Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Security Privacy

Secure, Portable, Virtual Privacy Machine 168

solcity writes "Looks like an online privacy company, Metropipe, are planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks like the whole thing is based on damnsmalllinux and uses qemu to boot on Windows or Linux without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."
This discussion has been archived. No new comments can be posted.

Secure, Portable, Virtual Privacy Machine

Comments Filter:
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Thursday October 21, 2004 @01:26PM (#10590307)
    Comment removed based on user account deletion
    • Re:Who's privacy? (Score:2, Insightful)

      by Anonymous Coward
      Depending on what else is included in the distro... Yes. But there are already distros that let you do that NOW. There's even Windows live CDs that will let you do it to other windows systems. Google is your friend.
    • by pavon ( 30274 ) on Thursday October 21, 2004 @01:32PM (#10590388)
      The data on the laptop is insecure. Anyone with physical access to a machine can read the unencrypted data on that machine. It has been that way forever. The existance of this product doesn't make it any less secure than it already was.

      However, the person with this USB fob has increased his security. Thus a net gain in securtity. If you want to be secure you need to take care of yourself. Sticking your head in the ground is not a viable security plan.
      • by mukund ( 163654 ) on Thursday October 21, 2004 @01:40PM (#10590489) Homepage

        Actually you could argue that trusting a method is worse than not trusting it at all. Trusting a unknown key for example, for the sake of security, and sending out private encrypted data protected by it is worse than not trusting the key at all.

        Personally, I think carrying your own laptop around is a far better approach (for what the author is trying to achieve) as you don't have to trust others' computers which may contain software to thwart the security of devices such as this USB key by reading all data off it.

        You could find flaws with what I've said too---good security is not easy.

        • by metlin ( 258108 ) * on Thursday October 21, 2004 @01:50PM (#10590607) Journal
          True, but there are situations where having such a tool around would be quite handy.

          The problem is that one cannot always carry one's laptop all the time, wherever they are. Often times, you end up needing your laptop at a time and place when you are least prepared for it -- I'm sure those of us here who need to shuttle all over the place to meet clients have encountered this.

          And besides, the laptop is an insecurity in and of itself. Thieves view it as something that can be stolen, and it is a device that can be physically bugged.

          True, you don't necessarily trust a computer off an airport in Paris. However, using that computer with your safe-toolkit is probably a whole lot safer than using your laptop with a bug in it -- hypohetically, ofcourse :-)

          So, I suppose this is a good security tool. Not the solution to all the problems, but a good tool neverthless.

          Or maybe I'm just being too paranoid. And that black helicopter outside my apartment probably belongs to that hot chick across the street. Who knows! ;)
        • But...if your end goal is to connect to another computer of yours on the net and you wanted to make sure that connection was encrypted and you weren't going to leave traces on the "temporary host," this seems like a good way to do it.

          For example, if I want to connect to my IMAP server securely without this device, my option is web mail over SSL...even then, who knows what keystroke loggers are running on the public machine I might be using. Plug in this, reboot and unless there's some Van Eck device around
      • Yes,using this method is a *little* bit secure. However, don't be tempted to believe it's secure unless you can guarantee that the computer you are sticking it into (insert joke about safe sex here) is guaranteed "safe".

        Admittedly, since the system runs on a virtual machine loaded from the memory stick it's difficult for a process on the host machine to access it's data but it's not impossible. Unless you can actually boot completly (no windows bootstrapping) from the usb stick and know that there's noth

      • Can't the person with the laptop just run a keyboard sniffer at the bios level? Why would you trust someone else's hardware to be secure?
      • Not *all* computers. If this ran on a Mac and a user had FileVault Enabled they couldn't read the home directory of that user.

        Of course, that's a Mac, but I'm sure similar utilities exist for Linux or Windows.

        Filevault works by transparently putting your home directory onto an encrypted disk image and mounting it at /Users/username. Files are encrypted/decrypted as they are written to/read from the folder.

