Why Use Virtual Machines for Privacy and Security? Not Obvious! Top 6 List!

I think you are missing the core point here.
Running Windows VMs because you need them in business or, say, as a Windows developer is one thing - but do also remember that the Windows builds used by businesses are completely different to those used by home users because no business would allow Microsoft to extract the same types of data from their business PCs that they do on home user PCs. Businesses are given far more control over Windows than home users are.
This is a discussion about privacy and nobody who truly cares about privacy, or understands privacy, would ever blindly run a privacy-hating modern Windows OS (or MacOS) in the first place - unless, like business versions of Windows, they have the capability of disabling all of that crappy telemetry. And that capability just isn't there with either of those two OSes because the moment you turn off telemetry, Microsoft or Apple just enable it again with the next update.
In the case of privacy, where "misinformed" people choose to run privacy-hating OSes like Windows or MacOS then what Rob is suggesting here is running Linux-based VMs as a mechanism to isolate certain Internet activities from the "prying eyes" of Apple and Microsoft in order to improve privacy - whereas your suggestion that people should deploy MORE Windows is doing the complete opposite.

@@terrydaktyllus1320so are you saying to install Linux as the base OS and run windows only within a VM instance?

@@harbinjar I don't need to run Windows at all - but if you do then, yes, it's safer to run Windows in a VM. But it will be no good for gaming unless you get into some "jiggery pokery" with GPU configuration.

Yes, it's a good way to learn Linux if you just have one PC and you still want to use your daily driver OS - you don't have to dual boot and use one OS or the other.

Yup...no need for dual boot setups, etc.....although having the thumb drive version of your favorite alternate OS is always handy....

same

i totally agree, vm's changed my life online tbh, i went from having multiple physical machines to only one and i have every os i could ever dream of.

@@Josh_728 maybe your host pc is bad to begin with ?

if this is just about privacy, not about privacy+security+testing, then these days it's easier to use additionally installed librewolf/mullvad/tor, depending on the privacy level you need. In everyday life most people would be content with firefox/brave or similar browser with ad blocker + "noscript" extension

Ah yes. This! I work as an Infrastructure consultant / architect. Not quite development environments, but it's crazy how much kit is out there that needs a browser with Flash or an ancient version of Java to access the management console. There are a couple of old EqualLogic SANs and some fibre channel switches at customer datacentres that spring to mind. Not to mention places that still have vSphere 6 kicking about in a dusty comms room. I don't want buggy, insecure things on my main PC, but having a Windows 7 VM with IE, Flash and Java 6 is a great get-out-of-jail tool. I know - I could use SSH, but learning the CLI for an obsolete device I access once in a blue moon is not a good use of time, imo.

Admirable work on your part!

How can you say monitoring by Iran, China and Taiwan was "proven" but in the same sentence say "so might as well throw Russia in for the hell of it"? So you made up the Russia bit then just to add to the other three "proven" countries? Why would you do that?
And as someone who has worked in cyber-security for the past 18 years, do please explain to me how it was "proven"? Because bad actors use Tor and VPN to conceal their origins so you can't automatically assume where they are from or who they are working for - especially as many companies block IP addresses that are known to originate from those states anyway.
But I am sure you can explain, from your real world experience, how their location was proven? And what was their motive? What attack vectors did they use?

How was it proven that you were specifically being monitored by Iran, China and Taiwan? And why then "throw in" Russia that wasn't "proven"? Just for more "dramatic effect" on your part?
I've worked in cyber-security for 18 years, it's extremely difficult to "prove" where bad actors come from unless they are caught - and I doubt anyone is that concerned about them monitoring your devices specifically to go find them.
And what attack vectors that you know of might cause "threat to life" that would also be related to your phone and computer?
And if you're that knowledgeable about cyber-security, then why do you need to buy Rob's products? I am sure his products are very good but if you understand security and privacy yourself, you can do yourself what a lot of his products do.

