I learned how to create VM's on my NAS. It has all of the benefits that you talk about but also, because the NAS runs 24/7, I can leave a VM running perpetually. It is constantly polling certain web sites to download data for example. One of my VM's is a version of Windows upon which no apps are permanently installed. I keep it updated and, when I want to test an app, I first create a snapshot of the VM, test the app, and then revert to the snapshot. The VM returns to the exact state that it was in before I installed the test app. In a business setting, all staff may need to an app that is only used occasionally but may be prohibitive to purchase a licence for everyone in the business. Run it on a VM and give everyone access to run it when needed. Overall, it's a great skill to learn. And a tip : to run your VM, you might find it best to connect to it using the free Windows Remote Desktop Connection app. My VM's run as if they are the main OS on my desktop by using RDC.
I think you are missing the core point here. Running Windows VMs because you need them in business or, say, as a Windows developer is one thing - but do also remember that the Windows builds used by businesses are completely different to those used by home users because no business would allow Microsoft to extract the same types of data from their business PCs that they do on home user PCs. Businesses are given far more control over Windows than home users are. This is a discussion about privacy and nobody who truly cares about privacy, or understands privacy, would ever blindly run a privacy-hating modern Windows OS (or MacOS) in the first place - unless, like business versions of Windows, they have the capability of disabling all of that crappy telemetry. And that capability just isn't there with either of those two OSes because the moment you turn off telemetry, Microsoft or Apple just enable it again with the next update. In the case of privacy, where "misinformed" people choose to run privacy-hating OSes like Windows or MacOS then what Rob is suggesting here is running Linux-based VMs as a mechanism to isolate certain Internet activities from the "prying eyes" of Apple and Microsoft in order to improve privacy - whereas your suggestion that people should deploy MORE Windows is doing the complete opposite.
@@harbinjar I don't need to run Windows at all - but if you do then, yes, it's safer to run Windows in a VM. But it will be no good for gaming unless you get into some "jiggery pokery" with GPU configuration.
Really enjoyed this Rob... I would love to see you set up a VOIP into a virtual machine as I think that this COULD be the silver bullet required to free us from the insidious data harvesters known as smartphones. Keep up the good work bloke.
I've been using virtual machines for about 15 years or so and they are a great way to test alternate Operating systems and can be quickly wiped and reset.
Yes, it's a good way to learn Linux if you just have one PC and you still want to use your daily driver OS - you don't have to dual boot and use one OS or the other.
if this is just about privacy, not about privacy+security+testing, then these days it's easier to use additionally installed librewolf/mullvad/tor, depending on the privacy level you need. In everyday life most people would be content with firefox/brave or similar browser with ad blocker + "noscript" extension
For me, the most important feature of virtual machines is the possibility to move them on more recent computers while maintaining their operating system. I have old development environments which require specific operating systems, such as Visual Studio 6. This is particularly true for firmware development.
Ah yes. This! I work as an Infrastructure consultant / architect. Not quite development environments, but it's crazy how much kit is out there that needs a browser with Flash or an ancient version of Java to access the management console. There are a couple of old EqualLogic SANs and some fibre channel switches at customer datacentres that spring to mind. Not to mention places that still have vSphere 6 kicking about in a dusty comms room. I don't want buggy, insecure things on my main PC, but having a Windows 7 VM with IE, Flash and Java 6 is a great get-out-of-jail tool. I know - I could use SSH, but learning the CLI for an obsolete device I access once in a blue moon is not a good use of time, imo.
Wow! This is eye-opening. I did not know theses advantages of virtual machines. I will definitely use them soon after upgrading my hardware. Otherwise, my computer will be very slow. Besides, your video is succinct and helpful. No wonder you have 448K subscribers. We need MORE TH-camrs like YOU. Thank you very much.
I just found your content, very good stuff. Really liked the wifi jammer video. I have a home security set of cameras so this was very informative for me. Do you ever give advice on a subject if asked? I am curious because I have a question concerning a laptop of mine. Once again, great content, I subscribed right away.
A VM network may be though is not necessarily on a separate network. It depends on how it is configured. You can also just create a separate VLAN on a switch to isolate it from other layer 2 MAC addresses. Either the host or VM can be moved (permanently or temporarily) to that VLAN.
this software emulated type of VM is not responsible for connection to internet. You need to configure your private/secure connection with your VPN in case you use it. Otherwise you will be seen from outside according to your ISP and router settings
It’s irresponsible to tell people that viruses in your vm can’t affect your host. It is absolutely possible for malware to escape the vm, it’s even called vm escape. So you should still exercise caution with untrusted emails, downloads and websites.
@robertlowther7442 - Sure its hypothetically possible, as most things. However, its very Unlikely, since Viruses / Malware aren't going to likely be Engineered to escape a VM and affect the Host's PC because they will save that vulnerability for a more easier Worthwhile target. One must try to be Practical about things rather than overly Paranoid.
The biggest hurdle for "user interface" VMs is access to hardware acceleration. If you are running a Windows (or Linux) PC on the host, then it will be using at least one of your GPU interfaces and while it's possible it's not exactly easy or wise to free that GPU for use in VMs. Coming to that. Using your GPU in a VM can be very fiddly and result in a lot of hard lock ups and resets to get it to work. NVidia outright ban any virtualisation attempt made by the OS. The drivers deny it. If you want virtualisation support from NVidia you will need their "Studio" professional license drivers. This is to stop enterprise using cheaper gaming GPUs for virtualised GPUs for computation etc. They sell more expensive ones with the studio license for that. Without hardware acceleration most modern desktops struggle and have notable lag. You quickly get used to it, yes. However you will likely to operating at 30FPS if you are lucky and with a good 50ms lag. You "notice" switching between a native 60FPS display and the VM virtualised display (I am using SPICE). The desktop and desktop apps are usually fine. Large "blitter" operations involving many UI plains such as in graphics editors or even word processors can cause tearing and lagging. Video will most likely end up software decoded. Maybe if you fiddle and get the CPU codecs virtualised successfully it will still struggle to pipe the 4k output to the virtualised software video adapter. Why is it software? Because most domestic GPUs do not support virtualisation. If you want to be serious about this, you will need several GPUs in your machine. One for each VM machine you want a performant interface on. Note this also means the VMs dislpay on a montor of their own and not "pic in pic" with the parent OS (though that is available additionally). Once you try and use anything heavy, like say electronics schematic/PCB layout software which is usually hardware accelerated in OpenGL it becomes too laggy and stuttery to use. Forget video editing. Forget gaming. Some games just immediately crash the virtual display driver, others are just too slow. You can play "Candy crush" Poly bridge stuff like that. Nothing with 3D motion graphics.
Virtual machines are incredible for security purposes, but for privacy purposes, they're only useful in one way: it's when the host (your actual OS, for those who don't know what I'm talking about) runs a privacy respecting OS while the guest (the virtual machine OS) can be whatever you want, because the host can see everything the guest does, but the guest can't see the host. And here, considering Microsoft (or Apple) aren't the best in terms of privacy, I'd rather install Linux as a host and Windows (or MacOS) as a guest than the opposite as you've shown. But if running Windows bare metal is an absolute must for whatever reason, I guess it's still better to use virtual machines than not to use them.
You make valid points but I disagree with you saying that VMs have limited use in privacy. A VM running Linux essentially gives you "another free computer" in age when storage is dirt cheap and it's not going to be an issue having a dozen VMs ready for use when you need them - sure, running them ALL at the same time probably needs you to spend some money on a powerful PC, but I am not suggesting that here. But nothing stops me creating, say, four identities on the Internet and isolating each ID to one of the VMs - what you've then got is a good baseline for segregating four browser installations and, combining that with VPN, I would see it would be very difficult for an external "snooper" to be able to link the four instances together in any way. So I do think VMs can be an important part of a good privacy strategy.
@@terrydaktyllus1320 I agree, it absolutely can be used effectively like you just described, but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host. And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing). So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM.
@@rigierish3807 "but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host." That's an incorrect statement. The host can't "see" everything that's happening in the VM, it just controls the resources (CPU, RAM, disk space, etc.) allocated to the VM. It can see resources but not what applications are running or what's in the memory contents. The contents of RAM are just 1s and 0s - in order to make sense of what those 1s and 0s mean, you'd need to know what applications are writing to what memory addresses. The host can't see to that detail inside the VM's memory. The host can't, for example, tell that a VM user is running LibreOffice - you'd need to SSH or RDP from the host to see what the VM is doing. "And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing)." I stopped using Windows when support for Windows 7 ended, so I'm the wrong person to be talking to on that. "So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM." The VM is a "software PC" with a network presence that is vulnerable to exactly the same security and privacy issues as a "bare metal" PC. If you can intrude onto the host, then you can start turning VMs off - the equivalent on bare metal would be switching off racks of servers, which would need an on site presence (i.e. a lot more difficult). Plus old vulnerabilities like Spectre and Meltdown allowed reading of memory contents of other applications, but they were not VM specific - you could technically do it on any application.
@@terrydaktyllus1320 Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that. Now sure, you can have hardware vulnerabilities that still can go around the security of VMs but first, those are generally much _much_ less frequent, second, the viruses or malwares using such vulnerabilities must be programmed to be able to target multiple types of OS with different architectures, which would make them much more sophisticated than the vast majority of malwares people usually encounter, and finally, the vulnerabilities you mentioned got patched and solved since then, which were the two big vulnerabilities that, left unpatched, could've actually lead to completely vulnerable computers all over the world. About the "see or not to see" argument, you say that a host can't actually read programs locally ran by the guest because that's something the guest manage rather than the host: that's a fair point, but what makes it impossible for the host to have something in Windows (other than the VM program) made to understand how the guest OS works and therefore, identify any program in the RAM dedicated to the guest and collect information about it? Nothing. Especially when the VM program and guest OS or kernel in this case, is completely open source like Linux using Virtual Box. Unfortunately, because Windows isn't open source, we can't prove or refute this. So personally, as I said previously, rather than trusting Microsoft, I prefer to not take the risk at all, as insignificant as it can be.
