In this configuration foolproof?

General Tor and Anonymity Talk
1

hello,
i would like to know if this installation is foolproof against malware/rootkit/trojan…
here is the installation
on a usb stick that have 2 partition (1 encrypted and hidden and 1 clear)
i install Debian/Gentoo liveusb on the clear partition
on the encrypted partition i install whonix
whonix will be used with virtualbox
the internal hdd and wifi module will be physically removed so that only the virtual machine with whonix will be able to use an external usb wifi module and not the host machine
so even if a malware can manage get out the virtualbox he wouldn’t be able to communicate with the outside since there is no wifi available on the host system
the usb stick have a physical write protection lock so there is no way a malware can write anything on it
but i still have a few questions
1)if a malware get out of the virtualbox can he manage to infect the bios ? if yes what can i do about it ?
2)If a malware get out of the virtuabox is there a way he can communicate with the outside even when the host have no connexion to the internet ?
3)now let’s say my bios is already infected with this configuration can a malware do harm ? i think not since bios malware still need to connect to the “command and control” which will be impossible since the host has no connexion, only the virtualbox
is there a way to protect yourself against virtualbox exploit?

thank you

2
i would like to know if this installation is foolproof against malware/rootkit/trojan...
Nothing is perfect.

Have you seen Anonymity Operating System Comparison - Whonix vs Tails vs Tor Browser Bundle already?

the internal hdd and wifi module will be physically removed so that only the virtual machine with whonix will be able to use an external usb wifi module and not the host machine so even if a malware can manage get out the virtualbox he wouldn't be able to communicate with the outside since there is no wifi available on the host system
It could simply use the wifi available to VirtualBox to connect?
the usb stick have a physical write protection lock so there is no way a malware can write anything on it
I don't know if Whonix can run from read-only media. And also usb firmware is not to be trusted. (Could have a special command to disable write protection.)
1)if a malware get out of the virtualbox can he manage to infect the bios ?
Yes.
if yes what can i do about it ?
There is no easy answer. Learn a lot more about computer security, programming. Create Free Software hardware, Free Software BIOS, etc.
2)If a malware get out of the virtuabox is there a way he can communicate with the outside even when the host have no connexion to the internet ?
It must have any connection to the internet, otherwise Tor couldn't connect? The malware could use the same connection as Tor must be able to use.
3)now let's say my bios is already infected with this configuration can a malware do harm ?
Yes.
i think not since bios malware still need to connect to the "command and control" which will be impossible since the host has no connexion, only the virtualbox
An infected BIOS can persist in RAM after boot, can infect the host operating system, can infect VirtualBox.
is there a way to protect yourself against virtualbox exploit?
Not using VirtualBox -> physical isolation. (https://www.whonix.org/wiki/Dev/Build_Documentation/Physical_Isolation)
3

Hey Patrick thanks for your answers!

the internal hdd and wifi module will be physically removed so that only the virtual machine with whonix will be able to use an external usb wifi module and not the host machine so even if a malware can manage get out the virtualbox he wouldn't be able to communicate with the outside since there is no wifi available on the host system

It could simply use the wifi available to VirtualBox to connect?

yes i know it could use the wifi available to virtualbox but it gonna pass through whonix gateway so the IP addresse and location wont be disclosed am i wrong ?

the usb stick have a physical write protection lock so there is no way a malware can write anything on it

I don’t know if Whonix can run from read-only media. And also usb firmware is not to be trusted. (Could have a special command to disable write protection.)

in fact it’s a memory card with a physical write protection lock inside a usb adaptor so i don’t think there is any special command to disable the write protection but i could be wrong ?
as for whonix running from read only media i will try it i think it’s possible

3)now let's say my bios is already infected with this configuration can a malware do harm ?

Yes.

i think not since bios malware still need to connect to the “command and control” which will be impossible since the host has no connexion, only the virtualbox

An infected BIOS can persist in RAM after boot, can infect the host operating system, can infect VirtualBox.

do you think it’s likely? from what i have read on bios malware, they are generaly basic programs that need the internet to download additional and more complex malwares to completly infect the host, i mean i find it pretty unlikely that a bios malware byitself can infect a linux host machine THEN infect a virtual machine os (whonix) to connect itself to the internet (since it can’t connect from the host), i think this is a very complicated process that a simple program can’t do but i’m newbie so i 'm probably wrong

again i’m really a newbie, i’m only starting to discover all of this so i apologise if my responses seem stupid
i didn’t know that computer security was so vast and complex, i learn something new everyday !

4
again i'm really a newbie, i'm only starting to discover all of this so i apologise if my responses seem stupid
Sure. It's not stupid at all! It can not be supposed, that someone knows all that stuff in advance.

[quotei didn’t know that computer security was so vast and complex, i learn something new everyday ![/quote]
You’re welcome.

yes i know it could use the wifi available to virtualbox but it gonna pass through whonix gateway so the IP addresse and location wont be disclosed am i wrong ?
What stops the WiFi from jumping to any other (hidden) WiFi? Non-wired (virtual or physical) connections between Whonix-Workstation and Whonix-Gateway are not recommended.

And if it’s routed through Whonix-Gateway, exploiting Whonix-Gateway is still at risk, see attack matrix.

i don't think there is any special command to disable the write protection but i could be wrong ?

You could be wrong here. Backdoors in hardware are not uncommon. (Recent news about some routers.) I don’t think usb write protection firmware has been scrutinized yet and it is a black box (propitiatory, non-Open Source, non-Free) yet.

a simple program can't do
As a skilled coder it will be possible. Sure, it's difficult. And probably needs to be tailored for any hardware. And it probably requires storage to load additional components from elsewhere [using firmware of other hardware?].

Examples of very sophisticated malware…

Prof of concept (hypervisor tricking operating systems):

Stuxnet (real malware, bridged air gaps! [Air gap (networking) - Wikipedia]):
Stuxnet - Wikipedia

I don’t know if BadBIOS is a hoax or not, nonetheless, BIOS malware is thinkable. Interesting to read:

do you think it's likely?
I will be careful making probability assessments. For example the NSA spying scandal is beyond what I have imagined. Having seen how much resources NSA has at disposal, I can imagine how much resources others have at hand. Therefore, I wouldn't be surprised about BIOS malware in the wild.
5

thank you Patrick, if i understand right you can’t trust anything either your softwares or hardwares !

6

Expanding on what I posted here:

If you boot a disc-less pc from a “confident it’s clean” pendrive, and supply a toram boot line arg…
…you can unplug the pendrive prior to going online.
Aside from the way-out possibility of being infected by a bios virus, seems the system should be bulletproof.

This, in conjunction with (re-plug pendrive and perform) on-demand persistence savefile update, is the way forward, IMO.

7

Yeah,sorry man nothing can be immune to backdoors,zeroday exploits,man in the middle attacks ,RATS,Trojans,spoofing,and so forth,there seems to always be an error in the coding,thats why theres a constant need for updating.

Making a secure system is hard,making a system immune to any type of attack is unspeakable (far too challenging) when your adversaries are Elite corrupt Hackers who were the ones who created your super safe and now choose to be criminals this is not the adversary you want to face and when your adversaries are people who have unlimited resources such as a corrupt NSA this is quite a daunting task,to make such a system secure enough to defend itself against such adversaries.

8

Wow, what a conversation. I like to make things as simple as possible, that’s why I think that there is no 100% security for targets and nothing that cannot be done by attackers. The only thing that can be done is to make make it hard and time consuming as possible for attackers… that’s why tor+whonix is first choice :slight_smile:

9

Oh my God exactly the point!Great explanation not only simple but straight to the point.Several security experts would agree with you.