> My position is just that browsers-in-VMs is a mostly roundabout threat model whose actual benefits (such as some semblance of filesystem isolation) can be achieved other ways.
What other ways would you recommend for filesystem isolation better than simply immutable VM running a web browser?
> Security theatre. If your browser is attacked by an 0day of any sort, or malware or whatever, it will have access to the shared credentials and information inside your browser.
Yes running a VM won’t protect against this threat.
Running a VM will pretty much eliminate that 0-day from infecting the host OS, where it could become a persistent threat and have access to a range of sensitive data.
This is not security theatre. You just have incomplete threat modelling here.
Im currently looking for a Linux distribution to run in an immutable VM on macOS. It will only be used to run a web browser. A browser is the primary way your machine can get compromised.
Since it is immutable, restarting the VM will clear all files back to a clean slate.
macOS has app sandboxing built-in, but it is not as good as a VM.
I’m curious why this isn’t a more popular setup? Running a browser in an isolated VM seems like it should be a best practice. Does anyone else run a similar setup?
I’ve been a WordPress dev since 3.0.
It is a tool. And a very good one. Its market share dominance it not because it is proprietary (it is not) or because of vendor lock in (there is none). It is because it works very well, it is lightweight, it runs pretty much on any host, and is friendly to devs and end users.
Part of being a good dev is knowing which tool to use (and when to not use a tool) and how to get the most out of the tool.
What other ways would you recommend for filesystem isolation better than simply immutable VM running a web browser?