Add disabling some drivers to the Hardware Threat Minimization guide.

Some users (like myself) don’t have an option to disable their webcam and microphone in their BIOS and don’t want to mess about with the insides of their computer. The next best thing to this would be to disable the drivers for the webcam and microphone so they cannot be used. It would be good to add steps for these to the Hardware Threat Minimization guide on the wiki.

For Linux, you can add files to /etc/modprobe.d to blacklist the modules. Add blacklist uvcvideo to disable your webcam driver. The driver for your sound card will be in /proc/asound/modules and you can add a file in /etc/modprobe.d for it e.g. blacklist snd_hda_intel.

For Windows, you can disable them from the device manager.

Steps for other operating systems should also be added.

Sounds good!

Contributions welcome.

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Unless you lock down the module loading, an attacker can always reload and enable them.

That would be great - please add.

We appreciate your security tips/ideas/dev recs across multiple threads; you know your stuff.

Please highlights other areas / weaknesses in various wiki places, as it really helps. Or better yet, write up a storm.

Linux requires root privileges to reload a module or add/edit files in /etc/modprobe.d. If an attacker has root on your system then them re-enabling the microphone is the least of your worries.

Thanks!

I will if I find any.

I’ll try to add to the wiki now. I’ve never tried editing wikis before though.

Right. I forgot about that. It was a change KSPP did recently, before even user space could load modules.