    • Re:Who's privacy? (Score:3, Insightful)

      by julesh ( 229690 )
      Presumably, if they were concerned, they'd have encrypted their files.
    • Re:Who's privacy? (Score:5, Insightful)

      by Ford Prefect ( 8777 ) on Thursday October 21, 2004 @01:39PM (#10590476) Homepage
      If it is using QEMU, then it's just another normal process with the same privileges (or lack thereof) as any other. QEMU's basically a PC emulator, albeit a pretty fast and compatible one.

      There is the risk that processes on the host machine can peer at its memory and fish out the unencrypted data without any way of it knowing - unlikely that someone would develop such a thing, but if you're being paranoid there's always the possibility.
    • Nope (Score:5, Informative)

      by RealProgrammer ( 723725 ) on Thursday October 21, 2004 @01:49PM (#10590595) Homepage Journal
      RTFA: it's run on the qemu emulator. You first boot the host OS, and your qemu session is just a process under that, with no more rights than otherwise.

      If you had a boot CD, now that would a problem. Would I let someone boot my laptop from Knoppix? Not unless I would trust them to sysadmin my laptop :-).

      As the above poster says, security accepted wisdom is that physical control implies vulnerability.
    • It would only work if the person was logged in and had access to the USB ports (which I understand some places are locking down now).

      I don't believe that you can get a program to run at the login splash screen.

      So shame on them for leaving their computer logged in.
    • Re:Who's privacy? (Score:3, Interesting)

      by general_re ( 8883 )
      Stick one of these into someone else's laptop and don't you circumvent the default OS thereby having full access to their filesystem?

      Go into the BIOS settings, set a boot password, and then disable USB boot devices. No, it's not totally impenetrable, but it's better than nothing - at least your attacker will be forced to haul out a screwdriver. And for laptops, probably a soldering iron too, which sort of obviates a quick hit-and-run attack while you're away from your desk ;)

      • Hmmm, it's not even a bootable device.
      • (Note: there are 4 parts/acts here, separated by equal signs... I hope you find them interesting...)

        OH, before if forget:

        == Prologue==
        The stick OR bootable CDs are a GREAT way to test laptops at stores. Hell, NOW you can test a laptop for ACPI and other problems. You can TRY before you BUY, as long as a CD/DVD or USB port are installed and working... And, the best part is that as long as it's a demo rig, is not connected to a LAN, and has no wireless to inadvertently sniff the store, then the store REALLy
    • Please RTFBlurb. It uses QEMU to run on top of Windows or Linux. Therefore you do not circumvent the default OS.
      • Re:Who's privacy? (Score:3, Informative)

        by cortana ( 588495 )
        Then how can it possibly be considered secure? You have no guarantees that what you see isn't being manipulated by the system you are running it from.

        Of course, you shouldn't be using someone else's computer anyway, god knows what kind of keyloggers or whatever it has lurking in it... :)
    • This is from a F/LOSS/Linux user perspective:

      We need to get out of the habit of calling this circumvetion. If we don't then this usage will lend further credence to ms and furter reinforce some badly-written legislation. If Linux is to be used (as it is now and can be in the future), this notion of "hijacking a box" should be described more discretely.

      Putting Linux on a box and being able to "see" the file system is not a guarantee that useful passwords will be found or enable a malicous log in. True, the
    • Alex: People who wear tinfoil hats are concerned with protecting this.

      *bing*

      Alex: AC?

      AC: Who's privacy?

      Alex: Judges? .... Yes, we'll accept that. Technically the correct question would have been "What is privacy?" Select again.

      AC: I'll take "your and you're" for $200 Alex...

  • And yet... (Score:5, Insightful)

    by garcia ( 6573 ) * on Thursday October 21, 2004 @01:28PM (#10590348)
    And yet I am tunneling through SOMEONE ELSES proxy (which isn't free) to do my "secure" work.

    I'm sorry but I cannot bring myself to trust my cookies, settings, and information to travel over anyone else's network. It's not safe unless *I* am the one controlling the proxy and the tunnel between the two.