@@rigierish3807 "Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that." And where did I say anything like that in my responses? Now you are putting words into my mouth and arguing against them. Respectfully, I've enjoyed our conversation to this point but I really have said all I want to on the topic. You're welcome to disagree with part or all of what I said but working daily in Linux and VMware cybersecurity for 18 years now does count for something, I do know what I am talking about here. Let's disengage at this point. Thanks for the chat and I wish you a very pleasant rest of your day.
Hi Rob, I watch all your videos and I can say I learn a lot from you. Thanks for that. I want to know if you worked or know much about the fingbox with the Fing app. which is a device connected to a router which can scan your network for security and a host of many other thing. I find it a great tool. Since a lot of notifications come from its cloud infrastructure, I want to know if there are any privacy concerns for this device. Thanks in advance, and keep on doing what you do. I am a big security buff and always looking to learn more.
So you have an application that scans your home network and stores the information it retrieves on a Cloud server (i.e. somebody else's computer) and you're asking if there are privacy concerns here? Do I even need to answer that?
@terrydaktyllus1320 I know there is. I just want his take how much of a cocern it is. I block it from accessing the internet from my router, but then do not get notifications while away, Ionly get them when connected to my network. Therefore it is still useful for me.
Problem with Virtual Machines is that you are at the mercy of the virtual machine host. Hyper-V, ESXi, VMware Workstation, VIrtual Box, etc.. can to snoop on the VM. Does it? probably not and Open source Hosts can have their systems audited easier to be more sure. Also you have to assume that if the host is compromised then the VMs are too. That said... I often run live OSs that do not install, basically booting off the iso and running the the os through vitalized memory. the bonus and problem of doing this is that any data is wiped when you shut down the system so you can't save anything with out adding a drive of somesort to the virtual machine. but that too doesn't allow third parties do it either.
There is some snooping the host OS can do, but if the VM is encrypted, that limits quite a few avenues for the host to spy on what's going on in the VM. Run a VPN inside the guest OS to limit snooping on network traffic. If you're extra paranoid, use a separate keyboard and mouse and use USB passthrough. I imagine there's still ways the host OS could inspect the keystrokes, but it does limit that a lot, since the OS doesn't see the device that is passed through in the list devices available to the host. Screen capture is still a thing, which might be difficult to get around. Mac OS is OK at locking that down for 3rd party apps, so perhaps an encrypted VM running on Fusion on Mac OSX might be one way to go. Presumably, the OS still has access and rootkits might get around the OS protection. But if you've got OS manufacturers complicit in spying on you at that level, or adversaries able to install rootkits on your device, I don't know what to tell you. Maybe go analogue at that point.
@@ralph17p I don't know about you but if i'm running a VM for privacy, i'm using Onion or Loki services IMO better than a vpn.. of course you could layer them on top of each other. even with the vm encrypted the memory isn't so much (i think?) something on the host could possibly capture that data. I am not saying that doing thing through a VM is bad just that even with doing these things there is the opportunity. I'm not a privacy or security expert by any means. I just don't trust anything any more "they" just keep getting more and more intrusive. I talk all this stuff about privacy and stuff and here i'm using one of the worst things for privacy.. youtube! lol.
You really need to be installing Bochs as a full virtualization and encapsulation of security, not Oracle. The reason for this is the VT-X settings pass raw instructions to the CPU for the sake of speeding these up, and they are vulnerable and accessible to this still, whereas with Bochs even through you take a performance hit, you can do everything 100% isolated. Another reason is that VMware and Oracle have a specific flag that you can set if you are in a virtual machine of not. With a few assembly instructions, they will return whether or not you are in a virtual machine and what type. While this won't affect a host system, it will tell you whether or not you are on a real system and which is which. By the way, Windows 11 is a very bad choice for a host! Even notepad will leak things beyond. The first crucial step is to choose a good host that is hardened as possible, and then the sky is the limit for what you will be doing in a virtual machine. So it is rather comical that you are choosing Windows 11 for this, because it is the most spyware-laden and least secure as it could possibly be. If you choose windows for anything, it is flawed and you are doing this backwards.
Thanks for the video. Another way to do this would be to first put a host Linux distro on a USB drive, then install Virtialbox, then add a guest Linux distro - all on one USB drive. That way, Windows (hopefully) can't see anything going on
You're not gaining much in putting it on a USB drive, unless you need portability and something to keep in your pocket. USB is slower than a traditional hard drive or SSD and it's a lot easier to corrupt a USB stick, especially with the amount of read and writes an OS does when you use it. Where USB is useful is where you boot, say, Tails OS that doesn't write to the USB stick and stores any data in memory until you power it down - that's a very private way of using a computer, but it's a very specific use case.
@@rootcanal7188 Sure, your core idea is sound and booting Tales OS from a USB drive is the *ULTIMATE* in privacy anyway - so it's not a bad idea overall.
I work for the US and deal with sensitive things. Last year I learned that my phone and computer were being monitored by Iran, China, and Taiwan (proven) so might as well throw Russia in for the hell of it. It was very hard to learn how to do it and just as hard to force myself to use it. However it is worth all of the difficulty (as not IT person). I suggest you take his advice and do it prior to being hacked and not having all of the extra problems that go along with that (to include threat to life). I also bought a Brax2 phone and now using your VPN and email. Thank you!!!
How can you say monitoring by Iran, China and Taiwan was "proven" but in the same sentence say "so might as well throw Russia in for the hell of it"? So you made up the Russia bit then just to add to the other three "proven" countries? Why would you do that? And as someone who has worked in cyber-security for the past 18 years, do please explain to me how it was "proven"? Because bad actors use Tor and VPN to conceal their origins so you can't automatically assume where they are from or who they are working for - especially as many companies block IP addresses that are known to originate from those states anyway. But I am sure you can explain, from your real world experience, how their location was proven? And what was their motive? What attack vectors did they use?
How was it proven that you were specifically being monitored by Iran, China and Taiwan? And why then "throw in" Russia that wasn't "proven"? Just for more "dramatic effect" on your part? I've worked in cyber-security for 18 years, it's extremely difficult to "prove" where bad actors come from unless they are caught - and I doubt anyone is that concerned about them monitoring your devices specifically to go find them. And what attack vectors that you know of might cause "threat to life" that would also be related to your phone and computer? And if you're that knowledgeable about cyber-security, then why do you need to buy Rob's products? I am sure his products are very good but if you understand security and privacy yourself, you can do yourself what a lot of his products do.
@@terrydaktyllus1320 I don't understand it myself, I was thrown into chaos. First was Iran. I was using google flights and it was giving me prices in Iranian money but when I did IP search website it came back in New Jersey but to a company registered as "Nuclear Proliferation Inc". F-ing crazy! I reported it to the appropriate people who specialize in this type of thing (US gov). Yes, the Russia part was a joke; that you can feel free to label as 'dramatic effect'. You must be a very boring person if you can't recognize that. Note: I have worked on all of the listed countries in the past. It is logical if they pay attention to me. If you would like an exciting life I suggest you start by joining the army (as I did) and serving in a couple wars (as I did) and get obsessed with destroying the enemy (as I am) and maybe your 18 years will provide more opportunities.
@@terrydaktyllus1320 Unironically would love to hear more from you or learn some of what you know 🤔 any resources I can learn from other than this channel that tackle things from a critical thinking perspective rather than biased or fear mongering angles?
That is the same setup I use on my main computer, except I haven't upgraded my Linux Mint to Virginia yet. Near the end you brought up VPN's. I was going to say that the VPN had to be running on the host machine but you beat me to it. One thing that users might encounter is that the way Virtual Box set up the network by default wouldn't allow the VM to connect through the virtual machine. I had to change the adapter to NAT and in the advanced settings set the adapter type to paravirtualized. Then it works fine. However I have another box with just Linux on it so I normally use that one when using a VPN to connect to the TOR network. (Just for added piece of mind.) The one question I have which someone might be able to answer is if it is possible to clone the VM in a way that I could put the clone on a separate drive and boot into it without going through Virtual box. I have that installation of Mint customized and if I have to change my hard drive for some reason I'd like to just set it up without going through a host. It would save a lot of work re-customizing. What can I say, I'm lazy.
00:23 🛡 Using a virtual machine provides specific advantages for privacy and security, especially against threats from platforms like Facebook and Meta. 01:37 💻 Virtual machines can be installed on various operating systems like Windows, macOS, and Linux, offering flexibility in usage. 04:59 🕵♂ Running Linux on virtual machines enhances privacy by shielding activities from host system surveillance and AI scanning. 10:05 🔄 Virtual machines allow for easy cloning and restoration of OS copies, safeguarding against malware infections. 11:08 📧 Email sandboxing within virtual machines prevents malware infections through attachments, enhancing email security. 13:45 🌐 Virtual machines isolate networks, preventing identification via MAC address collection and enhancing privacy protection. 15:59 🔍 Unique identifiers on Windows and macOS can be captured by apps, while virtual machines running Linux lack such identifiers, enhancing device privacy. 17:17 🚫 Virtual machines on Linux prevent apps from accessing Microsoft or Apple IDs, offering additional privacy protection.
You can use qubes OS for people that are really conscious or suspicious about privacy and if you do that over tor behind a VPN that's pretty much the safest way to go about using a computer on the internet these days. My question for you Rob is what CCTV camera network would you recommend? I currently use a de-Google phone I was thinking of using the nest system and have it connected to my backup phone via Google home.
Depending on your level of privacy desired, I would suggest going one step further. Clone a new Linux VM every morning, use it as needed, and then delete it at the end of the day and start new again tomorrow. Simply keep the master VM patched and up to date. Based on your personal threat model, you may want several clones for different activities based on the level of isolation desired.
I'm not sure if Virtualbox does it, but VMware Workstation has a non-persistent setting for virtual disks. Enable it for day to day use and turn it off when you want to install updates or new software. It's basically the same thing as a linked clone or snapshot, but it happens automatically on shutdown.
Unfortunately copilot now makes screen shots as a timeline feature so Microsoft can go and look at your screens no matter what. so thinking your vm is private is no longer the case
If you are using a VM for privacy reasons, the host needs to be running linux. The VM can't see what is on the host device but, because the host is managing the entire VM, the host OS has complete access to all content on that VM.
