoind to watch addresses it doesn't possess the private key for?

I create a new wallet, generate say, 100 addresses, and dump the public keys for them all. I setup bitcoind on my billing server, and feed it those 100 addresses. My billing software talks to it when someone wants to make a payment, and it hands them one of the addresses not in use. bitcoind reports confirmed payments to those addresses back to my billing software, which credits the account appropriately. A script checks, to complain very loudly, when it gets below a certain threshold of free addresses.

Then the only time the wallet needs to be opened and vulnerable is when I'm transferring money out to spend it, or when I'm generating new addresses. It could spend the rest of the time on a USB key in a safe.

Would that work that way, or am I missing some showstopper?

^_^
ripper234
Legendary
*
Offline Offline

Activity: 1260


Ron Gross


View Profile WWW
June 11, 2011, 03:29:24 PM
 #4

Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).

It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.

It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.

Please do not pm me, use ron@bitcoin.org.il instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 03:31:13 PM
 #5

It doesn't matter.

VMWare is designed to protect the host from the guest. That's not what you need when talking about using VMs for bitcoin.


You could use it the other way around: Install a minimal operating system on the computer hardware, and then add a VM for all the unsecure fun stuff (games, browsing etc.). But that wouldn't work well, because it is the fun stuff what requires so much ressources.

Misspelling protects against dictionary attacks NOT
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 03:34:16 PM
 #6

It ups the bar (malware can't just look in common locations for wallet.dat, it would have to understand that a VM is there and how to look at the FS in the VM), but you're right - VMs/jails/zones/sandboxes/whatever are only really any use to protect the host from the jail... there is nothing protecting the jail from the host.

A wallet file does not have to be online to receive money.

I was thinking about this for securely processing BTC transactions in an automated fashion... I wonder if it's possible to hack up bitcoind to watch addresses it doesn't possess the private key for?

I create a new wallet, generate say, 100 addresses, and dump the public keys for them all. I setup bitcoind on my billing server, and feed it those 100 addresses. My billing software talks to it when someone wants to make a payment, and it hands them one of the addresses not in use. bitcoind reports confirmed payments to those addresses back to my billing software, which credits the account appropriately. A script checks, to complain very loudly, when it gets below a certain threshold of free addresses.

Then the only time the wallet needs to be opened and vulnerable is when I'm transferring money out to spend it, or when I'm generating new addresses. It could spend the rest of the time on a USB key in a safe.

Would that work that way, or am I missing some showstopper?

I was thinking about that, too. It should be perfect in principle. But to make it comfortable, we need to implement a lot and it takes a while until it all works safely.

Misspelling protects against dictionary attacks NOT
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 03:35:30 PM
 #7

Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).

It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.

It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.

Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.

Misspelling protects against dictionary attacks NOT
elggawf
Sr. Member
****
Offline Offline

Activity: 308



View Profile
June 11, 2011, 03:37:58 PM
 #8

I was thinking about that, too. It should be perfect in principle. But to make it comfortable, we need to implement a lot and it takes a while until it all works safely.

Yeah, I mean I haven't really looked at the RPC stuff for Bitcoind at all... it could theoretically be done simply by generating the 100 addresses, sticking them in a DB in my billing software, then raping blockexplorer all day looking for those addresses - but that really wouldn't scale well.

I was thinking about writing up an RPC daemon which simply watched for transactions, reported them to the billing software and immediately shipped the money off to another box. But that has two downsides that immediately spring to mind: 1) it'll get eaten alive by transaction fees and 2) if the box running bitcoind gets owned, they could change the payout address and you may not notice until some BTC is gone.

I think not having the private keys anywhere online is a much more suitable idea.

^_^
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 03:43:43 PM
 #9

I was thinking about that, too. It should be perfect in principle. But to make it comfortable, we need to implement a lot and it takes a while until it all works safely.

Yeah, I mean I haven't really looked at the RPC stuff for Bitcoind at all... it could theoretically be done simply by generating the 100 addresses, sticking them in a DB in my billing software, then raping blockexplorer all day looking for those addresses - but that really wouldn't scale well.

I was thinking about writing up an RPC daemon which simply watched for transactions, reported them to the billing software and immediately shipped the money off to another box. But that has two downsides that immediately spring to mind: 1) it'll get eaten alive by transaction fees and 2) if the box running bitcoind gets owned, they could change the payout address and you may not notice until some BTC is gone.

I think not having the private keys anywhere online is a much more suitable idea.

It's just that the client software is so far from finished. It is not meant to be broadly used. The media attention brought a lot of users, but actually, it's too early for them.

There is not even a key export, or a feature that makes password-protected backup files that one could just carry around and store anywhere.

Misspelling protects against dictionary attacks NOT
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 11, 2011, 03:45:42 PM
 #10

Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).

It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.