    SSH, Putty (for Windows users), and squid on your own machine is what I use. Yeah, you still can't avoid keyloggers and the like but at least you know that you are controlling what is being logged and where.
    • Perhaps I read it wrong, but it seemed to me you only needed to use their "annonamous" proxy if you want to. All the rest could be done through a direct connection or any other proxy you wanted.
      • Re:And yet... (Score:1, Offtopic)

        by garcia ( 6573 ) *
        I haven't yet finished the download so I can't tell. They do seem to promote their anonymous proxy though and that's what worries me.

        That aside...

        Sure, it's nice to have your cookies and whatnot stored on a USB key but that data is still traveling to your USB device via their hardware. It's NOT secure and they shouldn't infer that it is.
        • Re:And yet... (Score:4, Interesting)

          by garcia ( 6573 ) * on Thursday October 21, 2004 @02:05PM (#10590757)
          From the README.TXT
          +++WARNING+++
          -------------
          This is a technology preview and comes with NO SUPPORT, NO WARRANTY
          and NO GUARANTEE for any purpose.

          Windows Instructions:
          Double click on 'boot-win.bat'

          Linux Instructions:
          run 'boot-linux.bat' from the command line


          Now what I find funny is that boot-win.bat doesn't exist and I believe what they meant was qemu-win.bat.

          I just can't trust my data to a piece of software that claims no responsibility and doesn't even have the correct filename in a 491 byte README.TXT.

          I'll stick w/my current methods TYVM.
    • Re:And yet... (Score:4, Informative)

      by 26199 ( 577806 ) on Thursday October 21, 2004 @02:17PM (#10590895) Homepage

      How to avoid keyloggers [columbia.edu]

      • that link says nothing about how to avoid key loggers.
        it tells you how to not give away your permanent password while on an insecure machine.
        everything you type during your session can still be key logged.
        • Of course. But the most damaging use of key loggers is collecting passwords. I don't particularly care if someone logs me hacking at some code, writing an email, or printing out work in one of my uni's computer labs. But if they get my password they can compromise my machine, and that I do care about.

    • Why do so many people continue to only use Squid/SSH for proxying when it is not required anymore? SSH supports dynamic port forwarding.

      SSH basically includes a builtin socks proxy. Download putty and create a dynamic port on locahost:1080 and say goodbye squid.

      Of course there are still advantages to having a local squid proxy, but in most cases it's not worth the effort anymore.
  • Is this the Apple Wavelet Encryption technology they debuted back in 1999 with Mac OS 9?
  • miscategorized (Score:2, Informative)

    by Khashishi ( 775369 )
    this is more of a gadget than a your-rights-online
    • Re:miscategorized (Score:2, Interesting)

      by daxxar ( 823161 )
      Heh, you don't find this useful?
      I find any gadget which enables me to boot a decent Linux distro useful ('decent' being relative), if it can increase your privacy it's just an added treat.

      Signed email is pretty handy, and setting up that stuff is a bit tiresome if you have to do it for *each* workstation you come to.

      I'm assuming you can 'preconfigure' it, or atleast that it stores your settings? (in contrast to your average LiveCD)
    • Yeah, it is a gadget, but one that seems likely to stir up more controversy about online privacy vs. the US government's perceived need to know everything. My first reaction to "Virtual Privacy Machine" was, uh-oh, don't they mean "Virtual Terrorist Machine?" Because that's how the Homeland boyz view privacy of any sort. Americans have privacy only in the sense that the government promises not to do anything improper with its unrestricted access. Will devices and software that hide anything from prying eyes
  • by wowbagger ( 69688 ) on Thursday October 21, 2004 @01:36PM (#10590441) Homepage Journal
    OK, let's think this through:

    As I read it, this is a Linux session running in a virtual machine under the host operating system - the idea being that any "sensative" data resides in the virtual session, so the host has no visibility to it.

