Is it safe to use an Ubuntu VM on Windows 10 from a privacy perspective?

security virtualization privacy
9,768

Solution 1

Your question is vague. Short answer is: it depends on what you want to protect. Long answer follows below.

A more detailed explanation: A few things pop to my mind that you would want to protect from Windows/microsoft in terms of privacy. There are also other dangers to privacy such as proprietary software, spyware etc. running on your system. But since you asked specifically about Windows/Microsoft, I will not address that.

1. Your local data

Problem: There is the virtual disk on which ubuntu is installed. Windows does not have native support for the EXT3 format, but who knows.

Solution: You could of course encrypt your ubuntu home directory or the entire "drive" during installation. That should prevent any software running on the host system to read data inside your VM. However, since the decryption key is theoretically also accessible by the host system, it would be possible to decrypt the data with full control of the host system and thus the decryption key. I would argue, that with encryption you can hide from automatic generation of statistics about your usage and your files, but a targeted attack against you/your computer by someone in control of the host operating system would render all encryption useless.

2. Your network traffic

Problem: You are most likely using Ubuntu to browse the web, access file servers, read your emails and so on. Some of these connections will be encrypted, some will not. Those that are not encrypted pass as plain-text through the VM host system (Windows 10). Theoretically, if there was software installed in your Windows 10 that monitors/sniffs network traffic, it would be able to at least read some of your web traffic. Moreover, encryption would not prevent the software to determine that you are communicating with someone and who that someone is. Encryption alone only hides the content.

Solution: As mentioned above, encrypted traffic is not easily readable by the host system as it is already encrypted inside the VM and only then travels through the host system's network interface. You could force such an encryption for all traffic from your VM by establishing a VPN connection to a server you trust for example. On a side note: this could also be the router in your network. But careful, the same targeted attacks using the encryption key residing in the host's memory as in Problem 1 would be possible here. Leaving targeted attacks aside, your web-browsing would not be automatically analyzed by Microsoft.

3. Data passing your USB ports

Problem: When you use USB devices for tasks inside the VM, such as printing a document, the data will have to go through the host system eventually as the VM does not have direct access to the physical USB ports. Therefore, the host system "sees" all information flowing to your USB devices. This also goes for input devices, namely your keyboard and mouse. So even when using Ubuntu, encryption and everything, Windows still registers every keystroke you make and can use that for "improving the user experience" or whatever is done with the data.

Solution: None. As long as the usb device does not support end-to-end encryption, I don't really see any solution.

4. Your hardware signature

Problem: Your hardware configuration is most likely very unique. The operating system has access to a lot of information from your hardware such as manufacturer, manufacturing date, model number, in cases of network interfaces the mac address and so on. Windows does actually calculate a fingerprint of your hardware and connects it to the windows key you use to install Windows. You can see the effect of that when changing hardware in your system and Windows prompts you to re-verify the installation. Because of that, from Microsoft's point of view, you will still be visible as a user when using Ubuntu in a VM.

Solution: There is not really one with Virtual Machines.

If you are serious about your privacy, open-source and Ubuntu, you should consider installing it at least on a separate partition/drive and dual-boot. That would remove all the problems I mentioned, except for the first one.

Solution 2

In terms of VMs, no. Virtual machines are used in this context to isolate the guest from the host, not the other way around.

In the realm of just Windows spying on you, you'll be safe by just running in a VM. It's extremely unlikely that Windows will install an ext2 driver or similar to spy on your system, even less that it will do anything I describe below, but we're going to discuss theoretical risks because they're important to know, and because we can't trust that Microsoft won't, or even (technically) doesn't.

The host has complete access to any and all virtual machines it is operating, including raw memory (making encryption useless), the raw virtual hard drive, any raw network connections, etc. Because you don't trust the base framework you're running the VM on, you can't trust the VMs themselves to not be compromised.

The host has access to all VM memory. Therefore, the host can:

  • Read any and all raw states from memory, including loaded file contents
  • Encryption/decryption keys for anything, including HTTPS and the hard drive
  • Read URIs, system states, and so on.
  • Pull off DMA attacks and run arbitrary code
  • Make your life just completely miserable.