@@terrydaktyllus1320 I don't understand it myself, I was thrown into chaos.
First was Iran. I was using google flights and it was giving me prices in Iranian money but when I did IP search website it came back in New Jersey but to a company registered as "Nuclear Proliferation Inc". F-ing crazy! I reported it to the appropriate people who specialize in this type of thing (US gov).
Yes, the Russia part was a joke; that you can feel free to label as 'dramatic effect'. You must be a very boring person if you can't recognize that.
Note: I have worked on all of the listed countries in the past. It is logical if they pay attention to me.
If you would like an exciting life I suggest you start by joining the army (as I did) and serving in a couple wars (as I did) and get obsessed with destroying the enemy (as I am) and maybe your 18 years will provide more opportunities.

​@@terrydaktyllus1320 Unironically would love to hear more from you or learn some of what you know 🤔 any resources I can learn from other than this channel that tackle things from a critical thinking perspective rather than biased or fear mongering angles?

You make valid points but I disagree with you saying that VMs have limited use in privacy.
A VM running Linux essentially gives you "another free computer" in age when storage is dirt cheap and it's not going to be an issue having a dozen VMs ready for use when you need them - sure, running them ALL at the same time probably needs you to spend some money on a powerful PC, but I am not suggesting that here.
But nothing stops me creating, say, four identities on the Internet and isolating each ID to one of the VMs - what you've then got is a good baseline for segregating four browser installations and, combining that with VPN, I would see it would be very difficult for an external "snooper" to be able to link the four instances together in any way.
So I do think VMs can be an important part of a good privacy strategy.

@@terrydaktyllus1320 I agree, it absolutely can be used effectively like you just described, but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host.
And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing).
So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM.

@@rigierish3807 "but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host."
That's an incorrect statement. The host can't "see" everything that's happening in the VM, it just controls the resources (CPU, RAM, disk space, etc.) allocated to the VM. It can see resources but not what applications are running or what's in the memory contents.
The contents of RAM are just 1s and 0s - in order to make sense of what those 1s and 0s mean, you'd need to know what applications are writing to what memory addresses. The host can't see to that detail inside the VM's memory.
The host can't, for example, tell that a VM user is running LibreOffice - you'd need to SSH or RDP from the host to see what the VM is doing.
"And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing)."
I stopped using Windows when support for Windows 7 ended, so I'm the wrong person to be talking to on that.
"So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM."
The VM is a "software PC" with a network presence that is vulnerable to exactly the same security and privacy issues as a "bare metal" PC.
If you can intrude onto the host, then you can start turning VMs off - the equivalent on bare metal would be switching off racks of servers, which would need an on site presence (i.e. a lot more difficult).
Plus old vulnerabilities like Spectre and Meltdown allowed reading of memory contents of other applications, but they were not VM specific - you could technically do it on any application.

@@terrydaktyllus1320 Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that.
Now sure, you can have hardware vulnerabilities that still can go around the security of VMs but first, those are generally much _much_ less frequent, second, the viruses or malwares using such vulnerabilities must be programmed to be able to target multiple types of OS with different architectures, which would make them much more sophisticated than the vast majority of malwares people usually encounter, and finally, the vulnerabilities you mentioned got patched and solved since then, which were the two big vulnerabilities that, left unpatched, could've actually lead to completely vulnerable computers all over the world.
About the "see or not to see" argument, you say that a host can't actually read programs locally ran by the guest because that's something the guest manage rather than the host: that's a fair point, but what makes it impossible for the host to have something in Windows (other than the VM program) made to understand how the guest OS works and therefore, identify any program in the RAM dedicated to the guest and collect information about it? Nothing. Especially when the VM program and guest OS or kernel in this case, is completely open source like Linux using Virtual Box.
Unfortunately, because Windows isn't open source, we can't prove or refute this.
So personally, as I said previously, rather than trusting Microsoft, I prefer to not take the risk at all, as insignificant as it can be.

@@rigierish3807 "Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that."
And where did I say anything like that in my responses? Now you are putting words into my mouth and arguing against them.
Respectfully, I've enjoyed our conversation to this point but I really have said all I want to on the topic. You're welcome to disagree with part or all of what I said but working daily in Linux and VMware cybersecurity for 18 years now does count for something, I do know what I am talking about here.
Let's disengage at this point. Thanks for the chat and I wish you a very pleasant rest of your day.

this software emulated type of VM is not responsible for connection to internet. You need to configure your private/secure connection with your VPN in case you use it. Otherwise you will be seen from outside according to your ISP and router settings

it's still much more safer than opening files right in your windows. There might be some vulnerability in any software. Even in xz linux utility

@robertlowther7442 - Sure its hypothetically possible, as most things.
However, its very Unlikely, since Viruses / Malware aren't going to likely be Engineered to escape a VM and affect the Host's PC because they will save that vulnerability for a more easier Worthwhile target.
One must try to be Practical about things rather than overly Paranoid.