    Except that the host is providing all the screen and keyboard access, so if the host is comprimised and is running VNC the attacker can see where you are going, and what your password is.

    True, *IF* the password is only the SSH keyphrase for a private key that is only accessible to the virtual machine, then *maybe* it does him no good.

    But since the virtual machine needs to access the media through the (comprimised) host OS, the attacker can copy that data as well.

    It sounds to me like this is just giving you a false sense of security.
  • by ifreakshow ( 613584 ) * on Thursday October 21, 2004 @01:36PM (#10590449)
    Basically a USB hard-drive that auto configs ssh and your browser so novice users can access proxyies.
    A very cool idea but only "secure" if you trust the company. They say they don't keep logs, but you never know. Also a yearly fee with a limit on transfer.
  • Not all GPL... (Score:4, Interesting)

    by non-poster ( 529123 ) on Thursday October 21, 2004 @01:37PM (#10590459)
    The ./ story, as well as the link (Portable Virtual Privacy Machine [metropipe.net]), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

    Should I believe anything else these folks say?
    • Re:Not all GPL... (Score:3, Informative)

      by graveyhead ( 210996 )
      Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License
      I hate to be pedantic (well, ok no I don't, this is slashdot...) but Mozilla is now released under the MPL, the Mozilla Public License. The NPL is considered a "historic document". Grok [mozilla.org].
    • Re:Not all GPL... (Score:5, Informative)

      by juhaz ( 110830 ) on Thursday October 21, 2004 @01:54PM (#10590644) Homepage
      The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.

      Huh? NPL is Gone. Dead. Buried. Mozilla has been (mostly, and the exceptions should be BSD etc. GPL-compatible) LGPL/GPL/MPL tri-licensed [mozilla.org] for quite a while now, the new licensing policy is over three years old.
  • by LocoMan ( 744414 ) on Thursday October 21, 2004 @01:39PM (#10590481) Homepage
    I was reading about something like this on a PC Magazine sometime ago called the stealthsurfer (http://www.stealthsurfer.biz/ [stealthsurfer.biz]). I guess it's like this except that this one uses GPL software (stealthsurfer uses a personalized version of netscape 7)
  • by Anonymous Coward
    DMT, LESE, Orlingrabbe.com, et.al?
  • by jeif1k ( 809151 ) on Thursday October 21, 2004 @01:43PM (#10590527)
    Such approaches give you only limited protection: if you don't trust the systems you plug into, you may still be subject to key logging, screen recording and other attack.
    • That's a very good point. According to the http://pvpm.metropipe.net/ [metropipe.net] link, PVPM runs from an OS that could have who knows what installed on it, so this would not protect you from someone like that guy who installed keyloggers in the Kinko's computers.

      This is more secure than nothing (although there is the danger of a false sense of security!) and it would allow you to use portable encryption on machines that belong to people you trust, but that's all.

      It would be much better to boot a secure OS from the

  • Can be subverted (Score:1, Interesting)

    by Anonymous Coward

    Didn't somebody prove a while back that virtual machines could be subverted by flipping a few bits in memory? As I recall, it was a story on Slashdot a year or more ago. Anybody remember that?

    • Err. Yeah. If you start messing around with the hardware, there's not a lot that can't be subverted, to be honest with you.
    • Re:Can be subverted (Score:3, Interesting)

      by pkhuong ( 686673 )
      IIRC, it doesn't apply here. The research was made on the JVM, showing that its security was vulnerable to gamma rays, etc, which isn't a big surprise. I'd expect the same for any other program. However, they also managed to craft their program in such a way to basically escalate the program's (class?) privilege level reliably. QEMU has different goals than JVM's security, and it being vulnerable to mutated data isn't more critical for it than any other program. You might be referring to another study. thou
  • Oh, man ... (Score:4, Interesting)

    by gstoddart ( 321705 ) on Thursday October 21, 2004 @01:56PM (#10590658) Homepage
    Secure, Portable, Virtual Privacy Machine


    I'm reading that headline thinking I finally have a cone of silence with tinted windows I can carry around, and it's just same dorky VM. ;-P

    Sheesh. Next you'll tell me I still don't get my flying car and robot sex-slave^H^H^H^H^H^H^H^H^Hmaid any time soon.