Great video! I had installed the virtual box on my PC but I use screen reader software and I'm not sure how to incorporate that into it. I think it's great for certaini things but I just have the feeling it's a little cumbersome for much of my PC use. I have to get back to it and play with it a bit more to see what I can do with it.
There are ways of sharing text between clipboards on the host machine and virtual machine - on Linux, you can also copy to and paste from the clipboard from a CLI tool that you could then build into a script. So the "potential" is there to be able to do it but it would need to be looked at in more detail.
@@terrydaktyllus1320 Yeah I'm a retired mainframe programmer. So I've kind of done my tour of duty and then some but when I'm in the mood I do tinker. Thanks.
My use case that I describe is for specialized use. Not for everyday use. For example, putting Email in a VM is much better than using an antivirus. Isolating identity identifiers against specific platforms like Google is a very good use. Then the rest of your usage can stay on the host machine.
And sometimes you need to get work done. Unless you don’t save any files anywhere, and basically do not access any internet resources, so a VMware that you start up to play solitaire, it’s a big waste of time.
@@robbraxmantechOk. It should speed up the graphics so that 4k is no problem. There are even examples of some programs running faster on virtual Linux than on native Windows ..
@@biondanishgenomeinstitute8193 4K is a gimmick unless you are projecting onto the side of a building or the underside of a dome above your head. My eyes have never looked at a 1080p image and said to my brain "Excuse me, but we need more pixels".
That's a bit like knowing that you don't like olives but ordering a pizza with olives anyway just to pick them off the pizza before you eat it. Why not just order it without olives? Why not just use Linux and not worry about co-pilot in the first place? If you don't trust co-pilot (and I wouldn't trust it), then how can you consider storing your most personal data on the OS it runs on? Because you can't trust that either.
@@terrydaktyllus1320That's actually a bad analogy because you can't order windows with or without certain features in this case. So a more accurate analogy would be you're in a restaurant that has only burgers or pizza and the the pizza comes with olives. You really feel like pizza and don't want a burger so you have to order the pizza and pick off the olives.
@@linsqopiring6816 If you want to make a different analogy then so be it. But mine still works fine, and I am not debating "verbal semantics" with you.
Maybe I'm missing something, but I was under the impression the Host OS can see everything, but the Guest OS cannot see outside of the virtual machine.
I run VM's on my NAS and they have the full run of the network ( or the parts that I provide user rights to). In fact, I use a VM to sync one NAS to my backup NAS without bogging down my desktop.
@@DavidM2002 Yes, but as I've already explained in response to your main comment, allowing Windows VMs free reign of your private network is killing your privacy, not enhancing it. All of that "lovely" data about your home networking environment is collected by Microsoft. If it was me, I wouldn't be "crowing" about that on here in a privacy discussion.
@@robbraxmantechNo? Really? The fact that you’re recording the screen of the host and it’s capturing the VM immediately disproves that. The host can absolutely see every detail of what’s going on in VMs.
I was just in Mexico for a week and was cut off from my banking as I use a VM to access financial institutions and I didn't bring a notebook. Is there any way to boot a phone using an OS stored on a micro SD card? I could bring a separate phone with banking apps installed but I was concerned the phone like the notebook I didn't bring might go missing while out of the rented space.
On a side note, saying chrome can access and read registry values doesnt sound right. Web based java script operates in a restricted space (sandboxed) , it cannot access the underlying operating system or other system level components like the registry.
could you pls do some video (or did you before?) about profiles and groups or so? everytime i check this on ws it is scary. there are always some suspicious guest profiles. i didn't go deeper yet to find more and eventuelly to deal with it. i would like to see your take on it. and maybe about os work in background in general. also about efi in context of security and privacy, including actualization. same with chips. should i be concerned about some processes on background connected to cpu, especially intel? and last but not least. i would like to know more about ram memory and how it works. it seems that windows uses it to hide or smuggle some things. which is ok for me, but what is not, it is blocking my ram capacity and it is hard to get some reliable programm for clearing ram. and it is especially annoying when i have more operation systems on one computer...
They are not "suspicious" profiles, they are there to give Microsoft the access that they need to be able extract as much of your private information as possible whenever they like. In another YT channel yesterday, I can across a post by a Windows user who was very proud of himself because he'd managed to strip down Windows 10 to run in a maximum of 3GB RAM. I responded to him and I explained that if you install Ubuntu (the most "bloated" Linux distro there is), boot it up and then open 20 or so tabs in the browser, you'd probably have a memory usage of around 1.5 to 2GB at most. The recommended minimum RAM for Windows 10 is 8GB. So thinking about the difference in memory requirements between the two, why do you think Windows needs that much more memory? Unless it is running a lot of stuff in the background that isn't obvious... Are you also aware that Microsoft released Windows Defender for malware detection around the time of Windows XP? it had a reputation for not being very good compared to commercial anti-malware software at the time. These days, it has a great reputation and it's because it does real-time analysis where it reports back to Microsoft what it finds on users' PCs as an "early warning" mechanism for new malware - but that just means it's there all the time, running in background, requiring lots of memory and CPU time and constantly scanning your PC. MacOS does the same because of the "Think Of The Children" excuse. I think you're being deliberately obtuse and evasive here... you clearly know enough about computers to a do a degree of analysis yourself, yet you don't want to accept that the explanation for what you are seeing is the most obvious one. It's Microsoft and not some "mysterious bad actor" intruding into your PC.
@@terrydaktyllus1320 that was i was "talking" about. i know what is their purpose. i am using linux, actually back on ubuntu, but i have dual boot. i log into windows very rarely but still. there are reasons to have also windows. moreover i have to deal sometimes with pc of others, especially my parents...
@@non9886 You asked a question about why some profiles exist on Windows, I explained why they exist and you cannot trust Microsoft or Windows. Whether or not you still use Windows is up to you and of no interest to me - once I give you my honest opinion, you can choose to listen to it or ignore it. That is up to you.
@@terrydaktyllus1320 your answer is useless. you told me what i had known alredy before. i did not ask why there are some profiles and i did not ask you...
@@non9886 There's clearly a language issue here so I am going to close this conversation. If you don't like my answer then go get answers elsewhere, it is of no concern to me. I hope you find the answers you need. Have a good rest of your day, the discussion is now closed.
Mr Rob. I know you are a busy man, but maybe a quick follow up for me? A friend and a Linux expert watched this video with me today. He surfed into my Linux system and pointed out to me that /etc/machine-id is a text file designed to give Linux OS on a machine a unique id. He said he always thought this file was included just for high security type situations like various banking network's legitimate need to be certain of the identification of an end-user's machine on their networks, he made it sound like it was used like a two factor rolled into one, [example he cited to me: same customer's account always paired with same machine]. I've no idea how accurate or inaccurate he is in this. Does this file change any portion of the clip you have presented here? If not, please explain the purpose of this file so I might can share that information with him in the 'why not' conversation I'm sure is up coming. Thank you sir.
I have a question about connecting to the Internet through a VM. If the host's WiFi is turned off, does that mean you can't use the WiFi adapter inside the VM? The other question is, if you have to have the host WiFi turned on in order to connect via the VM, does this compromise or by any security/privacy measures?
@@robbraxmantech”never works on any modern computer” that’s not true, just read the compatibility docs. It explicitly works better on new hardware because it needs newer virtualization technology enabled.
I highly recommend QubesOS! I use it every day and it’s a huge pleasure. Def some downsides (performance-related mostly), but there’s nothing better in terms of security and flexibility. I can’t stand XFCE so I’m using a custom build with DWM, and there’s some great dmenu scripts available that make qube administration more efficient. The documentation and community are great too. The forum is active and the ppl there are generally super helpful.
as I responded below, I've already said that this video is to protect against 3rd party privacy attacks. Not defending against the OS. So for this 3rd party threat (which is a reality and very significant and very common), a bare-metal hypervisor is overkill. However if your threat is the OS, because that is your line of work, then of course you reveal the higher level solution for the specialist.
Why? If Virtualbox provides a good enough solution, why use anything else? A Type 1 hypervisor needs virtualisation extensions in a CPU to work properly anyway, Virtualbox is slower because it does everything in software. But if it works, who cares?
@@tacticalcenter8658 "the best thing for a noobie to do is learn. Stop holding yourself back." So you're going to make a video for newbies on how to purchase, register and install VMware, are you? In your own time then, maestro...
it's more like a system administrator skills. yeah we have to learn something to protect our privacy and security. Neither Zuck nor Gates will care about it much
Anybody know the incidental music Rob plays? At first I thought it might be something he played but it sounds like freeware music (or whatever you call it). Either way, I really like it and want more. I tried identifying it with Shazam but that app resolved as four different songs -- all wrong. Suggestion for future: Why not play us a little something, Rob, to fill the space when you're skipping through an install?
When I read my web-based Gmail through Microsoft's Sandbox (built into Windows 10 Pro) and download an attachment, am I protected just as if I had an email client installed on my PC?
Better host linux and put windows in a sandbox no? with vmware have full 3d acceleration in the guest to, seems like alot better choise with security in mind?
sure thing you can install a hypervisor, if you wish so. But many users already have a win installed, and they don't want to make its image, then install a new system and all other things which may require quite a bit of sysadmin skills
It's impossible to answer the question without knowing your definition of "maximum security". To become "secure" you have to first work out what attack vectors you are securing a system against. For example, if malware is your concern then educating users to use common sense with email and on web sites is the best way to secure against that attack but the type of network interface would be irrelevant. You would also need to understand how your existing network is set up. If your host is on a routable IP address then you could say that NAT with a non-routable IP address for each VM adds an additional layer of security - but then there are additional challenges setting up communications through the NAT to the VM. In a home network, your host is probably already on a non-routable IP address so using NAT again may give you some logical network segregation and design but isn't going to add much to your security - if an intruder has already traversed one NAT interace through your ISP router then they won't have a problem getting through a second one between the VM host and the VMs.
