mutable mic for security / privacy

[xahare]

Would like the mic, or audio input channels to be mutable per vm. a simple boolean would be great.

by definition, many use cases of virtual machines implies that they are not trusted. while you can disable the mic on the host, this doesnt help when you do want to use it.

[erdeslawe]

Why not simply use a Guest's built in controls to disable sound input and/or output? It works for me as I, normally, have no use for such features in a Guest OS unless I want to carry out some specific software tests.

[socratis]

a simple boolean would be great.

Technically, it's a drop down actually. Host Audio driver = Null Audio.

[xahare]

Why not simply use a Guest's built in controls to disable sound input and/or output? It works for me as I, normally, have no use for such features in a Guest OS unless I want to carry out some specific software tests.

the point is to prevent malware from spying on the user.

a simple boolean would be great.

Technically, it's a drop down actually. Host Audio driver = Null Audio.

that disables both input and output. its more common to want audio out from a vm without wanting audio in. now that i look at it, a good place for that option would be sub menu under devices. something like audio-> disabled, in, out, both.

[socratis]

So, let me get this straight. You want to do testing with potentially rogue software, while listening to sounds from within the VM, but you're afraid that the rogue software maybe listening to you. And you want the hardware emulator to stop that. And that's something that you can't do neither from the host nor the guest. And you want a click-option. Does that sum it up?

[xahare]

So, let me get this straight. You want to do testing with potentially rogue software, while listening to sounds from within the VM, but you're afraid that the rogue software maybe listening to you. And you want the hardware emulator to stop that. And that's something that you can't do neither from the host nor the guest. And you want a click-option. Does that sum it up?

Yes.

By definition, im not trusting the guest, so anything in that is out. While you can mute the mic on the host, this means, you'd have to suspend all the other vms when you use it. and, you might forget to re mute it if you do use it.

This is not because im intentionally running malware. This is a least privileged access thing. You often dont know when a vm is compromised until sometime after. the attacker might be listenting to you, or listening for passphrases that your typing into other VMs. https://en.wikipedia.org/wiki/Keystroke_dynamics

i do all my work in virtual machines. os x is only there to run them. the idea is to prevent compromise and contain the damage when it happens.

p.s. im aware of qubes-os, and did run it on my other laptop. this one has some different purposes.

[socratis]

This is a least privileged access thing.

That's what I was thinking when I said disable the audio controller altogether. Case closed. End of discussion.