It's probably the best you can do, but it still doesn't prevent your anonymity from being compromised. As soon as the malware is installed, it can phone home, even if you end up wiping it after you are done.
Ok. So what you're talking about is a VM that is only able to route to the internet via Tor, so it would be impossible for it to make a non-Tor connection (thereby compromising anonymity).
- If the host <=> guest tools are installed on the guest host, then it would be possible for the malware to install them itself.
- If the host <=> guest tools can't be enabled/disabled on a per-VM basis, then that could be an issue, as you would probably have VMs that you wish to use in a less convert capacity.
- The malware would have access to your browser for the duration of that session. Presumably any information that you accessed during that session is compromised. If they are consistently able to compromise you during every session, then any slip-up with PII during any session could compromise you.
Here's an openbsd VM with tor and a bunch of web browsers preinstalled. There's packet filter rules so even if the vagrant user gets owned, it cannot transmit traffic on the outboard network interface. https://github.com/WIZARDISHUNGRY/openbsd-hiddenfortress
I meant specifically that the VM should have low privs when it comes to the host, it shouldn't be able to port scan, map drives, the host MAC can be found via ARP. Just thinking about what happens when the NSA p0wns the OS running the Tor browser.
(vm-tor-net
(vm-tor-browser))
Even if the gui VM that is used for running Tor has been compromised it should still be impossible to determine where the Tor client node is running. That is goal right?