Pros: Debian-based native hypervisor. Runs fast and smooth. Cons: you need to have certain sysadmin skills to make it run. You cannot install it just like VirtualBox in your windows. It's quite the opposite, first install and configure Proxmox, then add your OS images
Does Apple’s “private wifi address” feature provide any protection from ARP tracking? It gives you a different MAC address for each wifi network. Will that inhibit non FB users from getting Zucked?
only in a limited way. Because many web sites that you visit have fb/meta as a "partner" site or another excuse to share your data with big techs. The only way is direct ban fb/meta from your side. You can choose the way you can do this, depending on your infrastructure or preferences. It can be router settings, firewall block list, ad block, special extension in your browser, secure DNS with social network blocking - many DNS services offer this now ) You can choose whatever suits you well or even get them all )
They are diametrically opposed concepts - Tails OS is designed to be non-persistent and booted from a USB stick each time you use it. Data created when using Tails OS is stored in RAM, it is lost when the machine is powered off. A VM is designed to be a persistent image that can be deployed quickly, updated and snapshotted as required - completely the opposite.
@@terrydaktyllus1320 Okay, Tails is normally launched from a usb drive, which seems to me to be a persistent image on the usb drive. But that requires a machine reboot to load. Yes, RAM is lost when you shut down a Tails session, but isn't RAM also lost when the VM gets shut down and memory is reallocated to the host OS? It seems to me if a clean Tails image is deployed in VM and RAM returned to the host at the end of the session, the advantage goes to Tails on VM because of no need to reboot. What am I missing? Kind regards.
@@ajkurp5919 "Okay, Tails is normally launched from a usb drive, which seems to me to be a persistent image on the usb drive." By "non persistent" I am referring to the run state of the computer system at the point you turn it off - none of your personal data is written to the USB drive, which contains a "persistent" image. But you know this already, you're trying to turn this into a game of verbal semantics because you know I am correct about this - and you can play that game on your own. "But that requires a machine reboot to load." Sure, and when you load a VM you are resetting the "software PC" too. But your point is precisely what here? "Yes, RAM is lost when you shut down a Tails session, but isn't RAM also lost when the VM gets shut down and memory is reallocated to the host OS?" Again, this is easy to understand and I don't believe you are this obtuse. By default, an OS is going to store transient and persistent data on the storage media in the computing device - that means it persists after a power down, it doesn't matter if it's bare metal or a VM. Tails OS is configured to only use RAM and RAM disks for storage of transient or "persistent" data, which is lost when the machine powered down. I really don't expect to have to explain this to you again. "It seems to me if a clean Tails image is deployed in VM and RAM returned to the host at the end of the session, the advantage goes to Tails on VM because of no need to reboot." Absolutely, but then there is absolutely no advantage to running it in a VM in the first place is there! That's my point. Well done, you got there in the end. "What am I missing?" Nothing, now that I've played your little game and explained it to you a second time. Your job now is to "read and understand" so that the time and effort I have put in explaining this to you isn't wasted. "Kind regards." You're welcome, you can thank me later.
I think that you miss the concept of VM state saving. By default you can either shut down, or save state. But you can also revert to the last system saved state which can be... fresh installation, or just space allocation. So if you configure your VM the right way, this should work
Terry, you miss one more important function of VM, that the image can not only be saved, saved incrementally etc , but also reverted to the last saved state. Good if you need to test something or use internet session without any change on your pc
There's a master file access table in the hard drive, forgot what it's called. No matter what OS one is using that table gets populated by the names. Probably happens at BIOS level.
@@robbraxmantechWhich is also why a VM helps with client side scanning, a major idea in this video. But I wonder if client side scanning could be done at the display level. In other words whatever is sent to your display is scanned just before it goes to the display.
I would suggest watching a bunch of YT videos. What you have to realize is that there are a number of ways to host a VM. On your Windows machine, the app that you might want to start with is Hyper-V and I believe that Virtual Box will run on Windows ( both free). Search on those names and you should be off to a good start. Make sure that you have a minimum of 8 Gb of RAM; 4 for the host and 4 for the VM. Those are the minimums. 16 Gb would be much better. You can also find videos for setting up VMs on various brands of NAS : QNAP, Synology, etc. Lots there but you will need to spend some money on hardware. If you are really technically minded, get an old PC and install Proxmox. I've tried that and gave up because I just didn't need more VM's that required so much learning time.
I have a MacBook Air which has a built-in Broadcom 43xx wifi adapter. It's not natively supported by Linux so I have to use a wifi usb dongle in Kali and DaragonOS. If I use this VirtualBox will I have the same issue? Or does MacOS handle the driver and share network access with the VM?
yeah, many WiFi adapters have proprietary soft. You can install it separately after installing Linux, or just try some distribution that already have 3rd party proprietary soft, like Ubuntu. When you use VirtualBox or any other type 2 hosted hypervisor, you don't have to configure much, so it should work smoothly, if you already configured it in your host OS
@@ТоварищКамрадовСоциалистКоммун thanks for the reply, i’ll try it out. I did try to install a driver after install, i was able to do it in Debian but doing the same process in Kali would never work. Go figure. Thanks again!
Would someone mention to Rob, or if you see this Rob could you comment on chrome's Manifest V3 in tonight's stream? It will kill adblockers which not only is annoying but has privacy implications.
I think you are missing the point of what a virtual machine actually is. A virtual machine is just like having a second computer, minus the extra hardware. It is still susceptible to same attacks your host computer would be and doesn’t mask your IP address (you still have the same external IP as your host OS) or automatically shield you from threats. The virtual interface is actually just a bridge to your physical NIC, so in theory someone hacking you host machine could listen to all your traffic from the VM's. And if you use your virtual machine as you do with your normal OS, you gained nothing. Google, Facebook, Instagram etc will still know who you are when you logged in, VM or not. It is still coming down to how you do your OPSec. Running VM's is great and very useful. I run 5 VM's with different functions (web server, mail server etc) thru KVM on Arch Linux as host OS. The benefit is not having to purchase hardware for every machine, it shares the same hardware. Backing up the instance is easy with snapshots to, which could me a headache if running on running dedicated hardware. If the only reason you want to use a VM is for better general security or privacy, you’re probably better off sticking with a regular PC and keeping a strict OPSec.
I learned how to create VM's on my NAS. It has all of the benefits that you talk about but also, because the NAS runs 24/7, I can leave a VM running perpetually. It is constantly polling certain web sites to download data for example. One of my VM's is a version of Windows upon which no apps are permanently installed. I keep it updated and, when I want to test an app, I first create a snapshot of the VM, test the app, and then revert to the snapshot. The VM returns to the exact state that it was in before I installed the test app. In a business setting, all staff may need to an app that is only used occasionally but may be prohibitive to purchase a licence for everyone in the business. Run it on a VM and give everyone access to run it when needed. Overall, it's a great skill to learn. And a tip : to run your VM, you might find it best to connect to it using the free Windows Remote Desktop Connection app. My VM's run as if they are the main OS on my desktop by using RDC.
I think you are missing the core point here.
Running Windows VMs because you need them in business or, say, as a Windows developer is one thing - but do also remember that the Windows builds used by businesses are completely different to those used by home users because no business would allow Microsoft to extract the same types of data from their business PCs that they do on home user PCs. Businesses are given far more control over Windows than home users are.
This is a discussion about privacy and nobody who truly cares about privacy, or understands privacy, would ever blindly run a privacy-hating modern Windows OS (or MacOS) in the first place - unless, like business versions of Windows, they have the capability of disabling all of that crappy telemetry. And that capability just isn't there with either of those two OSes because the moment you turn off telemetry, Microsoft or Apple just enable it again with the next update.
In the case of privacy, where "misinformed" people choose to run privacy-hating OSes like Windows or MacOS then what Rob is suggesting here is running Linux-based VMs as a mechanism to isolate certain Internet activities from the "prying eyes" of Apple and Microsoft in order to improve privacy - whereas your suggestion that people should deploy MORE Windows is doing the complete opposite.
@@terrydaktyllus1320so are you saying to install Linux as the base OS and run windows only within a VM instance?
@@harbinjar I don't need to run Windows at all - but if you do then, yes, it's safer to run Windows in a VM. But it will be no good for gaming unless you get into some "jiggery pokery" with GPU configuration.
Really enjoyed this Rob... I would love to see you set up a VOIP into a virtual machine as I think that this COULD be the silver bullet required to free us from the insidious data harvesters known as smartphones. Keep up the good work bloke.
I've been using virtual machines for about 15 years or so and they are a great way to test alternate Operating systems and can be quickly wiped and reset.
Yes, it's a good way to learn Linux if you just have one PC and you still want to use your daily driver OS - you don't have to dual boot and use one OS or the other.
Yup...no need for dual boot setups, etc.....although having the thumb drive version of your favorite alternate OS is always handy....
same
i totally agree, vm's changed my life online tbh, i went from having multiple physical machines to only one and i have every os i could ever dream of.
@@Josh_728 maybe your host pc is bad to begin with ?
You know I was working on my Degree in Cyber Security in 2016, and was Always wondering why We/US dont use the Virtual Machine for Privacy.....
if this is just about privacy, not about privacy+security+testing, then these days it's easier to use additionally installed librewolf/mullvad/tor, depending on the privacy level you need. In everyday life most people would be content with firefox/brave or similar browser with ad blocker + "noscript" extension
For me, the most important feature of virtual machines is the possibility to move them on more recent computers while maintaining their operating system. I have old development environments which require specific operating systems, such as Visual Studio 6. This is particularly true for firmware development.
Ah yes. This! I work as an Infrastructure consultant / architect. Not quite development environments, but it's crazy how much kit is out there that needs a browser with Flash or an ancient version of Java to access the management console. There are a couple of old EqualLogic SANs and some fibre channel switches at customer datacentres that spring to mind. Not to mention places that still have vSphere 6 kicking about in a dusty comms room. I don't want buggy, insecure things on my main PC, but having a Windows 7 VM with IE, Flash and Java 6 is a great get-out-of-jail tool. I know - I could use SSH, but learning the CLI for an obsolete device I access once in a blue moon is not a good use of time, imo.