It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.

Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.

where do most trojans/viruses/malware come from; email or browsing?
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 03:46:31 PM
 #11

Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).

It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.

It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.

Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.

where do most trojans/viruses/malware come from; email or browsing?

I don't know, I haven't had Windows for a while. Tongue

Misspelling protects against dictionary attacks NOT
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 11, 2011, 03:52:25 PM
 #12

Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).

It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.

It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.

Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.

where do most trojans/viruses/malware come from; email or browsing?

I don't know, I haven't had Windows for a while. Tongue

are u implying Macs are much safer?
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 04:01:46 PM
 #13

Hosting a VM does provide an advantage of obscurity.
99.9% of the people with bitcoin wallets will not use VMs, therefore most BTC-stealing malwares will not target VMs (even if it's "easy", you still need to target a VM specifically when trying to steal wallets from it. A simple approach of scanning your HD for "wallet.dat" will not find it if it's encoded in a VM filesystem).

It's not a good solution, but it adds one more layer of abstraction an attacker has to get over.

It's a good thing to do until your BTC are worth enough $ to make you buy a dedicated machine for BTC access, that will be "100%" malware free.

Yes, of course it is a way of obscuring, but the wasting of ressources is huge. You could have such an effect much cheaper.

where do most trojans/viruses/malware come from; email or browsing?

I don't know, I haven't had Windows for a while. Tongue

are u implying Macs are much safer?
Macs are much worse.

Misspelling protects against dictionary attacks NOT
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
June 11, 2011, 04:04:24 PM
 #14

i think the thing to keep in mind with VMs is that there really isn't any cross-platform malware.  the browser-based stuff will infect any platform, but adapts to the platform it infects: the sophistication to reside (for example) on a windows machine, and look for a mac file system, isn't there.

i would suggest installing a VM of a different operating system, which also uses a different browser.  for example:

on a windows host machine using internet explorer, install a VM of linux/firefox.  on a mac/safari host, install windows/firefox.  etc.

one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that!  has anybody tried that?
Dude65535
Full Member
***
Offline Offline

Activity: 126


View Profile
June 11, 2011, 04:08:54 PM
 #15

Encryption only helps until you open the encrypted file or container yourself on an infected machine. At that point its just a matter of how smart the malware is.

1DCj8ZwGZXQqQhgv6eUEnWgsxo8BTMj3mT
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 04:11:16 PM
 #16

one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that!  has anybody tried that?

No, that's total rubbish. You don't understand anything, do you?

Misspelling protects against dictionary attacks NOT
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126


View Profile
June 11, 2011, 04:15:28 PM
 #17

one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that!  has anybody tried that?

No, that's total rubbish. You don't understand anything, do you?

possibly more than you think.

dual boot two OSs on the same hard drive - one on the network, the other off.  put a VM on the OS that is off the network.

explain how infecting the on-network machine could get to the off-network VM, installed on an encrypted partition?
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 11, 2011, 04:15:32 PM
 #18

i think the thing to keep in mind with VMs is that there really isn't any cross-platform malware.  the browser-based stuff will infect any platform, but adapts to the platform it infects: the sophistication to reside (for example) on a windows machine, and look for a mac file system, isn't there.

i would suggest installing a VM of a different operating system, which also uses a different browser.  for example:

on a windows host machine using internet explorer, install a VM of linux/firefox.  on a mac/safari host, install windows/firefox.  etc.

one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that!  has anybody tried that?

seems to me that if you have a VM on board, its smart to do your browsing and email in the VM and have your bitcoin client on the host with your malware scanner/antivirus programs.  in this scenario does having a USB key with the data directory plugged into the host side provide any further protection?
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 11, 2011, 04:16:29 PM
 #19

one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that!  has anybody tried that?

No, that's total rubbish. You don't understand anything, do you?

possibly more than you think.

dual boot two OSs on the same hard drive - one on the network, the other off.  put a VM on the OS that is off the network.

explain how infecting the on-network machine could get to the off-network VM, installed on an encrypted partition?

When the VM is running, nothing is encrypted. You can just copy the private keys from main memory.

Oh, you do it the other way around. I already said that it would work this way, but it is a total waste.

Misspelling protects against dictionary attacks NOT
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 11, 2011, 04:17:46 PM
 #20

one thing i haven't tried is installing a VM into a TrueCrypt partition - no way an infected/compromised host is going to get at that!  has anybody tried that?

No, that's total rubbish. You don't understand anything, do you?

possibly more than you think.

dual boot two OSs on the same hard drive - one on the network, the other off.  put a VM on the OS that is off the network.

explain how infecting the on-network machine could get to the off-network VM, installed on an encrypted partition?

When the VM is running, nothing is encrypted.

so the same goes for the encrypted USB stick.  when its plugged into the host and unencrypted, its wide open?
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!