disable speaker by default or optional for better security?

Continuing the discussion from How to harden KVM:

Do we have to disable speaker as well?

speakers could have two risks when VM is compromised:

  • major: I have read somewhere that speakers can be abused to be used as a microphone too.
  • lesser: exfiltration if devices nearby are in range.

related:

Not an issue for VM environments as documented here before:

  • Dev/KVM - Whonix
    I went ahead and copied it over to the user wiki so it is accessible.

Yes this is a legitimate problem like ads/sound cookies that use ultrasonic waves as a covert channel to communicate with pre-installed spyware on nearby phones/tablets. In that case should I disable sound by default? It will likely annoy new users but it is not something too difficult to reverse.

General question: Should I be adopting a minimalist approach to virtual hardware selection? I’ve been doing this for the most part anyway until now.

1 Like

from a more paranoid angle, would it possibly make more sense to instruct users to disable speaker input and output on the host and encourage people to use headphones instead when sound is needed? it’s how i do it. it’s fairly rare when i need sound. not sure how that applies to others though.

1 Like

HulaHoop via Whonix Forum:

General question: Should I be adopting a minimalist approach to virtual hardware selection?

I am wondering about it too. When are we reaching a level of minimalism
where we only have two users left?

Yes.

There’s your criteria right there.

My opinion:

  1. Start with the strictest options as default as long as they’re fairly easy to change.
  2. Make it very obvious for new users to know how (1) is done.

The choices that should give us a headache are those that are difficult for users to change.

I believe we should certainly assume nearby devices are either infected or in a high risk to be infected at any point. Not only phones/tablets, notebooks as well or anything with a microphone.

Steps I take on every new workstation:

  • Set Tor browser’s security level to “Safest”
  • Disable shared clipboard on gateway and workstation/s
  • Disable speakers
  • Change shutdown default options from “Save the machine state” to “Power off the machine”

Already added on the wiki since ages :slight_smile:

1 Like

That’s the thing. I don’t want a dozen support threads of “how do I make sound work?” What do you have set for Qubes?

Many services have common recurring questions, coming from the nature of things done differently from what users are accustomed to (and for good reasons, at least here). That’s what a FAQ page is for.

Not sure the questions in Whonix’s current FAQ page are really that frequent, and the size and details of it can be truly overwhelming. Don’t recall the last time someone asked here why isn’t OpenBSD is used for example.

1 Like

If we keep the soundcard speakers included, I can make sure the microphone disabling a default setting (which is otherwise inaccessible in the GUI manager). Otherwise users adding the soundcard to enable output would enable both in the process which would make them less secure.

I think turning off the microphone is more urgent than the sound leaks. We can advise removing the sound entirely for high security VMs.

1 Like

HulaHoop via Whonix Forum:

That’s the thing. I don’t want a dozen support threads of “how do I make sound work?” What do you have set for Qubes?

Sound works out of the box. For now. Might change in theory.

micky via Whonix Forum:

Not sure the questions in Whonix’s current FAQ page are really that frequent, and the size and details of it can be truly overwhelming. Don’t recall the last time someone asked here why isn’t OpenBSD is used for example.

Yes. FAQ contents could be largely moved to other pages where these
contents fit better. Or be renamed to VFAQ and then a new “real” FAQ
created. Forum search for VFAQ had this discussed before. Many questions
are now silenced. All the people that come out from the trenches making
suggestion to new distributions already made their argument so this
question barely comes ever up. Or perhaps we resolved one or another
online myth.

Many services have common recurring questions, coming from the nature
of things done differently from what users are accustomed to (and for
good reasons, at least here). That’s what a FAQ page is for.

For each user that hits the FAQ there’s “10” others who won’t even hit
the FAQ.

1 Like

micky via Whonix Forum:

  • Change shutdown default options from “Save the machine state” to “Power off the machine”

Is this still the case with XFCE? If so, please create a new forum thread.

Agreed. Whonix takes some learning though, for sure, especially if both Whonix and the virtualizer are new to the user.
End of the day users stay with defaults. The peculiarities in Whonix (no sound by default for example) are well worth some more support tickets if the tradeoff is lower security. Sure, we can instruct users to turn it off themselves / use headphones etc. But if the users read that there’d be no problem in the first place.

Created:
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/change-virtualbox-vm-shutdown-default-option/7309