Is Virtualization good enough ?

[BitcoinSupremo]

Is Virtualization good enough to hold your wallets more securely than your PC, for example, you can install Virtualbox from Oracle which is the best free tool for virtualization and install a Linux machine, I installed Ubuntu, then added electrum to it. Is this also the safe method to keep also other personal critical files ?

I know that the .vhd file I should update often with a snapshot and keep with me in an USB I keep always with me. Is this the best method to store critical files ?

[1714241996]

1714241996

[1714241996]

1714241996

[butka]

I don't think so. It's the other way around, you keep your PC secure from all the bad things that may happen if you install some insecure software in the Virtual Machine.

Read this post:

https://bitcointalk.org/index.php?topic=2264427.msg22944253#msg22944253

[hatshepsut93]

It's probably good for now, because Bitcoin-stealing malware isn't very sophisticated yet: it's mostly clipboard adress-replacing trojans, fake wallets and malware that steals wallet files and tries to decrypt them later or hopes for unencrypted files. However, there's always the risk of more serious malware that tries to steal your keys from memory when they are briefly decrypted, keyloggers that steal your wallet file and wallet password and so on. Virtualization might be not good enough, if I'm not mistaken vulnerabilities like Spectre and Meltdown can bypass them.

If you can't afford hardware wallet or dedicated device for cold storage, you can at least get a flash drive, install some secure OS on it (I'm using Tails) and boot your PC/laptop from it, and preferably disconnect other drives beforehand. This will allow you to sign transactions offline in an even more isolated environment than virtual machine.

[BitcoinSupremo]

Yeah I have read the thread and I know the risk that once my main OS (host machine) gets compromised theorically so does the VM. What if the host machine is Windows 10, my case and the VM I installed is a secure OS which cannot be accessed without typing the administrator password. I can copy the .vhd (virtual hard disk) file that contains my critical data and after I format my PC in case of a malware, I reinstall Virtualbox and point to create the vhd to the file I have with my critical data.

Should be safe I think or not ?

[bob123]

I know the risk that once my main OS (host machine) gets compromised theorically so does the VM.

This is not just theoretical. If the host machine gets compromised the VM has to be regarded as compromised too.

What if the host machine is Windows 10, my case and the VM I installed is a secure OS which cannot be accessed without typing the administrator password.

IF all of the critical data are ONLY stored inside a vhd (which is properly encrypted!) and you do NEVER decrypt this file on your pc, chances are high you would be fine.
But some attack vectors do still exist (e.g. buggy encryption implementation, some virtualbox exploit, ...). So this is not completely safe.

However, if you are referring to the windows password with 'administrator password', then this is absolutely NOT safe. Your virtual machine definitely will be compromised as soon as the host is compromised in this case.

Should be safe I think or not ?

There are quite some attack vectors.
Any backdoor (which gives an attacker full access to your machine) will reveal any secret information once you will boot your virtual machine.
You should not assume that you will instantly be informed once your machine gets compromised.

If your AV doesn't warn you (which it definitely won't if it is a proper 'self-made' malware), you will probably never realize that your system is compromised (until maybe your funds are gone).



If you want a proper secured setup either get a dedicated pc which only runs offline using linux, or a hardware wallet.
Your private keys have to be stored isolated from the online setup (which is effectively not done on a virtualized machine).

Running your wallet on a VM is definitely more secure than running it directly on your pc. But it is by far not secure enough to store amounts you are not willing to lose.
It just adds a small layer of protection (you basically assume the attacker is plain stupid and/or a script kiddie).

[BitcoinSupremo]

I already have the Hw.1 hardware wallet, I was just interested in VM and virtualization power. I am not referring to the Windows administrator password, but to the Linux administrator password inside the VM. Also the VM is always encrypted and I always keep a copy with me in an USB just for added security. I know my host machine is not compromised and hopefully nor will ever be because I am very careful at what I do in my PC, what links I click, what emails I open and all the other related security measures that one user should take to make his PC safe.
Bottom line from what I understand is that I should stick with hardware wallets.

[bob123]

I am very careful at what I do in my PC, what links I click, what emails I open and all the other related security measures that one user should take to make his PC safe.

Unfortunately that's just one part of securing your coins.
You still have to calculate the risk outgoing from wrong/buggy implementations, 0-day exploits, non-disclosed vulnerabilities, etc..

There are many factors which you can't influence, but do have a direct impact on your actual level of security.

Bottom line from what I understand is that I should stick with hardware wallets.

