pictures of my rats: @rats
yiddish folktale bot (currently offline): @Yiddish-Folktales
Seattle area
trans 🏳️⚧️ somewhere between (30 - 35)
Do you usually run it in like a VM with no networking?
I was looking at doing this with some Adobe applications and have tried making a windows VM (without trying to do fancy passthrough) but the latency was kinda miserable.
maybe I should just do like gpu passthough or something, but wanted to ask if any of you have tips for running untrusted software with GUIs in a way that doesn't suck to use (short of having like an isolated lab machine)
Running unsafe software in a virtual machine is tricky because any attempt to make using the VM not godawful is just opening up doors for VM escape (i.e. guest tools, gpu passthrough, etc). Additionally, it's trivial for software to detect if it's running in a VM, and malware abuses this to behave differently on a VM to give it the appearance of being safe.
When I want to run unsafe software I use a dedicated device, tethered to my phones data (and not on my WiFi or network). I install the software and monitor the network traffic to see what it does. Then I make a call on if it's safe or not, but I'm 100% ready to admit I will get this wrong at one point.
I was mainly planning to keep it isolated forever in its untrusted environment without network access, and try to find the least exploitable way of transferring my image and video files in and out
maybe you're right that just an isolated lab machine is the way to go though, especially since yeah more passthrough is more opportunities for it to escape
in a VM with no networking, yes, and no USB device sharing, and no filesystem sharing, and no clipboard sharing, and...
we'd also be careful to not modify the VM's screen size when you resize its window; that's an easy privacy leak to miss. window sizes can be surprisingly identifying.
don't do GPU passthrough if you're worried about malice, it's too much attack surface
giving it GPU access might be safe on commercial software that's older, like we'd personally say anything from 2010 or before, but nothing more recent. the reason we say that is that hypervisor escapes and attacks on VMs are comparatively recent. we have no concrete knowledge to suggest that privacy attacks on VMs are deployed today but they would certainly add business value to the functionality of analytics and advertising SDKs, and the internals of those SDKs are not readily inspectable and drastically under-researched, and every modern commercial program bundles them. so if your goal is to have solid guarantees about what's going on, you should assume that such things could be happening.
a friend's project, SpectrumOS, may eventually offer a sort of GPU firewall. it's not production-ready yet though, so... someday :)
anyway, using a VM with everything locked down is probably sufficient for commercial software; that's a guess, but it's an educated one. for malware analysis, people use physically isolated machines with no network cable and no antennas and no microphone. even that has its limits; we're aware of attacks that have been demonstrated in the lab, but only state actors would have any interest in productionizing them, so it's impossible to know whether they have been.
that all makes sense! I was kinda weighing out like "how likely will they have put some really advanced malware in here" and thinking about it, I don't super wanna roll the dice
I did remember UW has a media lab, maybe I'll just go over there to process my photos and videos sometime
i try and set up a VM with no networking and then i run into some bullshit and i just #yolo it