Rob, my first time watching your videos, I appreciated every minute of it. I look forward to catching up on the ones I've missed. Thank you.
Wow! This is eye-opening. I did not know theses advantages of virtual machines. I will definitely use them soon after upgrading my hardware. Otherwise, my computer will be very slow. Besides, your video is succinct and helpful. No wonder you have 448K subscribers. We need MORE TH-camrs like YOU. Thank you very much.
Another way would be by using livecd. Livecds are running on cd or dvd, which are read-only, they can't be written on.
They’re slow AF
Mr. Braxman just dropping off a handy 🖐 wave.
Kinda the perfect paradox randomizer..~.👌
thank you as a 61 year old Veteran your one of few where i can follow and understand
Thank you for your Truth Much love
I just found your content, very good stuff. Really liked the wifi jammer video. I have a home security set of cameras so this was very informative for me. Do you ever give advice on a subject if asked? I am curious because I have a question concerning a laptop of mine. Once again, great content, I subscribed right away.
A VM network may be though is not necessarily on a separate network. It depends on how it is configured. You can also just create a separate VLAN on a switch to isolate it from other layer 2 MAC addresses. Either the host or VM can be moved (permanently or temporarily) to that VLAN.
this software emulated type of VM is not responsible for connection to internet. You need to configure your private/secure connection with your VPN in case you use it. Otherwise you will be seen from outside according to your ISP and router settings
Thanks Rob, I'll give this a shot. I have been using window's sandbox, but that scrubs everything once closed, saved my arse a few times lol.
It’s irresponsible to tell people that viruses in your vm can’t affect your host. It is absolutely possible for malware to escape the vm, it’s even called vm escape. So you should still exercise caution with untrusted emails, downloads and websites.
it's still much more safer than opening files right in your windows. There might be some vulnerability in any software. Even in xz linux utility
@robertlowther7442 - Sure its hypothetically possible, as most things.
However, its very Unlikely, since Viruses / Malware aren't going to likely be Engineered to escape a VM and affect the Host's PC because they will save that vulnerability for a more easier Worthwhile target.
One must try to be Practical about things rather than overly Paranoid.
The biggest hurdle for "user interface" VMs is access to hardware acceleration. If you are running a Windows (or Linux) PC on the host, then it will be using at least one of your GPU interfaces and while it's possible it's not exactly easy or wise to free that GPU for use in VMs. Coming to that. Using your GPU in a VM can be very fiddly and result in a lot of hard lock ups and resets to get it to work. NVidia outright ban any virtualisation attempt made by the OS. The drivers deny it. If you want virtualisation support from NVidia you will need their "Studio" professional license drivers. This is to stop enterprise using cheaper gaming GPUs for virtualised GPUs for computation etc. They sell more expensive ones with the studio license for that.
Without hardware acceleration most modern desktops struggle and have notable lag. You quickly get used to it, yes. However you will likely to operating at 30FPS if you are lucky and with a good 50ms lag. You "notice" switching between a native 60FPS display and the VM virtualised display (I am using SPICE).
The desktop and desktop apps are usually fine. Large "blitter" operations involving many UI plains such as in graphics editors or even word processors can cause tearing and lagging.
Video will most likely end up software decoded. Maybe if you fiddle and get the CPU codecs virtualised successfully it will still struggle to pipe the 4k output to the virtualised software video adapter. Why is it software? Because most domestic GPUs do not support virtualisation.
If you want to be serious about this, you will need several GPUs in your machine. One for each VM machine you want a performant interface on. Note this also means the VMs dislpay on a montor of their own and not "pic in pic" with the parent OS (though that is available additionally).
Once you try and use anything heavy, like say electronics schematic/PCB layout software which is usually hardware accelerated in OpenGL it becomes too laggy and stuttery to use. Forget video editing. Forget gaming. Some games just immediately crash the virtual display driver, others are just too slow. You can play "Candy crush" Poly bridge stuff like that. Nothing with 3D motion graphics.
Virtual machines are incredible for security purposes, but for privacy purposes, they're only useful in one way: it's when the host (your actual OS, for those who don't know what I'm talking about) runs a privacy respecting OS while the guest (the virtual machine OS) can be whatever you want, because the host can see everything the guest does, but the guest can't see the host.
And here, considering Microsoft (or Apple) aren't the best in terms of privacy, I'd rather install Linux as a host and Windows (or MacOS) as a guest than the opposite as you've shown.
But if running Windows bare metal is an absolute must for whatever reason, I guess it's still better to use virtual machines than not to use them.
You make valid points but I disagree with you saying that VMs have limited use in privacy.
A VM running Linux essentially gives you "another free computer" in age when storage is dirt cheap and it's not going to be an issue having a dozen VMs ready for use when you need them - sure, running them ALL at the same time probably needs you to spend some money on a powerful PC, but I am not suggesting that here.
But nothing stops me creating, say, four identities on the Internet and isolating each ID to one of the VMs - what you've then got is a good baseline for segregating four browser installations and, combining that with VPN, I would see it would be very difficult for an external "snooper" to be able to link the four instances together in any way.
So I do think VMs can be an important part of a good privacy strategy.
@@terrydaktyllus1320 I agree, it absolutely can be used effectively like you just described, but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host.
And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing).
So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM.
@@rigierish3807 "but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host."
That's an incorrect statement. The host can't "see" everything that's happening in the VM, it just controls the resources (CPU, RAM, disk space, etc.) allocated to the VM. It can see resources but not what applications are running or what's in the memory contents.
The contents of RAM are just 1s and 0s - in order to make sense of what those 1s and 0s mean, you'd need to know what applications are writing to what memory addresses. The host can't see to that detail inside the VM's memory.
The host can't, for example, tell that a VM user is running LibreOffice - you'd need to SSH or RDP from the host to see what the VM is doing.
"And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing)."
I stopped using Windows when support for Windows 7 ended, so I'm the wrong person to be talking to on that.
"So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM."
The VM is a "software PC" with a network presence that is vulnerable to exactly the same security and privacy issues as a "bare metal" PC.
If you can intrude onto the host, then you can start turning VMs off - the equivalent on bare metal would be switching off racks of servers, which would need an on site presence (i.e. a lot more difficult).
Plus old vulnerabilities like Spectre and Meltdown allowed reading of memory contents of other applications, but they were not VM specific - you could technically do it on any application.
@@terrydaktyllus1320 Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that.
Now sure, you can have hardware vulnerabilities that still can go around the security of VMs but first, those are generally much _much_ less frequent, second, the viruses or malwares using such vulnerabilities must be programmed to be able to target multiple types of OS with different architectures, which would make them much more sophisticated than the vast majority of malwares people usually encounter, and finally, the vulnerabilities you mentioned got patched and solved since then, which were the two big vulnerabilities that, left unpatched, could've actually lead to completely vulnerable computers all over the world.
About the "see or not to see" argument, you say that a host can't actually read programs locally ran by the guest because that's something the guest manage rather than the host: that's a fair point, but what makes it impossible for the host to have something in Windows (other than the VM program) made to understand how the guest OS works and therefore, identify any program in the RAM dedicated to the guest and collect information about it? Nothing. Especially when the VM program and guest OS or kernel in this case, is completely open source like Linux using Virtual Box.
Unfortunately, because Windows isn't open source, we can't prove or refute this.
So personally, as I said previously, rather than trusting Microsoft, I prefer to not take the risk at all, as insignificant as it can be.
@@rigierish3807 "Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that."
And where did I say anything like that in my responses? Now you are putting words into my mouth and arguing against them.
Respectfully, I've enjoyed our conversation to this point but I really have said all I want to on the topic. You're welcome to disagree with part or all of what I said but working daily in Linux and VMware cybersecurity for 18 years now does count for something, I do know what I am talking about here.
Let's disengage at this point. Thanks for the chat and I wish you a very pleasant rest of your day.
Great video Rob, thank you.
I never used Virtual Machines with this purpose. Thanks for the tip.
Totally off topic, but what is the music that starts at the 7:30 mark? Shazam is clueless.
BTW, great subject matter!
Keep up the excellent work. I really enjoy your videos.
Hi Rob, I watch all your videos and I can say I learn a lot from you. Thanks for that. I want to know if you worked or know much about the fingbox with the Fing app. which is a device connected to a router which can scan your network for security and a host of many other thing. I find it a great tool. Since a lot of notifications come from its cloud infrastructure, I want to know if there are any privacy concerns for this device. Thanks in advance, and keep on doing what you do. I am a big security buff and always looking to learn more.
So you have an application that scans your home network and stores the information it retrieves on a Cloud server (i.e. somebody else's computer) and you're asking if there are privacy concerns here? Do I even need to answer that?
@terrydaktyllus1320 I know there is. I just want his take how much of a cocern it is. I block it from accessing the internet from my router, but then do not get notifications while away, Ionly get them when connected to my network. Therefore it is still useful for me.
Problem with Virtual Machines is that you are at the mercy of the virtual machine host. Hyper-V, ESXi, VMware Workstation, VIrtual Box, etc.. can to snoop on the VM. Does it? probably not and Open source Hosts can have their systems audited easier to be more sure. Also you have to assume that if the host is compromised then the VMs are too. That said...
I often run live OSs that do not install, basically booting off the iso and running the the os through vitalized memory. the bonus and problem of doing this is that any data is wiped when you shut down the system so you can't save anything with out adding a drive of somesort to the virtual machine. but that too doesn't allow third parties do it either.
There is some snooping the host OS can do, but if the VM is encrypted, that limits quite a few avenues for the host to spy on what's going on in the VM. Run a VPN inside the guest OS to limit snooping on network traffic. If you're extra paranoid, use a separate keyboard and mouse and use USB passthrough. I imagine there's still ways the host OS could inspect the keystrokes, but it does limit that a lot, since the OS doesn't see the device that is passed through in the list devices available to the host. Screen capture is still a thing, which might be difficult to get around. Mac OS is OK at locking that down for 3rd party apps, so perhaps an encrypted VM running on Fusion on Mac OSX might be one way to go. Presumably, the OS still has access and rootkits might get around the OS protection. But if you've got OS manufacturers complicit in spying on you at that level, or adversaries able to install rootkits on your device, I don't know what to tell you. Maybe go analogue at that point.