Yes, either a hardware wallet (to combine safe offline storage with usability) or a dedicated offline pc (for offline storage, with bad usability).
Another way would be a paper wallet (also safe but bad usability).

These 3 forms of storage are - by far - the most secure ones (if done properly).

[LeGaulois]

I am very careful at what I do in my PC, what links I click, what emails I open and all the other related security measures that one user should take to make his PC safe.

Unfortunately that's just one part of securing your coins.
You still have to calculate the risk outgoing from wrong/buggy implementations, 0-day exploits, non-disclosed vulnerabilities, etc..

There are many factors which you can't influence, but do have a direct impact on your actual level of security.

Bottom line from what I understand is that I should stick with hardware wallets.

Yes, either a hardware wallet (to combine safe offline storage with usability) or a dedicated offline pc (for offline storage, with bad usability).
Another way would be a paper wallet (also safe but bad usability).

These 3 forms of storage are - by far - the most secure ones (if done properly).

He could use a dual boot with any GNU/Linux OS and run his wallet in it. I suppose it's a good alternative to what he wanted to do firstly with a VM? If the partition #1 is compromised the partition #2 won't be. You can access the partition #1 from the partition #2 but not vice versa
(Security speaking I mean)

[BitcoinSupremo]

I am very careful at what I do in my PC, what links I click, what emails I open and all the other related security measures that one user should take to make his PC safe.

Unfortunately that's just one part of securing your coins.
You still have to calculate the risk outgoing from wrong/buggy implementations, 0-day exploits, non-disclosed vulnerabilities, etc..

There are many factors which you can't influence, but do have a direct impact on your actual level of security.

Bottom line from what I understand is that I should stick with hardware wallets.

Yes, either a hardware wallet (to combine safe offline storage with usability) or a dedicated offline pc (for offline storage, with bad usability).
Another way would be a paper wallet (also safe but bad usability).

These 3 forms of storage are - by far - the most secure ones (if done properly).

He could use a dual boot with any GNU/Linux OS and run his wallet in it. I suppose it's a good alternative to what he wanted to do firstly with a VM? If the partition #1 is compromised the partition #2 won't be. You can access the partition #1 from the partition #2 but not vice versa
(Security speaking I mean)

I already am on dual boot Windows 10 main OS on SSD as I do some mining with a few 1060-s here and the Linux Mint 18.3 which I have on a 500GB HDD. I though can access from Windows , Linux with ext2s program and also from Linux Windows. I was just asking about VM as I was curious about it after reading a lot of good things online. Anyway I am sticking with my HW.1 hardware wallet, old hardware wallet from Ledger.

[bob123]

He could use a dual boot with any GNU/Linux OS and run his wallet in it. I suppose it's a good alternative to what he wanted to do firstly with a VM?

IMO this definitely is a better alternatives since most malware made for windows does not look through different file systems (would be still possible though).
A compromised windows would not automatically lead to the linux system being compromised. You can't say that about a VM.

If the partition #1 is compromised the partition #2 won't be. You can access the partition #1 from the partition #2 but not vice versa
(Security speaking I mean)

Usually you always can access all partitions on a disk, regardless on which partition the OS is installed on.

To effectively lock out the access from windows to the linux partition(s), you would need to encrypt the /home and /root partition (which probably is the best approach),
or at least only mount them as readable only inside windows, but not as rw.

[NeuroticFish]

He could use a dual boot with any GNU/Linux OS and run his wallet in it. I suppose it's a good alternative to what he wanted to do firstly with a VM?

IMO this definitely is a better alternatives since most malware made for windows does not look through different file systems (would be still possible though).
A compromised windows would not automatically lead to the linux system being compromised. You can't say that about a VM.

I also tend to agree with this, but there are some things to add:

1. Some virtual computers allow you see host OS folders. You may be tempted to keep your wallets "shared" and there, you already added one extra security hole, leaving your wallet in a position it can be stolen (the file). Of course, if you protect it with password you are somewhat safer.

2. Some virtual computers allow you use more known / standard formats for their "HDD file" (eg .vhd), making your files accessible from outside, in theory (the malware will have to be pretty smart)

3. This is more real: if you have backdoors allowing hacker to either directly access your host computer, either record your screen or keystrokes, the fact you use a virtual computer on top of your infected host will not help you much.


So, VM can add extra protection, but don't expect miracles, it's not that much better than the host OS, which you also have to keep safe from backdoors.

[fire rab1]

it is more secure when compared to doing it on your PC .it gives a minimum protection to your wallet.it is always better to use a different pC that works offline.