    =)
  • Life span? (Score:5, Interesting)

    by Remlik ( 654872 ) on Thursday October 21, 2004 @01:56PM (#10590661) Homepage
    I thought USB type keys were limited to 100k writes before failure. How many times or how long can you use this device before wearing out the key?
    • Re:Life span? (Score:4, Insightful)

      by FirstTimeCaller ( 521493 ) on Thursday October 21, 2004 @02:11PM (#10590826)

      How many times or how long can you use this device before wearing out the key?

      Well, if you set up a RAM disk and only store personal settings on the USB key -- then I suspect that it would last for quite some time. If you don't care about saving settings, then you can boot off the key as a read-only media and never write back to it. So I don't think this would be a major concern.

    • Re:Life span? (Score:5, Informative)

      by Fencepost ( 107992 ) * on Thursday October 21, 2004 @02:21PM (#10590941) Journal
      The limitation on the number of writes to a particular area of memory has been known since flash memory first started to appear. Most devices or drivers should account for the issue by either rotating writes to avoid overusing one particular region or by remapping failing sections into other areas. Remapping failing areas will cause the available capacity of formatted flash devices to gradually shrink, while rotating writes will attempt to keep any areas from wearing out too fast (making it more likely that multiple areas will start to fail around the same time). Someone who's done more looking into this should be able to give a good idea which technique(s) are most widely used.
      • Re:Life span? (Score:2, Informative)

        by Anonymous Coward
        Your description is conceptually good, but let me correct and add to it.

        - The maximum number of writes a particular area of flash can sustain has been increasing as the technology has matured. Better manufacuter are now promising, in writing, endurance in the 100,000's and even 1,000,000's of erase/write cycles.

        - Better manufacturers do both the "rotating," called wear-leveling, and "remapping," called spare sectors management or sparing.

        - Flash memory modules already come with reserved spare sectors th
      • Interesting... do most flash drives actually have the capability to "remember" how often a particular area has been written to? Seems to me that it would require a fair amount of storage just to do that. You can't do this at the driver level, since there's no guarantee that the device is going to be used in the same machine all the time (of course, using the device in only one machine kinda defeats its purpose).
  • I'd like to be able to send, along with my "ring", a crypto client to the person I call (or equivalent in email). So our messages can be end-to-end authenticated and encrypted, without relying on any other party or infrastructure. I could use different security protocols and secrets for each message, by sending different clients.
  • by museumpeace ( 735109 ) on Thursday October 21, 2004 @01:59PM (#10590698) Journal
    Good bye Carnivore? [pcmag.com]
    James bond wants one of these. The FBI, when they finally figure out what this is, will want it banned. I have dreamed of doing something like this with an applet but this is much slicker and more powerful.
    Next questions, can I tunnel through with VOIP [usatoday.com]? How "special" does my correspondent/recipient have to be for the trail for eavesdroppers to go cold on both ends of the connection?
    • No.

      You are still trusting the person at the other end. After all this, if the spooks could install sniffers at the other end, your data is still compromised.

      Why go that far, the spooks need install stuff on just your machine, or use other means [wikipedia.org].

      Carnivore will never entirely go out of the pictures, it's always a Cat & Mouse game. If this becomes widespread, something else would come up to counter it.

      Besides, all this is good only until QC becomes viable and widespread, and at which point your existin
  • Started messing around and some things require root, so who wants to figure out the passwd for everyone?
  • by Anonymous Coward
    A quote from there website:

    "MetroPipe's proxy servers are located in the privacy friendly jurisdictions of The Netherlands and Germany."

    The Netherlands and Germany privacy friendly? Yeah, sure, compared to China maybe.

    The Netherlands is known as the country where the most phone-taps are placed.