@@ralph17p I don't know about you but if i'm running a VM for privacy, i'm using Onion or Loki services IMO better than a vpn.. of course you could layer them on top of each other. even with the vm encrypted the memory isn't so much (i think?) something on the host could possibly capture that data. I am not saying that doing thing through a VM is bad just that even with doing these things there is the opportunity.
I'm not a privacy or security expert by any means. I just don't trust anything any more "they" just keep getting more and more intrusive. I talk all this stuff about privacy and stuff and here i'm using one of the worst things for privacy.. youtube! lol.
Top 6 list starts here: 9:59
Great video Rob!
Rob, I have been using VMs for many years. Is there a reason you did not suggest or mention the virtual hosting capabilities inside Windows?
You really need to be installing Bochs as a full virtualization and encapsulation of security, not Oracle. The reason for this is the VT-X settings pass raw instructions to the CPU for the sake of speeding these up, and they are vulnerable and accessible to this still, whereas with Bochs even through you take a performance hit, you can do everything 100% isolated.
Another reason is that VMware and Oracle have a specific flag that you can set if you are in a virtual machine of not. With a few assembly instructions, they will return whether or not you are in a virtual machine and what type. While this won't affect a host system, it will tell you whether or not you are on a real system and which is which.
By the way, Windows 11 is a very bad choice for a host! Even notepad will leak things beyond. The first crucial step is to choose a good host that is hardened as possible, and then the sky is the limit for what you will be doing in a virtual machine. So it is rather comical that you are choosing Windows 11 for this, because it is the most spyware-laden and least secure as it could possibly be. If you choose windows for anything, it is flawed and you are doing this backwards.
Thanks for the video. Another way to do this would be to first put a host Linux distro on a USB drive, then install Virtialbox, then add a guest Linux distro - all on one USB drive. That way, Windows (hopefully) can't see anything going on
I can't see a Yt video that explains how to. Do you know any?
@@Todeskulte_enttarntDavid Bombal had some vids on this topic.
You're not gaining much in putting it on a USB drive, unless you need portability and something to keep in your pocket.
USB is slower than a traditional hard drive or SSD and it's a lot easier to corrupt a USB stick, especially with the amount of read and writes an OS does when you use it.
Where USB is useful is where you boot, say, Tails OS that doesn't write to the USB stick and stores any data in memory until you power it down - that's a very private way of using a computer, but it's a very specific use case.
@@terrydaktyllus1320 Thank you! You are right that USB drives crap out after a while - one lasted about a year before it failed.
@@rootcanal7188 Sure, your core idea is sound and booting Tales OS from a USB drive is the *ULTIMATE* in privacy anyway - so it's not a bad idea overall.
2 & 3 is what we call sandboxing... we sandbox the risky data or email or whatever in order to run what we need.
I work for the US and deal with sensitive things. Last year I learned that my phone and computer were being monitored by Iran, China, and Taiwan (proven) so might as well throw Russia in for the hell of it. It was very hard to learn how to do it and just as hard to force myself to use it. However it is worth all of the difficulty (as not IT person). I suggest you take his advice and do it prior to being hacked and not having all of the extra problems that go along with that (to include threat to life).
I also bought a Brax2 phone and now using your VPN and email. Thank you!!!
Admirable work on your part!
How can you say monitoring by Iran, China and Taiwan was "proven" but in the same sentence say "so might as well throw Russia in for the hell of it"? So you made up the Russia bit then just to add to the other three "proven" countries? Why would you do that?
And as someone who has worked in cyber-security for the past 18 years, do please explain to me how it was "proven"? Because bad actors use Tor and VPN to conceal their origins so you can't automatically assume where they are from or who they are working for - especially as many companies block IP addresses that are known to originate from those states anyway.
But I am sure you can explain, from your real world experience, how their location was proven? And what was their motive? What attack vectors did they use?
How was it proven that you were specifically being monitored by Iran, China and Taiwan? And why then "throw in" Russia that wasn't "proven"? Just for more "dramatic effect" on your part?
I've worked in cyber-security for 18 years, it's extremely difficult to "prove" where bad actors come from unless they are caught - and I doubt anyone is that concerned about them monitoring your devices specifically to go find them.
And what attack vectors that you know of might cause "threat to life" that would also be related to your phone and computer?
And if you're that knowledgeable about cyber-security, then why do you need to buy Rob's products? I am sure his products are very good but if you understand security and privacy yourself, you can do yourself what a lot of his products do.
@@terrydaktyllus1320 I don't understand it myself, I was thrown into chaos.
First was Iran. I was using google flights and it was giving me prices in Iranian money but when I did IP search website it came back in New Jersey but to a company registered as "Nuclear Proliferation Inc". F-ing crazy! I reported it to the appropriate people who specialize in this type of thing (US gov).
Yes, the Russia part was a joke; that you can feel free to label as 'dramatic effect'. You must be a very boring person if you can't recognize that.
Note: I have worked on all of the listed countries in the past. It is logical if they pay attention to me.
If you would like an exciting life I suggest you start by joining the army (as I did) and serving in a couple wars (as I did) and get obsessed with destroying the enemy (as I am) and maybe your 18 years will provide more opportunities.
@@terrydaktyllus1320 Unironically would love to hear more from you or learn some of what you know 🤔 any resources I can learn from other than this channel that tackle things from a critical thinking perspective rather than biased or fear mongering angles?
That is the same setup I use on my main computer, except I haven't upgraded my Linux Mint to Virginia yet. Near the end you brought up VPN's. I was going to say that the VPN had to be running on the host machine but you beat me to it. One thing that users might encounter is that the way Virtual Box set up the network by default wouldn't allow the VM to connect through the virtual machine. I had to change the adapter to NAT and in the advanced settings set the adapter type to paravirtualized. Then it works fine.
However I have another box with just Linux on it so I normally use that one when using a VPN to connect to the TOR network. (Just for added piece of mind.)
The one question I have which someone might be able to answer is if it is possible to clone the VM in a way that I could put the clone on a separate drive and boot into it without going through Virtual box. I have that installation of Mint customized and if I have to change my hard drive for some reason I'd like to just set it up without going through a host. It would save a lot of work re-customizing. What can I say, I'm lazy.
00:23 🛡 Using a virtual machine provides specific advantages for privacy and security, especially against threats from platforms like Facebook and Meta.
01:37 💻 Virtual machines can be installed on various operating systems like Windows, macOS, and Linux, offering flexibility in usage.
04:59 🕵♂ Running Linux on virtual machines enhances privacy by shielding activities from host system surveillance and AI scanning.
10:05 🔄 Virtual machines allow for easy cloning and restoration of OS copies, safeguarding against malware infections.
11:08 📧 Email sandboxing within virtual machines prevents malware infections through attachments, enhancing email security.
13:45 🌐 Virtual machines isolate networks, preventing identification via MAC address collection and enhancing privacy protection.
15:59 🔍 Unique identifiers on Windows and macOS can be captured by apps, while virtual machines running Linux lack such identifiers, enhancing device privacy.
17:17 🚫 Virtual machines on Linux prevent apps from accessing Microsoft or Apple IDs, offering additional privacy protection.
Thanks, always chocked!!!
Running Linux in a VM is a great way to learn how to use it as well, so later, you can hopefully chuck Windows.
Rob, you are awesome 🙏
Been doing this for a while, very convenient and a good reason to have gobs of ram.
Amazing ideas and facts. Thank you.
QubesOS is just marvelous 😁
You can use qubes OS for people that are really conscious or suspicious about privacy and if you do that over tor behind a VPN that's pretty much the safest way to go about using a computer on the internet these days.
My question for you Rob is what CCTV camera network would you recommend? I currently use a de-Google phone I was thinking of using the nest system and have it connected to my backup phone via Google home.
Depending on your level of privacy desired, I would suggest going one step further. Clone a new Linux VM every morning, use it as needed, and then delete it at the end of the day and start new again tomorrow. Simply keep the master VM patched and up to date. Based on your personal threat model, you may want several clones for different activities based on the level of isolation desired.
I'm not sure if Virtualbox does it, but VMware Workstation has a non-persistent setting for virtual disks. Enable it for day to day use and turn it off when you want to install updates or new software. It's basically the same thing as a linked clone or snapshot, but it happens automatically on shutdown.
Very helpful. Never heard of sandbox.
Smart advice.
I run my private email server out of a VM. Not too hard to set up, and I probably should do a video about that.
Is there added benefits of using a VM over just having a separate computer with a Linux OS?
With the problem of AI based client side scanning, you must not use VM's on Windows and MacOS hosts if you value your privacy
Unfortunately copilot now makes screen shots as a timeline feature so Microsoft can go and look at your screens no matter what. so thinking your vm is private is no longer the case
Very informative, thank you. Great video.
Can I install a virtual macbook pro with an M3pro chip? My 2016 dell all in one aint cutting it for my video needs :)
If you are using a VM for privacy reasons, the host needs to be running linux.
The VM can't see what is on the host device but, because the host is managing the entire VM, the host OS has complete access to all content on that VM.
Great video! I had installed the virtual box on my PC but I use screen reader software and I'm not sure how to incorporate that into it. I think it's great for certaini things but I just have the feeling it's a little cumbersome for much of my PC use. I have to get back to it and play with it a bit more to see what I can do with it.
There are ways of sharing text between clipboards on the host machine and virtual machine - on Linux, you can also copy to and paste from the clipboard from a CLI tool that you could then build into a script.
So the "potential" is there to be able to do it but it would need to be looked at in more detail.
@@terrydaktyllus1320 Yeah I'm a retired mainframe programmer. So I've kind of done my tour of duty and then some but when I'm in the mood I do tinker. Thanks.
@@beachbumsailordude If you programmed mainframes, then you're probably not actually a retiared.
@@beachbumsailordude We're probably of a similar age then, though I am not quite retired yet. I did a spell maintaining DEC PDP-11s, for example.
