undefined | Better HN

0 pointschii12y ago0 comments

an infected vm is no victim. Lets say you downloaded a pirated game which also has malware in it. You play said game in a vm specifically made _for_ that game. So the malware only runs when you are actually using the vm.

You'd have a vm for each specific piece of software that is untrustworthy, and sharing of files can occur thru sanctioned channels (such as a local, safe temp directory shared by each vm, or read only mounts).

0 comments

3 comments · 1 top-level

jacalata12y ago· 2 in thread

Aren't you reinventing app sandboxes here?

PeterisP12y ago

That's a good question - why don't modern consumer OSes offer simple, convenient one-click app sandboxing?

teddyh12y ago

Because programs operate on files which need to be accessible by other programs. This is the whole point of files with interoperable file formats.

The applications that does not do this, i.e. games, are good candidates for sandboxing, but normal applications? Not so much.

1 more reply

j / k navigate · click thread line to collapse