Why Use Virtual Machines for Privacy and Security? Not Obvious! Top 6 List!

Yes, it's a good way to learn Linux if you just have one PC and you still want to use your daily driver OS - you don't have to dual boot and use one OS or the other.

Yup...no need for dual boot setups, etc.....although having the thumb drive version of your favorite alternate OS is always handy....

same

i totally agree, vm's changed my life online tbh, i went from having multiple physical machines to only one and i have every os i could ever dream of.

@@Josh_728 maybe your host pc is bad to begin with ?

I think you are missing the core point here.
Running Windows VMs because you need them in business or, say, as a Windows developer is one thing - but do also remember that the Windows builds used by businesses are completely different to those used by home users because no business would allow Microsoft to extract the same types of data from their business PCs that they do on home user PCs. Businesses are given far more control over Windows than home users are.
This is a discussion about privacy and nobody who truly cares about privacy, or understands privacy, would ever blindly run a privacy-hating modern Windows OS (or MacOS) in the first place - unless, like business versions of Windows, they have the capability of disabling all of that crappy telemetry. And that capability just isn't there with either of those two OSes because the moment you turn off telemetry, Microsoft or Apple just enable it again with the next update.
In the case of privacy, where "misinformed" people choose to run privacy-hating OSes like Windows or MacOS then what Rob is suggesting here is running Linux-based VMs as a mechanism to isolate certain Internet activities from the "prying eyes" of Apple and Microsoft in order to improve privacy - whereas your suggestion that people should deploy MORE Windows is doing the complete opposite.

@@terrydaktyllus1320so are you saying to install Linux as the base OS and run windows only within a VM instance?

@@harbinjar I don't need to run Windows at all - but if you do then, yes, it's safer to run Windows in a VM. But it will be no good for gaming unless you get into some "jiggery pokery" with GPU configuration.

if this is just about privacy, not about privacy+security+testing, then these days it's easier to use additionally installed librewolf/mullvad/tor, depending on the privacy level you need. In everyday life most people would be content with firefox/brave or similar browser with ad blocker + "noscript" extension

Ah yes. This! I work as an Infrastructure consultant / architect. Not quite development environments, but it's crazy how much kit is out there that needs a browser with Flash or an ancient version of Java to access the management console. There are a couple of old EqualLogic SANs and some fibre channel switches at customer datacentres that spring to mind. Not to mention places that still have vSphere 6 kicking about in a dusty comms room. I don't want buggy, insecure things on my main PC, but having a Windows 7 VM with IE, Flash and Java 6 is a great get-out-of-jail tool. I know - I could use SSH, but learning the CLI for an obsolete device I access once in a blue moon is not a good use of time, imo.

You make valid points but I disagree with you saying that VMs have limited use in privacy.
A VM running Linux essentially gives you "another free computer" in age when storage is dirt cheap and it's not going to be an issue having a dozen VMs ready for use when you need them - sure, running them ALL at the same time probably needs you to spend some money on a powerful PC, but I am not suggesting that here.
But nothing stops me creating, say, four identities on the Internet and isolating each ID to one of the VMs - what you've then got is a good baseline for segregating four browser installations and, combining that with VPN, I would see it would be very difficult for an external "snooper" to be able to link the four instances together in any way.
So I do think VMs can be an important part of a good privacy strategy.

@@terrydaktyllus1320 I agree, it absolutely can be used effectively like you just described, but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host.
And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing).
So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM.

@@rigierish3807 "but the fact that the host can constantly see everything happening in the VMs is sort of a "breach" that we can't ignore and can't be solved other than changing the host."
That's an incorrect statement. The host can't "see" everything that's happening in the VM, it just controls the resources (CPU, RAM, disk space, etc.) allocated to the VM. It can see resources but not what applications are running or what's in the memory contents.
The contents of RAM are just 1s and 0s - in order to make sense of what those 1s and 0s mean, you'd need to know what applications are writing to what memory addresses. The host can't see to that detail inside the VM's memory.
The host can't, for example, tell that a VM user is running LibreOffice - you'd need to SSH or RDP from the host to see what the VM is doing.
"And if using VMs 5 or 10 years ago under Windows would've been ok, my defiance towards the recent Windows versions is too strong for me to take the risk of running it as a host and Linux as a guest (instead of the opposite, which is what I'm currently doing)."
I stopped using Windows when support for Windows 7 ended, so I'm the wrong person to be talking to on that.
"So my point is just that you won't eliminate as much spying and tracking as you can by doing this and you are still vulnerable, but you're still less than if you didn't use any VM."
The VM is a "software PC" with a network presence that is vulnerable to exactly the same security and privacy issues as a "bare metal" PC.
If you can intrude onto the host, then you can start turning VMs off - the equivalent on bare metal would be switching off racks of servers, which would need an on site presence (i.e. a lot more difficult).
Plus old vulnerabilities like Spectre and Meltdown allowed reading of memory contents of other applications, but they were not VM specific - you could technically do it on any application.

@@terrydaktyllus1320 Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that.
Now sure, you can have hardware vulnerabilities that still can go around the security of VMs but first, those are generally much _much_ less frequent, second, the viruses or malwares using such vulnerabilities must be programmed to be able to target multiple types of OS with different architectures, which would make them much more sophisticated than the vast majority of malwares people usually encounter, and finally, the vulnerabilities you mentioned got patched and solved since then, which were the two big vulnerabilities that, left unpatched, could've actually lead to completely vulnerable computers all over the world.
About the "see or not to see" argument, you say that a host can't actually read programs locally ran by the guest because that's something the guest manage rather than the host: that's a fair point, but what makes it impossible for the host to have something in Windows (other than the VM program) made to understand how the guest OS works and therefore, identify any program in the RAM dedicated to the guest and collect information about it? Nothing. Especially when the VM program and guest OS or kernel in this case, is completely open source like Linux using Virtual Box.
Unfortunately, because Windows isn't open source, we can't prove or refute this.
So personally, as I said previously, rather than trusting Microsoft, I prefer to not take the risk at all, as insignificant as it can be.

