From: "Robert Comer" 

> So running a browser in a VM is not a fully secured environment.

It can be, but it takes some discipline on the users part.

To do it right, one VM for general browsing, undo disks enabled, and close
and delete changes, VM Additions *not* installed.

One VM for secure browsing (only preset links), email - read as text only
and disable saving attachments. You could do this on the host as long as
you never do any general browsing and have AV software running.

--
Bob Comer





"John Beamish"  wrote in message
news:op.thy79cxqm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
> So running a browser in a VM is not a fully secured environment.
>
> I asked the question because Joe and Josephine Sixpack may no longer be
> part of a botnet but they will still hand over the keys to the family
> wealth if they use a credit card.
>
> On Wed, 25 Oct 2006 06:10:03 -0400, Geo  wrote:
>
>> "John Beamish"  wrote in message
>> news:op.thx7ioymm6tn4t{at}dellblack.wlfdle.phub.net.cable.rogers.com...
>>> Would it be possible to visit a "poison" site that
causes a keystroke
>>> logger (in, say, a hidden frame or some such) to trap and transmit back
>>> to
>>> "home base"?
>>
>> Typically that's what cross site scripting exploits are. It looks like
>> the
>> real site but it's not, may even pass you on to the real site after you
>> enter your login info.
>>
>> Geo.
>>
>>
>

--- BBBS/NT v4.01 Flag-5