The takeaway from recent revelations of widespread NSA spying is even the best security software is unlikely to keep out elite hackers. One frequently offered defense is to use a separate PC to access the Internet, but that’s hardly practical. So short of disconnecting your computer, how can you protect yourself?
Thanks to the low price of RAM and availability of fast solid-state drives (SSDs), an increasingly appealing solution is to set up a virtual machine (VM) just for working with emails and browsing the Internet. This requires less hassle but offers heightened security by accessing the two likeliest attack vectors from what is effectively a security sandbox. Here’s how to set up your own VM.
Pick a product
There are a number of virtualization products available for PC users. If budget is your main concern, Oracle VirtualBox is a completely free general-purpose virtualizer, and VMware Player is free for personal non-commercial use. If you use Windows 8 Pro or Enterprise, you can also take advantage of Hyper-V virtual machine manager. It isn’t installed by default, though, so you will need to go to Control Panel, Programs, and Programs and Features. Click on Turn Windows Features on or off, and select the checkbox under Hyper-V. A system restart is necessary to complete the installation.
If you can afford a more full-featured product, VMware Workstation 10 offers a number of advanced capabilities not found elsewhere. For example, USB3 streams support faster file copying, while an SSD pass-through mode allows certain guest VMs to detect the use of SSDs and optimize their operations accordingly. If VMware Workstation 10’s $249 price tag is too steep, VMware Player Plus is available for use in a commercial environment for $99.99.
Note: If you intend to run the Outlook desktop app in your VM, consider upgrading first to a solid-state drive (SSD) for its superior disk performance. You can never have too much RAM, either, with between 1GB and 1.5GB of RAM recommended for Windows 7 and Windows 8.
Use read-only mode
One security advantage of running a VM environment is the ability to run it in read-only mode. When run in this manner, simply powering down the VM is an effective way to quickly eliminate any malware infestation.
But be aware this is unlikely to work well unless you rely on a Web-based email client. Even so, important security updates may end up not being installed and browser settings may fail to synchronize correctly, so it’s a good idea to periodically reboot your VM into normal read-write to get the pertinent patches and updates installed.
Isolate the Virtual Machine
Because you’re using a VM as a means to increase security, you should ensure it’s isolated from your main machine. This is pertinent as many modern VM environments offer features to easily access files and resources in the VM host (and vice versa). Where applicable, disable shared folders or limit it to closely monitored locations.
Another area to keep an eye on is drag and drop file transfers between guest and host machines. You may even want to disable copy and paste support so as not to inadvertently leak the contents of your clipboard onto your host machine.
Maintain security measures
While using a virtual machine for your Web browsing and email can limit the damage from a successful attack, it’s not a cure-all for your security issues. A hacker who successfully compromises your virtual machine may still make off with saved passwords, or have the opportunity to rifle through (or download) your email correspondences.
Basic security tips—use different passwords on different websites, install a trusted antimalware software, and keep Windows and application software updated—still apply. Additionally, password managers should be installed on the main PC host and not the guest virtual machine environment. Type out the passwords manually or copy them over from the password manager installed on your host machine (You will need to enable copying and pasting between VMs first). Where possible, don't let the browser in your VM environment remember your passwords.
Recent reports have shown that given sufficient motive and incentive, even security professionals and world leaders can be hacked. Ultimately, you need to accept that no security measures make you invulnerable. But a virtual machine dedicated to reading emails and Web surfing should at least stymie amateur hackers and script kiddies and persuade them to target other lower-hanging fruits instead.