    Germany and The Netherlands are preparing Europian legislation to log every email message you send, to log every url you are visiting for at least a year "to fight terror".

    Europe is getting even worse compared to
  • Waaaaaait. (Score:5, Interesting)

    by cbiffle ( 211614 ) on Thursday October 21, 2004 @02:20PM (#10590930)
    Okay, lemme get this straight.

    You take this USB key and plug it into an untrusted machine (since, if you had a trusted machine, you wouldn't have to go through these hoops). It fires up a virtualized PC that runs Linux and lets you get out to the web using an encrypted proxy.

    I fail to see the utility of this. You're running QEMU on the host. If the host is compromised (and it's best to assume that any untrusted host is), it has full access to your keystrokes, I/O, and the entire memory image of your system.

    Good crypto software for Unix makes sure to prevent its sensitive data from going out to swap by negotiating with the virtual memory system. This keeps your passphrases and keys from showing up in a swapfile if the machine is compromised. This type of system has no control over that -- if the host decides to swap the emulator out, foom! your entire system image is now on disk. A disk you don't trust.

    Not to mention that processes on the host could simply read through your memory in real time.

    So, in short, an untrusted computer is still an untrusted computer. While this sounds useful for encrypting one's network connections, it seems like an awfully complex solution to reinvent the concept of a VPN.
    • Re:Waaaaaait. (Score:3, Informative)

      by jfengel ( 409917 )
      It's a compromise. It's more difficult to modify the hardware than the software. And the software can easily be compromised without even the owner knowing it by various spyware.

      A computer at an internet cafe is likely to have spyware on it, but it would take more work for them to install a physical keylogger. So if you sit down at one of those, you should at least check it for one of these [keyghost.com].

      So this will protect you when you're borrowing a friend's computer or dropping in on a client or customer. Probab
      • It's a compromise. It's more difficult to modify the hardware than the software. And the software can easily be compromised without even the owner knowing it by various spyware.

        But... this is still susceptible to software compromises. Keyloggers will still work on it. Memory dumps might be able to get sensitive information out of it. Sensitive information might still be written into the OS's paging file.

        It's nothing like as good as it sounds like it should be.
        • What if the entire flash was encrypted with a small partition on it with a decryption routine that also pointed where to start?

          It'd make it slower (probably a lot slower if you're operating in the USB stick only), but adding an encryption scheme would at least slow down someone that wanted to image your USB stick.

          A keylogger would still get stuff though. Hmm...
    • If the host is compromised (and it's best to assume that any untrusted host is), it has full access to your keystrokes, I/O, and the entire memory image of your system.

      Yes, of course. I think they're not very clear about what this meant to protect against. I can think of a set of assumptions under which it could be helpful, though. Assume you trust the host machine not to be compromised (so whoever administers it is not out to get you and, in addition, does timely security updates, keeps people from in

    • I can see the intent of this distro. Web surfing and reading email on Windows leaves many traces on the harddrive, IE and Outlook Expess being the prime examples. This tool prevents you from leaving those traces on the harddrive *except* for (as you point out) when the system memory of the VM gets swapped to disk. It can't stop the host kernel from snooping on the memory of the VM either. The webpage also doesn't talk about disk encryption, so your user data is *probably* sitting unencrypted on the flashdri
    • Re:Waaaaaait. (Score:2, Interesting)

      by Ifni ( 545998 )
      The simple answer as to what utility this has is that it solves a number of issues all at the same time.
      First, all of your settings are immediately available - your bookmarks, your cookies, your saved emails, etc, on any computer anywhere without any complicated configuration.
      Second, it is very portable - much moreso that a laptop. And as they say, you don't have to demonstrate that it isn't a bomb to the airport security guard.
      Thirdly, it leaves no lasting record of your activities on the host machine. Y
  • Slow as hell (Score:5, Informative)

    by joshv ( 13017 ) on Thursday October 21, 2004 @02:23PM (#10590966)
    I just tried this on two reasonably modern machines, and it's slow as hell. Unusably slow. QEMU claims to be a 'FAST!' emulator. It is not.