While Windows itself is unlikely to go this far just for telemetry, it's still a possible threat that should be established and known. We're dealing with theoretical edge cases, so it's at least worth mentioning.

The best alternative is a dual boot, using LUKS to encrypt your data. This will allow Linux and Windows to run on the same bare-metal hardware, but not share resources. And as Linux's partition is encrypted, Windows couldn't do anything if it even wanted to. The catch to this is that you must reboot your system to change operating systems.

If this is a problem for you, consider using Windows inside a VM, but note the possibility of a virtual machine escape exploit (a la CVE-2016-7461), which may grant access to your Linux partition from the Windows VM.

Share:
9,768

Related videos on Youtube

byTommy
Author by

byTommy

Updated on September 18, 2022

Comments

  • byTommy
    byTommy over 1 year

    My question is basically in the title - We all know about the telemetry bullcrap that windows 10 comes with and about NSA spying on everyone. Considering all that stuff, is it (from a privacy perspective) safe to use a VM to use linux? Will windows be able to collect data from my VM or is it the same as basically having linux as the host OS?

    This may seem very paranoid to you but I feel like this is something I have to ask to be sure. I cant just delete my Windows installation and go full-blown Linux because there is software I need to use on Windows. I also cant (better said: dont want to) use only Windows because I dont want to be spied on. So I thought I'd go the middle way.

    I'm using Vmware and the newest Ubuntu, if that's relevant in any way.

  • byTommy
    byTommy over 7 years
    Okay that makes sense. I'll look onto dualbooting - also, is there a way to copy my installed programs and data from the VM directly to the dualboot-OS?
  • Kaz Wolfe
    Kaz Wolfe over 7 years
    @diatomym You can, but it's somewhat involved, and you can't trust that the data hasn't been compromised. Essentially though, you find the VM drive image and mount it, and the rest is mostly copy operations.
  • WinEunuuchs2Unix
    WinEunuuchs2Unix over 7 years
    @KazWolfe Nice answer :)
  • Kaz Wolfe
    Kaz Wolfe over 7 years
    Counter to solution 1: If you encrypt your data, your system loads the decryption key into memory. Your host has complete access to your VM's memory, and can easily grab the key if it so desires. Same with network or USB actually, it could do some sort of MITM or raw memory read, but I seriously doubt Windows alone would do this. Otherwise, +1. Good points raised.
  • Potaito
    Potaito over 7 years
    @KazWolfe Darn, you are correct.
  • ypercubeᵀᴹ
    ypercubeᵀᴹ over 7 years
    Encrypting the Ubuntu home directory or the whole drive has one advantage though vs non-encrypted: it defies (or at least delays) the line of attack of copying the whole VM file and sending it to (NSA, whatever) for offline reading. They'd have to decrypt it after that.
  • Hatshepsut
    Hatshepsut over 7 years
    @KazWolfe Does this also apply to #2 encrypted network traffic?
  • daboross
    daboross over 7 years
    Yes. It would probably be a lot of effort for something on the host OS to find where the encryption key is in the guest OS memory, but it would definitely be readable, say, if taking a whole snapshot of the guest OS memory and then reading it later.
  • Chris Hayes
    Chris Hayes over 7 years
    Points 1, 2 and 3 (where it discusses end-to-end encryption for USB devices) all fall to the same flaw. The host machine can read anything it wants. That can be the encryption key, it can be reading the data from memory after it's been decrypted, whatever. The only situation in which you're safe is one in which you never decrypt the data nor have access to the key, but in that case the data doesn't do you much good (and you'd be just as safe with Windows alone).
  • Potaito
    Potaito over 7 years
    I updated the answer about possible attacks with access to the system's memory.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Which free VPN providers support Ubuntu?
How to install the LibreWolf Browser (incl. DRM support)?
Removing default Virtualbox guest additions?
How to make firefox ask for master password only when trying to show passwords
How to block input to webcam?
What kind of information can websites collect about a user/client?
Why is the default umask 002 or 022 in many Unix systems? Seems insecure by default
Disable device name broadcasting
Should I encrypt a hardware RAID5 on my homeserver? How?
Can wifi admin see viber messages