> So far I haven't found any public info about the possible downsides of running a hidden service under Windows.
Let's assume a fresh, clean windows installation. Have you found a list and description of all outgoing network connections, that will be made by that windows installation? I haven't found any documentation. Information is spread all over the web. So far I discovered Windows Update, WGA and time sync. I am collecting all that information including source. [1] There are still open questions. Is the time sync authenticated or can it be spoofed by the Tor exit? How safe is it, to rely on Microsoft time sync servers? (just one server, single point of failure) Microsoft didn't always use automatic updates just for security updates. They installed WGA without asking, which is spyware and no security update. Or they installed a Firefox addon (net framework), which was a new "feature", but not a security update for net framework. How legal is Guantanamo, how much does the state following it's own laws? Imagine Microsoft would push a backdoor over automatic updates, to bust cp or a botnet. A small outcry through the geekzone, the masses would't notice or care and continue to use Windows. How can we assume the state has inhibitions to force Microsoft do to that, if Guantanamo is not even an open secret? > Is running the instances of Tor and Apache in separate locked down virtual environments more secure than having Apache and Tor listening within the same machine? I think yes and I am very interested in it. That's why I wrote TorBOX, it's very similar to what you do. [2] There is also a section about hidden services. [3] But different opinions are possible. One could argue that a more complicated setup and more code is involved, therefore even less secure. It's probable a question what you think, what is/will be more probable exploited? The VM (introducing more code) or the web server? I'd be interested to read Tor developers opinion. > Or is Windows an absolute no when considering running a secure hidden I think we agree that this virtual machine should only be used for the hidden service, don't we? Since Windows costs money and is closed source and while Linux/BSD is Free Software, and all common server software runs also under *nix, so why not use it? > But if the proxified aplication runs within a virtual machine, and only connects to an instance of Tor running within another VM, what info could leak through the application other than the IP of the VM? application level leaks, examples - irc clients, if not well configured, leak your time zone, your current time, your irc client version, maybe the name of your user account (some clients, user account name = ident) - browser fingerprinting [4] - some webservers (in standard configuration) leak your operating system version - other (server) software has not yet been researched so thoroughly like Firefox for fingerprinting and application level leaks (Thunderbird in VM-1 would be unwise, it's very similar to Firefox fingerprinting) Server software name and version can be potentially used to exploit the server, once the VM is infected, it might break out of the VM and report your real IP. If you can afford using real hardware, instant of VMs, that would be more secure. [1] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks [2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX [3] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX#hostinghiddenservicesOPTIONAL [4] https://www.torproject.org/projects/torbrowser/design/ _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
