How can I protect my TrueCrypt partition from being compomised by PassWare Kit

[Architect]

Except for the fact that with a compromised host, the virtual OS is still completely separated from the host and thus, it is independent of any malware installed in the host. The only things that could possibly affect the installed virtual OS would be a bruteforce of the keys, a very thorough but impractical analysis of the keys in SDRAM, both of which are totally useless if there's a strong key involved, i.e., a live key with a GPG-generated 512bit key.

You can never underestimate the power of:

Code: (bash) [Select]

dd if=/dev/urandom bs=512 count=4 | gpg -symmetric -a ./key.gpg
This can of course be extended and used as a failsafe; setting your [hopefully LUKS] partition to read the key from the USB, in addition to a [hopefully strong] password phrase could be considered effective.

[InfosecFurry]

Err, no, if your VM is running and my malware is on your system, the host can go "lol, what do we have here?"

[Architect]

The only way malware can get from the host to the VM or vice versa is by traversing shared directories. More advanced attacks are required for network exploitation from VM to host and host to VM. Simply because the host and VM are completely isolated and the VM is acting as a totally different OS. There is [hopefully] no way to tell the difference.

[InfosecFurry]

Consider, for a moment, the case of Virtualbox. When a keystroke is made on the keyboard, how does it get into the virtual machine? It travels through the host's kernel, gets passed to Java, which in turn passes it to the virtual machine to be processed.

There is plenty of opportunity for interception here.

Premise of my statements:
Most malware is written for Windows platforms.
Most people who use Windows + VMs will wind up using Virtualbox or VMWare.
If you kill the correct java.exe process, your VM shuts down immediately.

You don't need to actually fuck with the VM's memory space, you own the whole galaxy.

[Architect]

You just gave me a plethora of reasons why not to use Windows. And if you kill the right java process on Windows you can kill your whole install. Fuck Windows.

[ThePH30N1X]

You just gave me a plethora of reasons why not to use Windows. And if you kill the right java process on Windows you can kill your whole install. Fuck Windows.

Java controls the techno world.

[Architect]

What do music and Java have to do with each other? Lol. Seriously though, not my world.