I can't see a Yt video that explains how to. Do you know any?

​@@Todeskulte_enttarntDavid Bombal had some vids on this topic.

You're not gaining much in putting it on a USB drive, unless you need portability and something to keep in your pocket.
USB is slower than a traditional hard drive or SSD and it's a lot easier to corrupt a USB stick, especially with the amount of read and writes an OS does when you use it.
Where USB is useful is where you boot, say, Tails OS that doesn't write to the USB stick and stores any data in memory until you power it down - that's a very private way of using a computer, but it's a very specific use case.

@@terrydaktyllus1320 Thank you! You are right that USB drives crap out after a while - one lasted about a year before it failed.

@@rootcanal7188 Sure, your core idea is sound and booting Tales OS from a USB drive is the *ULTIMATE* in privacy anyway - so it's not a bad idea overall.

There is some snooping the host OS can do, but if the VM is encrypted, that limits quite a few avenues for the host to spy on what's going on in the VM. Run a VPN inside the guest OS to limit snooping on network traffic. If you're extra paranoid, use a separate keyboard and mouse and use USB passthrough. I imagine there's still ways the host OS could inspect the keystrokes, but it does limit that a lot, since the OS doesn't see the device that is passed through in the list devices available to the host. Screen capture is still a thing, which might be difficult to get around. Mac OS is OK at locking that down for 3rd party apps, so perhaps an encrypted VM running on Fusion on Mac OSX might be one way to go. Presumably, the OS still has access and rootkits might get around the OS protection. But if you've got OS manufacturers complicit in spying on you at that level, or adversaries able to install rootkits on your device, I don't know what to tell you. Maybe go analogue at that point.

@@ralph17p I don't know about you but if i'm running a VM for privacy, i'm using Onion or Loki services IMO better than a vpn.. of course you could layer them on top of each other. even with the vm encrypted the memory isn't so much (i think?) something on the host could possibly capture that data. I am not saying that doing thing through a VM is bad just that even with doing these things there is the opportunity.
I'm not a privacy or security expert by any means. I just don't trust anything any more "they" just keep getting more and more intrusive. I talk all this stuff about privacy and stuff and here i'm using one of the worst things for privacy.. youtube! lol.

I don't know anything about it yet. It's in beta I guess

@@robbraxmantechThis sounds like a fantastic idea for a future video then. 😊

That's a bit like knowing that you don't like olives but ordering a pizza with olives anyway just to pick them off the pizza before you eat it. Why not just order it without olives?
Why not just use Linux and not worry about co-pilot in the first place?
If you don't trust co-pilot (and I wouldn't trust it), then how can you consider storing your most personal data on the OS it runs on? Because you can't trust that either.

@@terrydaktyllus1320That's actually a bad analogy because you can't order windows with or without certain features in this case. So a more accurate analogy would be you're in a restaurant that has only burgers or pizza and the the pizza comes with olives. You really feel like pizza and don't want a burger so you have to order the pizza and pick off the olives.

@@linsqopiring6816 If you want to make a different analogy then so be it. But mine still works fine, and I am not debating "verbal semantics" with you.

So you have an application that scans your home network and stores the information it retrieves on a Cloud server (i.e. somebody else's computer) and you're asking if there are privacy concerns here? Do I even need to answer that?

@terrydaktyllus1320 I know there is. I just want his take how much of a cocern it is. I block it from accessing the internet from my router, but then do not get notifications while away, Ionly get them when connected to my network. Therefore it is still useful for me.

I did forget.

@@robbraxmantechOk. It should speed up the graphics so that 4k is no problem. There are even examples of some programs running faster on virtual Linux than on native Windows ..

I did it on my Linux Distro showdown video. But I couldn't remember for this round.

