-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
7v5w7go9ub0o wrote:
> An alternative solution is to use DispVMs, created on the fly,
> instead of a bunch of resident AppVms.
>
> Less space; better security.
>
I'm afraid I don't see the "less space; better security" claim holding
true, but perhaps I'm wrong.
Based on your other posts on this topic, I take it that your DispVM
approach is roughly as follows:
1. All user data is stored in one or more OfflineVMs. No programs are
run in these VMs. They are used solely for data storage.
2. When you need to work with some of your data, you create one or
more DispVMs, transfer the data from the OfflineVM(s) to the
DispVM(s), and do your work.
3. When finished, you copy the altered data from the DispVM(s) back to
the OfflineVM(s).
Here are some thoughts about this approach:
4. I don't see this approach using less space, because I still have to
store all the data somewhere (namely, in the OfflineVMs).
5. I don't see this approach being much more secure than regular
AppVMs. Both DispVMs and AppVMs can be compromised if their parent
TemplateVM(s) are compromised. In addition, some malicious code stored
along with the user data in the non-Template persistent storage space
of an AppVM could re-infect the AppVM every time it (re)starts and
executes that code. However, this exact same thing will happen if we
copy over the same data from an OfflineVM to a DispVM and work with it
in the DispVM in the same way as we would have worked with it in the
AppVM. In other words, every fresh DispVM into which we import this
malicious code will be compromised, just as our AppVM would have been
(re)compromised every time, assuming we perform the same tasks in
both. (Maybe there are some cases where only the AppVM would be
vulnerable if the malicious code relies on a startup process or
something, but this doesn't seem like a strong enough reason to say
that DispVMs are safer per se.) The DispVM approach is just shifting
the risk from one place to another without reducing it.
6. I see this approach as being highly inconvenient and potentially
inefficient. DispVMs seem to use more RAM and CPU than regular AppVMs.
Even if we don't care about that, there's the fact that it takes time
and additional effort to create and set up DispVMs for each task,
especially if we have to switch netvms and set up firewall rules. (It
takes at least several minutes when switching A DispVM from netvm
"none" to netvm "firewallvm" for any network connectivity to be
available.) For tasks which I want to perform every day (or more
frequently), this could literally add up to many extra hours of work
and waiting over the course of a month. (Scripts can mitigate this to
some extent, but in my experience trying to incorporate DispVM
operations into scripts is very unreliable.) In addition, there's
always the risk that I'll accidentally close the last window of some
DispVM and lose all of my work.
Maybe I've misunderstood the DispVM approach you have in mind, and
maybe I'm wrong about one or more of the points above. As always, I
welcome being corrected, and I'm open to having my mind changed about
this.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVHHT2AAoJEJh4Btx1RPV8UO4P/i8gSidiEIyc6zjwjmkc8FBE
7KhmCTVabTiuAfaGaFccGNJAweuT/zGeJtCOc/IC/Nr1dgrQGiNk+wI4WJBDyGPk
0/gxZbP2liU0WQxofmIA0yNBJnUKXF4JLwTOTaLpYddWpMC2d9SM1ikYt2cMrodF
8/AqlspvO3OwckIvITLqtDPJ0rfazB8QhKdTi/ErzwsV6WPfSAKfh3NpZ3FEuvKJ
RDFb3jMmlQyA3Vy/X4E0jUt5OPpdfmVZEapbqpDNT4AOW1LhRdKBfP3OphEpwd0B
6ommdYxYfdegqFeH26cG+lW3NM87xCGtKdgJvit6wKgPfAOZ2Ue2owmGDLW2Gxv/
FhARtkhl7UeOJA9BFPBIKA8HTsfB1M/TPMZOaHTR9wMkSxy0oVwX6JRR8KHW3O7l
p25kv3Tc1E3ObFErfGtbbYNvzz+fSYrgY49b3y44i1hAigbShpi4YBXCcMKR31eU
pgAsfS9sEliuykFQsahTxzSpnIjcfd738fI4aTmO0GQnV0hXMxQOfJ00NIvCA3m+
RcNyu+qgaVxnUsL9YF+JpLrUSa9cU7+RLymmRPZmdLsgLZbQ5iHwaj6J6mJhaZSl
q6LNjJCvs8TElZGm3WtwJWPCicgIjDtxxGMJa14EBJEyyucd84Xg4jizv7NBODfM
AEUC3BxGzEln+3wc3etK
=IwEG
-----END PGP SIGNATURE-----