    Why not use Cygwin instead? Almost all of the apps in this distro has have been ported to cygwin, and I doubt there'd be much trouble porting Firefox if someone got serious about it.

    A cygwin based distro could pack a minimal installation (including X) on a USB keyfob that would provide all of the same functionality, but running the apps as native code, at near native speed (minus the small cygwin/POSIX to win32 api translation penalty).

    Now of course this solution won't work on a Linux machine, but I think it would be rare that you'd encounter a Linux machine that you'd want to run this on. Most likely you'd be at a friend's house, or in a computer lab where everything runs windows.
    • Were you running it on a USB 2.0 stick or a 1.1 stick?

      Just checking.
    • dude firefox runs on windows AND linux
      • Not under cygwin.

        What I am talking about is a cygwin installation with a full X server. Many of the apps in the distro mentionned in the write-up have cygwin ports (much easier than a full Windows port). As far as I know no one has yet ported Firefox to cygwin. I imagine you could run the native windows version from your keyfob, but that nixes some of the nice encapsulation cygwin provides.
    • Re:Slow as hell (Score:3, Interesting)

      by kelnos ( 564113 )
      I'm not sure what the point would be of running it using cygwin. The idea here is to run the entire "secure environment" inside the virtual machine that qemu provides. As others have noted, there are still some problems with this approach, but if you're going to run it in cygwin, you might as well just run the normal native apps. Then basically you'd just have a thumb drive with some privacy-related apps (such as thunderbird+enigmail) on it, which you can make in your spare time; no need to have this pro
    • Because cygwin has registry hooks. It's not "mobile" or "portable" enough for a USB stick. Find a link to a mobile cygwin that can run on USB or CDROM and I'm all with you!
    • 2.2 ghz machine with 512MB and it is slow here too. pretty much unusable
  • by quinxy ( 788909 ) * on Thursday October 21, 2004 @02:23PM (#10590969) Homepage

    Last week I was thinking about exactly this question. I've been using VMware [vmware.com] to do the same sort of thing form my laptop, but it has the disadvantage of being costly, non-portable (no easy or possibly legal installing to usb drives/etc.), and not pre-configured for the purpose of this VPM. But in my experience VMware is quicker, feeling almost like the emulated computer was the host computer.

    At any rate, I installed and ran this VPM software, and it certainly seems to deliver, and has a very nice collection of pre-installed apps. Sadly the performance is about as poor as you might expect (that's running it off a HD, not a USB drive). Every operation takes a while to complete, click on Firefox, and wait 40 seconds for it to ask which profile you want to use (this is after first use). Type in a URL and wait at least 30 seconds for any signs that it's coming up. My laptop is only P4M 1.8Ghz, so no doubt performance would be much better on a more recent machine.

    Still, pretty neat, though not entirely usable for me.

    quincy

  • A similar product has just released a new version as well. Check out Feather Linux [berlios.de]
  • by kippa ( 453370 ) on Thursday October 21, 2004 @03:09PM (#10591500)
    I read...
    Secure, Portable, Virtual Piracy Machine
  • I want a way to launch Windows98se (that has been pared down to a minimal amount required files) on a Linux or Mac OSX machine so that I can run IE and whatnot without having to reboot!

    Anyone make that?


  • It wouldn't be very hard at all to write a trojan that waits on the host machine and compromises your "Secure" data once the qemu vm boots up.
  • I downloaded it and got me a USB key (Been meaning to do that for awhile) It boots faster than my Redhat or Linspire partitions though I dont have a USB 2.0 port (This AMD 64 machine is supposed to) either way it runs fine.. has Firefox .93 though instead of the PR but that can be easily fixed and it does not detect my mouse wheel which would also be nice. However it is quite usable and the only thing I'd want extra is a Sun port so I could use it on workstations at work.

Time is the most valuable thing a man can spend. -- Theophrastus

Working...