@@biondanishgenomeinstitute8193 4K is a gimmick unless you are projecting onto the side of a building or the underside of a dome above your head.
My eyes have never looked at a 1080p image and said to my brain "Excuse me, but we need more pixels".

@@terrydaktyllus1320
:D
True!

There are ways of sharing text between clipboards on the host machine and virtual machine - on Linux, you can also copy to and paste from the clipboard from a CLI tool that you could then build into a script.
So the "potential" is there to be able to do it but it would need to be looked at in more detail.

@@terrydaktyllus1320 Yeah I'm a retired mainframe programmer. So I've kind of done my tour of duty and then some but when I'm in the mood I do tinker. Thanks.

@@beachbumsailordude If you programmed mainframes, then you're probably not actually a retiared.

@@beachbumsailordude We're probably of a similar age then, though I am not quite retired yet. I did a spell maintaining DEC PDP-11s, for example.

My use case that I describe is for specialized use. Not for everyday use. For example, putting Email in a VM is much better than using an antivirus. Isolating identity identifiers against specific platforms like Google is a very good use. Then the rest of your usage can stay on the host machine.

No. BTW a lot of the virtualization is actually done at the CPU side now. So the host is hardly involved.

I run VM's on my NAS and they have the full run of the network ( or the parts that I provide user rights to). In fact, I use a VM to sync one NAS to my backup NAS without bogging down my desktop.

@@DavidM2002 Yes, but as I've already explained in response to your main comment, allowing Windows VMs free reign of your private network is killing your privacy, not enhancing it. All of that "lovely" data about your home networking environment is collected by Microsoft.
If it was me, I wouldn't be "crowing" about that on here in a privacy discussion.

@@terrydaktyllus1320 I did not create the VM's for privacy.

@@robbraxmantechNo? Really? The fact that you’re recording the screen of the host and it’s capturing the VM immediately disproves that. The host can absolutely see every detail of what’s going on in VMs.

I'm not talking about 3rd party scripts. I'm talking about CHROME CODE ITSELF

I have never successfully installed Qubes on any computer I've owned in 10 years of attempts. Unfortunately, it never works on any modern computer.

@@robbraxmantech”never works on any modern computer” that’s not true, just read the compatibility docs. It explicitly works better on new hardware because it needs newer virtualization technology enabled.

I highly recommend QubesOS! I use it every day and it’s a huge pleasure. Def some downsides (performance-related mostly), but there’s nothing better in terms of security and flexibility.
I can’t stand XFCE so I’m using a custom build with DWM, and there’s some great dmenu scripts available that make qube administration more efficient.
The documentation and community are great too. The forum is active and the ppl there are generally super helpful.

The point is to hide machine identifiers so that VM must not be Windows. Linux/Linux is fine of course. But most have reasons to use a non-Linux host.

virtual box will work. The question is will win7 work in a right way. It's EOL product

I'm not sure if Virtualbox does it, but VMware Workstation has a non-persistent setting for virtual disks. Enable it for day to day use and turn it off when you want to install updates or new software. It's basically the same thing as a linked clone or snapshot, but it happens automatically on shutdown.

Why not just call your bank and give them a travel advisory for the days you will be out of the country?

@@hxhdfjifzirstc894 I wanted to be able to access the bank from Mexico for any unexpected event. But that is a good idea for credit cards.

With the problem of AI based client side scanning, you must not use VM's on Windows and MacOS hosts if you value your privacy

Past when?

@@lussor1like 20 yrs ago

If you have this level of distrust then the host has to be Linux. which is even better and then use KVM. Or even Qubes

Yes, Virtualbox is Open Source. You should probably be more concerned with VMware having back doors, given it is closed source.

@@robbraxmantech you could have a Linux host and a Linux guest all on a single USB drive, too.

as I responded below, I've already said that this video is to protect against 3rd party privacy attacks. Not defending against the OS. So for this 3rd party threat (which is a reality and very significant and very common), a bare-metal hypervisor is overkill. However if your threat is the OS, because that is your line of work, then of course you reveal the higher level solution for the specialist.

When you are just learning, that's the last thing a newbie wants.

@@DavidM2002 the best thing for a noobie to do is learn. Stop holding yourself back.

