On Wed, 14 Dec 2005 15:58:50 +0000, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>> You may also want to realize that no attempted isolation is perfect. >> There are ways for attackers to break out of jails/chroots and similar >> is true for virtual machines. By using such methods you've only added >> a _layer_ of security which only stops _some_ (possibly many) >> attackers. It's not completely bullet proof (nothing is) but it does >> help. > >You only need to break the 'browser appliance' OS to send traffic on >the LAN/internet, and the regular environment provided by the >standardized VM could make this easier. It does make it significantly >harder to access personal data stored outside the VM though (compared >with browsing directly on the same machine as the personal data). This kind of isolation does increase the difficulty of an attack but "by how much?" and "for how long?" and "at what cost?" are the real the questions you must answer. For example, the difficulty of copying a file is significant when you don't have a cp command, yet it only takes one person to write the command and share it with others for a *lot* of people to be able to copy files easily. As you can imagine, similar is true for the writing/sharing of shellcode used in exploits. Breaking out of a chroot or VM is not simple but it is possible. As attackers adjust to incorporate such methods, the significance of such a defense decreases over time. Increasing the difficulty of attacks is still a very good thing but thinking a particular layer of your defenses is significant by itself and will always remain significant is definitely short sighted. Kind Regards, JCR