My use case that I describe is for specialized use. Not for everyday use. For example, putting Email in a VM is much better than using an antivirus. Isolating identity identifiers against specific platforms like Google is a very good use. Then the rest of your usage can stay on the host machine.
And sometimes you need to get work done. Unless you don’t save any files anywhere, and basically do not access any internet resources, so a VMware that you start up to play solitaire, it’s a big waste of time.
Did you forget installation of "guest additions" for quicker graphics?
I did forget.
@@robbraxmantechOk. It should speed up the graphics so that 4k is no problem. There are even examples of some programs running faster on virtual Linux than on native Windows ..
I did it on my Linux Distro showdown video. But I couldn't remember for this round.
@@biondanishgenomeinstitute8193 4K is a gimmick unless you are projecting onto the side of a building or the underside of a dome above your head.
My eyes have never looked at a 1080p image and said to my brain "Excuse me, but we need more pixels".
@@terrydaktyllus1320
:D
True!
Would love to see a video on how to remove co-pilot.
I don't know anything about it yet. It's in beta I guess
@@robbraxmantechThis sounds like a fantastic idea for a future video then. 😊
That's a bit like knowing that you don't like olives but ordering a pizza with olives anyway just to pick them off the pizza before you eat it. Why not just order it without olives?
Why not just use Linux and not worry about co-pilot in the first place?
If you don't trust co-pilot (and I wouldn't trust it), then how can you consider storing your most personal data on the OS it runs on? Because you can't trust that either.
@@terrydaktyllus1320That's actually a bad analogy because you can't order windows with or without certain features in this case. So a more accurate analogy would be you're in a restaurant that has only burgers or pizza and the the pizza comes with olives. You really feel like pizza and don't want a burger so you have to order the pizza and pick off the olives.
@@linsqopiring6816 If you want to make a different analogy then so be it. But mine still works fine, and I am not debating "verbal semantics" with you.
Maybe I'm missing something, but I was under the impression the Host OS can see everything, but the Guest OS cannot see outside of the virtual machine.
No. BTW a lot of the virtualization is actually done at the CPU side now. So the host is hardly involved.
I run VM's on my NAS and they have the full run of the network ( or the parts that I provide user rights to). In fact, I use a VM to sync one NAS to my backup NAS without bogging down my desktop.
@@DavidM2002 Yes, but as I've already explained in response to your main comment, allowing Windows VMs free reign of your private network is killing your privacy, not enhancing it. All of that "lovely" data about your home networking environment is collected by Microsoft.
If it was me, I wouldn't be "crowing" about that on here in a privacy discussion.
@@terrydaktyllus1320 I did not create the VM's for privacy.
@@robbraxmantechNo? Really? The fact that you’re recording the screen of the host and it’s capturing the VM immediately disproves that. The host can absolutely see every detail of what’s going on in VMs.
Stay away from W11. People are better off using a Type 1 hypervisor and then installing VM's through the Type 1 hypervisor.
Thank you.
Should we trust oracle to not have any backdoors?
If you have this level of distrust then the host has to be Linux. which is even better and then use KVM. Or even Qubes
Yes, Virtualbox is Open Source. You should probably be more concerned with VMware having back doors, given it is closed source.
@@robbraxmantech you could have a Linux host and a Linux guest all on a single USB drive, too.
I was just in Mexico for a week and was cut off from my banking as I use a VM to access financial institutions and I didn't bring a notebook. Is there any way to boot a phone using an OS stored on a micro SD card? I could bring a separate phone with banking apps installed but I was concerned the phone like the notebook I didn't bring might go missing while out of the rented space.
Why not just call your bank and give them a travel advisory for the days you will be out of the country?
@@hxhdfjifzirstc894 I wanted to be able to access the bank from Mexico for any unexpected event. But that is a good idea for credit cards.
I really enjoy this content ...
Love what you do
On a side note, saying chrome can access and read registry values doesnt sound right. Web based java script operates in a restricted space (sandboxed) , it cannot access the underlying operating system or other system level components like the registry.
I'm not talking about 3rd party scripts. I'm talking about CHROME CODE ITSELF
Are there security reasons for you choosing virtualbox over windows subsystem for linux?
could you pls do some video (or did you before?) about profiles and groups or so? everytime i check this on ws it is scary. there are always some suspicious guest profiles. i didn't go deeper yet to find more and eventuelly to deal with it. i would like to see your take on it. and maybe about os work in background in general. also about efi in context of security and privacy, including actualization. same with chips. should i be concerned about some processes on background connected to cpu, especially intel? and last but not least. i would like to know more about ram memory and how it works. it seems that windows uses it to hide or smuggle some things. which is ok for me, but what is not, it is blocking my ram capacity and it is hard to get some reliable programm for clearing ram. and it is especially annoying when i have more operation systems on one computer...
They are not "suspicious" profiles, they are there to give Microsoft the access that they need to be able extract as much of your private information as possible whenever they like.
In another YT channel yesterday, I can across a post by a Windows user who was very proud of himself because he'd managed to strip down Windows 10 to run in a maximum of 3GB RAM.
I responded to him and I explained that if you install Ubuntu (the most "bloated" Linux distro there is), boot it up and then open 20 or so tabs in the browser, you'd probably have a memory usage of around 1.5 to 2GB at most. The recommended minimum RAM for Windows 10 is 8GB.
So thinking about the difference in memory requirements between the two, why do you think Windows needs that much more memory? Unless it is running a lot of stuff in the background that isn't obvious...
Are you also aware that Microsoft released Windows Defender for malware detection around the time of Windows XP? it had a reputation for not being very good compared to commercial anti-malware software at the time.
These days, it has a great reputation and it's because it does real-time analysis where it reports back to Microsoft what it finds on users' PCs as an "early warning" mechanism for new malware - but that just means it's there all the time, running in background, requiring lots of memory and CPU time and constantly scanning your PC.
MacOS does the same because of the "Think Of The Children" excuse.
I think you're being deliberately obtuse and evasive here... you clearly know enough about computers to a do a degree of analysis yourself, yet you don't want to accept that the explanation for what you are seeing is the most obvious one. It's Microsoft and not some "mysterious bad actor" intruding into your PC.
@@terrydaktyllus1320 that was i was "talking" about. i know what is their purpose. i am using linux, actually back on ubuntu, but i have dual boot. i log into windows very rarely but still. there are reasons to have also windows. moreover i have to deal sometimes with pc of others, especially my parents...
@@non9886 You asked a question about why some profiles exist on Windows, I explained why they exist and you cannot trust Microsoft or Windows.
Whether or not you still use Windows is up to you and of no interest to me - once I give you my honest opinion, you can choose to listen to it or ignore it. That is up to you.
@@terrydaktyllus1320 your answer is useless. you told me what i had known alredy before. i did not ask why there are some profiles and i did not ask you...
@@non9886 There's clearly a language issue here so I am going to close this conversation.
If you don't like my answer then go get answers elsewhere, it is of no concern to me. I hope you find the answers you need.
Have a good rest of your day, the discussion is now closed.
Co-pilot will take a screen shot every few second, so Windows as a host is not a good idea anymore.
I tried using virtual machines in the past and they easily corrupt, and with certain hypervisors are prone to getting wiped if the host has a problem.
Past when?
@@lussor1like 20 yrs ago
Mr Rob. I know you are a busy man, but maybe a quick follow up for me? A friend and a Linux expert watched this video with me today. He surfed into my Linux system and pointed out to me that /etc/machine-id is a text file designed to give Linux OS on a machine a unique id. He said he always thought this file was included just for high security type situations like various banking network's legitimate need to be certain of the identification of an end-user's machine on their networks, he made it sound like it was used like a two factor rolled into one, [example he cited to me: same customer's account always paired with same machine]. I've no idea how accurate or inaccurate he is in this. Does this file change any portion of the clip you have presented here? If not, please explain the purpose of this file so I might can share that information with him in the 'why not' conversation I'm sure is up coming. Thank you sir.
I have a question about connecting to the Internet through a VM. If the host's WiFi is turned off, does that mean you can't use the WiFi adapter inside the VM? The other question is, if you have to have the host WiFi turned on in order to connect via the VM, does this compromise or by any security/privacy measures?
Along these lines, maybe you should do an eval on qubesOS buddy!!
I have never successfully installed Qubes on any computer I've owned in 10 years of attempts. Unfortunately, it never works on any modern computer.
@@robbraxmantech”never works on any modern computer” that’s not true, just read the compatibility docs. It explicitly works better on new hardware because it needs newer virtualization technology enabled.
I highly recommend QubesOS! I use it every day and it’s a huge pleasure. Def some downsides (performance-related mostly), but there’s nothing better in terms of security and flexibility.
I can’t stand XFCE so I’m using a custom build with DWM, and there’s some great dmenu scripts available that make qube administration more efficient.
The documentation and community are great too. The forum is active and the ppl there are generally super helpful.
I use Virtual Box too, but I use VM ware (free) also. Now i am thinking it may get my info vs VB. Your thoughts?
You want to use a “Type 1” or “bare-metal” hypervisor
as I responded below, I've already said that this video is to protect against 3rd party privacy attacks. Not defending against the OS. So for this 3rd party threat (which is a reality and very significant and very common), a bare-metal hypervisor is overkill. However if your threat is the OS, because that is your line of work, then of course you reveal the higher level solution for the specialist.
When you are just learning, that's the last thing a newbie wants.
@@DavidM2002 the best thing for a noobie to do is learn. Stop holding yourself back.
Why? If Virtualbox provides a good enough solution, why use anything else? A Type 1 hypervisor needs virtualisation extensions in a CPU to work properly anyway, Virtualbox is slower because it does everything in software.
But if it works, who cares?
@@tacticalcenter8658 "the best thing for a noobie to do is learn. Stop holding yourself back."
So you're going to make a video for newbies on how to purchase, register and install VMware, are you? In your own time then, maestro...
Yeah, but we need to be software engineers to set up this protection. HELP!
it's more like a system administrator skills.
yeah we have to learn something to protect our privacy and security.