Why? If Virtualbox provides a good enough solution, why use anything else? A Type 1 hypervisor needs virtualisation extensions in a CPU to work properly anyway, Virtualbox is slower because it does everything in software.
But if it works, who cares?

@@tacticalcenter8658 "the best thing for a noobie to do is learn. Stop holding yourself back."
So you're going to make a video for newbies on how to purchase, register and install VMware, are you? In your own time then, maestro...

...along with the swap file, they are biggest areas of interest for tracking/spying on anybody.

VM has it's own filesystem

@@robbraxmantechWhich is also why a VM helps with client side scanning, a major idea in this video. But I wonder if client side scanning could be done at the display level. In other words whatever is sent to your display is scanned just before it goes to the display.

@@robbraxmantech You are right sir, but this thing is in HDD records and it's independent of whether files are being accessed via a filesystem or not

What names? And what about if you use an encrypted file system? If you put your VM on the encrypted file system then that can't be "read" either.

sure thing you can install a hypervisor, if you wish so. But many users already have a win installed, and they don't want to make its image, then install a new system and all other things which may require quite a bit of sysadmin skills

They are not "suspicious" profiles, they are there to give Microsoft the access that they need to be able extract as much of your private information as possible whenever they like.
In another YT channel yesterday, I can across a post by a Windows user who was very proud of himself because he'd managed to strip down Windows 10 to run in a maximum of 3GB RAM.
I responded to him and I explained that if you install Ubuntu (the most "bloated" Linux distro there is), boot it up and then open 20 or so tabs in the browser, you'd probably have a memory usage of around 1.5 to 2GB at most. The recommended minimum RAM for Windows 10 is 8GB.
So thinking about the difference in memory requirements between the two, why do you think Windows needs that much more memory? Unless it is running a lot of stuff in the background that isn't obvious...
Are you also aware that Microsoft released Windows Defender for malware detection around the time of Windows XP? it had a reputation for not being very good compared to commercial anti-malware software at the time.
These days, it has a great reputation and it's because it does real-time analysis where it reports back to Microsoft what it finds on users' PCs as an "early warning" mechanism for new malware - but that just means it's there all the time, running in background, requiring lots of memory and CPU time and constantly scanning your PC.
MacOS does the same because of the "Think Of The Children" excuse.
I think you're being deliberately obtuse and evasive here... you clearly know enough about computers to a do a degree of analysis yourself, yet you don't want to accept that the explanation for what you are seeing is the most obvious one. It's Microsoft and not some "mysterious bad actor" intruding into your PC.

@@terrydaktyllus1320 that was i was "talking" about. i know what is their purpose. i am using linux, actually back on ubuntu, but i have dual boot. i log into windows very rarely but still. there are reasons to have also windows. moreover i have to deal sometimes with pc of others, especially my parents...

@@non9886 You asked a question about why some profiles exist on Windows, I explained why they exist and you cannot trust Microsoft or Windows.
Whether or not you still use Windows is up to you and of no interest to me - once I give you my honest opinion, you can choose to listen to it or ignore it. That is up to you.

@@terrydaktyllus1320 your answer is useless. you told me what i had known alredy before. i did not ask why there are some profiles and i did not ask you...

@@non9886 There's clearly a language issue here so I am going to close this conversation.
If you don't like my answer then go get answers elsewhere, it is of no concern to me. I hope you find the answers you need.
Have a good rest of your day, the discussion is now closed.

yeah, many WiFi adapters have proprietary soft. You can install it separately after installing Linux, or just try some distribution that already have 3rd party proprietary soft, like Ubuntu.
When you use VirtualBox or any other type 2 hosted hypervisor, you don't have to configure much, so it should work smoothly, if you already configured it in your host OS

@@user-od4gs3iu4t thanks for the reply, i’ll try it out. I did try to install a driver after install, i was able to do it in Debian but doing the same process in Kali would never work. Go figure. Thanks again!

@@user-od4gs3iu4t it worked! 💪🏼

ssh

so you can go shopping and get a new pc. Even if you are glad with your current one.
high chance that you also pay for one more windows

it's more like a system administrator skills.
yeah we have to learn something to protect our privacy and security.
Neither Zuck nor Gates will care about it much