Neither Zuck nor Gates will care about it much
Is it possible to transfer existing working windows programs over to the VM OS example Thunderbird email, and keep all existing data?
Thank you...
Would it be possible to run a virtual machine inside of Android on a cell phone? Something like Calyx?
Thanks Mike
Anybody know the incidental music Rob plays? At first I thought it might be something he played but it sounds like freeware music (or whatever you call it). Either way, I really like it and want more. I tried identifying it with Shazam but that app resolved as four different songs -- all wrong. Suggestion for future: Why not play us a little something, Rob, to fill the space when you're skipping through an install?
When I read my web-based Gmail through Microsoft's Sandbox (built into Windows 10 Pro) and download an attachment, am I protected just as if I had an email client installed on my PC?
Better host linux and put windows in a sandbox no? with vmware have full 3d acceleration in the guest to, seems like alot better choise with security in mind?
The point is to hide machine identifiers so that VM must not be Windows. Linux/Linux is fine of course. But most have reasons to use a non-Linux host.
What is the music your using for this video please?
VirtualBox and Privacy - hmmmm it doesnt work... KVM ?
sure thing you can install a hypervisor, if you wish so. But many users already have a win installed, and they don't want to make its image, then install a new system and all other things which may require quite a bit of sysadmin skills
What is the best network setting to use with the VM for maximum security. NAT, Bridged, or Host only?
disabling network will be the best. If you need network, see the description of these modes and pick up the one you need. I prefer NAT mode
It's impossible to answer the question without knowing your definition of "maximum security".
To become "secure" you have to first work out what attack vectors you are securing a system against.
For example, if malware is your concern then educating users to use common sense with email and on web sites is the best way to secure against that attack but the type of network interface would be irrelevant.
You would also need to understand how your existing network is set up. If your host is on a routable IP address then you could say that NAT with a non-routable IP address for each VM adds an additional layer of security - but then there are additional challenges setting up communications through the NAT to the VM.
In a home network, your host is probably already on a non-routable IP address so using NAT again may give you some logical network segregation and design but isn't going to add much to your security - if an intruder has already traversed one NAT interace through your ISP router then they won't have a problem getting through a second one between the VM host and the VMs.
If you aren't running Qubes, then you should be.
Very good and most helpful
Proxmox is so much better for managing VM than Virtual Box.
Can you please explain the pros & cons?
Pros:
Debian-based native hypervisor. Runs fast and smooth.
Cons:
you need to have certain sysadmin skills to make it run. You cannot install it just like VirtualBox in your windows. It's quite the opposite, first install and configure Proxmox, then add your OS images
Does Apple’s “private wifi address” feature provide any protection from ARP tracking? It gives you a different MAC address for each wifi network. Will that inhibit non FB users from getting Zucked?
only in a limited way. Because many web sites that you visit have fb/meta as a "partner" site or another excuse to share your data with big techs.
The only way is direct ban fb/meta from your side. You can choose the way you can do this, depending on your infrastructure or preferences. It can be router settings, firewall block list, ad block, special extension in your browser, secure DNS with social network blocking - many DNS services offer this now )
You can choose whatever suits you well or even get them all )
If the host is hacked, wouldn’t the vm be compromised as well?
certainly it will
Rob … in your setup can you run the VM in a window
It is a window
how to avoid ai scanning on normal win 11...can we change digital product ID ?
Brax, what are your thoughts on Tails in a VM?
They are diametrically opposed concepts - Tails OS is designed to be non-persistent and booted from a USB stick each time you use it. Data created when using Tails OS is stored in RAM, it is lost when the machine is powered off.
A VM is designed to be a persistent image that can be deployed quickly, updated and snapshotted as required - completely the opposite.
@@terrydaktyllus1320 Okay, Tails is normally launched from a usb drive, which seems to me to be a persistent image on the usb drive. But that requires a machine reboot to load. Yes, RAM is lost when you shut down a Tails session, but isn't RAM also lost when the VM gets shut down and memory is reallocated to the host OS? It seems to me if a clean Tails image is deployed in VM and RAM returned to the host at the end of the session, the advantage goes to Tails on VM because of no need to reboot. What am I missing? Kind regards.
@@ajkurp5919 "Okay, Tails is normally launched from a usb drive, which seems to me to be a persistent image on the usb drive."
By "non persistent" I am referring to the run state of the computer system at the point you turn it off - none of your personal data is written to the USB drive, which contains a "persistent" image.
But you know this already, you're trying to turn this into a game of verbal semantics because you know I am correct about this - and you can play that game on your own.
"But that requires a machine reboot to load."
Sure, and when you load a VM you are resetting the "software PC" too. But your point is precisely what here?
"Yes, RAM is lost when you shut down a Tails session, but isn't RAM also lost when the VM gets shut down and memory is reallocated to the host OS?"
Again, this is easy to understand and I don't believe you are this obtuse.
By default, an OS is going to store transient and persistent data on the storage media in the computing device - that means it persists after a power down, it doesn't matter if it's bare metal or a VM.
Tails OS is configured to only use RAM and RAM disks for storage of transient or "persistent" data, which is lost when the machine powered down.
I really don't expect to have to explain this to you again.
"It seems to me if a clean Tails image is deployed in VM and RAM returned to the host at the end of the session, the advantage goes to Tails on VM because of no need to reboot."
Absolutely, but then there is absolutely no advantage to running it in a VM in the first place is there! That's my point. Well done, you got there in the end.
"What am I missing?"
Nothing, now that I've played your little game and explained it to you a second time. Your job now is to "read and understand" so that the time and effort I have put in explaining this to you isn't wasted.
"Kind regards."
You're welcome, you can thank me later.
I think that you miss the concept of VM state saving. By default you can either shut down, or save state. But you can also revert to the last system saved state which can be... fresh installation, or just space allocation. So if you configure your VM the right way, this should work
Terry, you miss one more important function of VM, that the image can not only be saved, saved incrementally etc , but also reverted to the last saved state. Good if you need to test something or use internet session without any change on your pc
I thought QEMU was the preferred VM these days, at least on Linux.
There's a master file access table in the hard drive, forgot what it's called. No matter what OS one is using that table gets populated by the names. Probably happens at BIOS level.
...along with the swap file, they are biggest areas of interest for tracking/spying on anybody.
VM has it's own filesystem
@@robbraxmantechWhich is also why a VM helps with client side scanning, a major idea in this video. But I wonder if client side scanning could be done at the display level. In other words whatever is sent to your display is scanned just before it goes to the display.
@@robbraxmantech You are right sir, but this thing is in HDD records and it's independent of whether files are being accessed via a filesystem or not
What names? And what about if you use an encrypted file system? If you put your VM on the encrypted file system then that can't be "read" either.
When you say facebook app in this context, do you mean a separate application or accessing the website through a browser?
separate app, like from Microsoft Store or Apple Store
@@robbraxmantech Thanks, I avoid using apps wherever possible. I should add discord to that list now that I think about it.
Can you please direct me to where I can get detailed instructions on how to setup virtual machine? I’m a novice. Thanks.
Search my name and the word virtual machine
I would suggest watching a bunch of YT videos. What you have to realize is that there are a number of ways to host a VM. On your Windows machine, the app that you might want to start with is Hyper-V and I believe that Virtual Box will run on Windows ( both free). Search on those names and you should be off to a good start. Make sure that you have a minimum of 8 Gb of RAM; 4 for the host and 4 for the VM. Those are the minimums. 16 Gb would be much better. You can also find videos for setting up VMs on various brands of NAS : QNAP, Synology, etc. Lots there but you will need to spend some money on hardware. If you are really technically minded, get an old PC and install Proxmox. I've tried that and gave up because I just didn't need more VM's that required so much learning time.
@@DavidM2002 Thank you very much for the information. Greatly appreciated.
Just use the Windows 10/11 Sandbox feature.
I have a MacBook Air which has a built-in Broadcom 43xx wifi adapter. It's not natively supported by Linux so I have to use a wifi usb dongle in Kali and DaragonOS. If I use this VirtualBox will I have the same issue? Or does MacOS handle the driver and share network access with the VM?
yeah, many WiFi adapters have proprietary soft. You can install it separately after installing Linux, or just try some distribution that already have 3rd party proprietary soft, like Ubuntu.
When you use VirtualBox or any other type 2 hosted hypervisor, you don't have to configure much, so it should work smoothly, if you already configured it in your host OS
@@ТоварищКамрадовСоциалистКоммун thanks for the reply, i’ll try it out. I did try to install a driver after install, i was able to do it in Debian but doing the same process in Kali would never work. Go figure. Thanks again!
@@ТоварищКамрадовСоциалистКоммун it worked! 💪🏼
Cool ty
Would someone mention to Rob, or if you see this Rob could you comment on chrome's Manifest V3 in tonight's stream? It will kill adblockers which not only is annoying but has privacy implications.
Does this apply to running linux under WSL?
any recommendations for note apps encryption wise..a app like privacy note app that has a million downloads seems legit, not sure tho..
I thought virtual machines were some kind of voodoo, but they're quite manageable, actually very enjoyable to explore....cheers.
I think you are missing the point of what a virtual machine actually is. A virtual machine is just like having a second computer, minus the extra hardware. It is still susceptible to same attacks your host computer would be and doesn’t mask your IP address (you still have the same external IP as your host OS) or automatically shield you from threats. The virtual interface is actually just a bridge to your physical NIC, so in theory someone hacking you host machine could listen to all your traffic from the VM's. And if you use your virtual machine as you do with your normal OS, you gained nothing. Google, Facebook, Instagram etc will still know who you are when you logged in, VM or not. It is still coming down to how you do your OPSec.
Running VM's is great and very useful. I run 5 VM's with different functions (web server, mail server etc) thru KVM on Arch Linux as host OS. The benefit is not having to purchase hardware for every machine, it shares the same hardware. Backing up the instance is easy with snapshots to, which could me a headache if running on running dedicated hardware. If the only reason you want to use a VM is for better general security or privacy, you’re probably better off sticking with a regular PC and keeping a strict OPSec.
Is sandboxie secure and private?