@@rigierish3807 "Whether the guest has software vulnerabilities or not is irrelevant to the security of the host, as all VM guests are completely isolated and nothing can escape from it (unless you create yourself a gateway): they were designed for that."
And where did I say anything like that in my responses? Now you are putting words into my mouth and arguing against them.
Respectfully, I've enjoyed our conversation to this point but I really have said all I want to on the topic. You're welcome to disagree with part or all of what I said but working daily in Linux and VMware cybersecurity for 18 years now does count for something, I do know what I am talking about here.
Let's disengage at this point. Thanks for the chat and I wish you a very pleasant rest of your day.

So you have an application that scans your home network and stores the information it retrieves on a Cloud server (i.e. somebody else's computer) and you're asking if there are privacy concerns here? Do I even need to answer that?

@terrydaktyllus1320 I know there is. I just want his take how much of a cocern it is. I block it from accessing the internet from my router, but then do not get notifications while away, Ionly get them when connected to my network. Therefore it is still useful for me.

this software emulated type of VM is not responsible for connection to internet. You need to configure your private/secure connection with your VPN in case you use it. Otherwise you will be seen from outside according to your ISP and router settings

this web site doesn't seem to make a really deep fingerprint analysis. I would recommend using browserleaks. It might be not that intuitive from beginnging, but it has a bunch of tests

Why not just call your bank and give them a travel advisory for the days you will be out of the country?

@@hxhdfjifzirstc894 I wanted to be able to access the bank from Mexico for any unexpected event. But that is a good idea for credit cards.

I can't see a Yt video that explains how to. Do you know any?

​@@Todeskulte_enttarntDavid Bombal had some vids on this topic.

You're not gaining much in putting it on a USB drive, unless you need portability and something to keep in your pocket.
USB is slower than a traditional hard drive or SSD and it's a lot easier to corrupt a USB stick, especially with the amount of read and writes an OS does when you use it.
Where USB is useful is where you boot, say, Tails OS that doesn't write to the USB stick and stores any data in memory until you power it down - that's a very private way of using a computer, but it's a very specific use case.

@@terrydaktyllus1320 Thank you! You are right that USB drives crap out after a while - one lasted about a year before it failed.

@@rootcanal7188 Sure, your core idea is sound and booting Tales OS from a USB drive is the *ULTIMATE* in privacy anyway - so it's not a bad idea overall.

There are ways of sharing text between clipboards on the host machine and virtual machine - on Linux, you can also copy to and paste from the clipboard from a CLI tool that you could then build into a script.
So the "potential" is there to be able to do it but it would need to be looked at in more detail.

@@terrydaktyllus1320 Yeah I'm a retired mainframe programmer. So I've kind of done my tour of duty and then some but when I'm in the mood I do tinker. Thanks.

@@beachbumsailordude If you programmed mainframes, then you're probably not actually a retiared.

@@beachbumsailordude We're probably of a similar age then, though I am not quite retired yet. I did a spell maintaining DEC PDP-11s, for example.

My use case that I describe is for specialized use. Not for everyday use. For example, putting Email in a VM is much better than using an antivirus. Isolating identity identifiers against specific platforms like Google is a very good use. Then the rest of your usage can stay on the host machine.

There is some snooping the host OS can do, but if the VM is encrypted, that limits quite a few avenues for the host to spy on what's going on in the VM. Run a VPN inside the guest OS to limit snooping on network traffic. If you're extra paranoid, use a separate keyboard and mouse and use USB passthrough. I imagine there's still ways the host OS could inspect the keystrokes, but it does limit that a lot, since the OS doesn't see the device that is passed through in the list devices available to the host. Screen capture is still a thing, which might be difficult to get around. Mac OS is OK at locking that down for 3rd party apps, so perhaps an encrypted VM running on Fusion on Mac OSX might be one way to go. Presumably, the OS still has access and rootkits might get around the OS protection. But if you've got OS manufacturers complicit in spying on you at that level, or adversaries able to install rootkits on your device, I don't know what to tell you. Maybe go analogue at that point.

@@ralph17p I don't know about you but if i'm running a VM for privacy, i'm using Onion or Loki services IMO better than a vpn.. of course you could layer them on top of each other. even with the vm encrypted the memory isn't so much (i think?) something on the host could possibly capture that data. I am not saying that doing thing through a VM is bad just that even with doing these things there is the opportunity.
I'm not a privacy or security expert by any means. I just don't trust anything any more "they" just keep getting more and more intrusive. I talk all this stuff about privacy and stuff and here i'm using one of the worst things for privacy.. youtube! lol.

Admirable work on your part!

How can you say monitoring by Iran, China and Taiwan was "proven" but in the same sentence say "so might as well throw Russia in for the hell of it"? So you made up the Russia bit then just to add to the other three "proven" countries? Why would you do that?
And as someone who has worked in cyber-security for the past 18 years, do please explain to me how it was "proven"? Because bad actors use Tor and VPN to conceal their origins so you can't automatically assume where they are from or who they are working for - especially as many companies block IP addresses that are known to originate from those states anyway.
But I am sure you can explain, from your real world experience, how their location was proven? And what was their motive? What attack vectors did they use?

How was it proven that you were specifically being monitored by Iran, China and Taiwan? And why then "throw in" Russia that wasn't "proven"? Just for more "dramatic effect" on your part?
I've worked in cyber-security for 18 years, it's extremely difficult to "prove" where bad actors come from unless they are caught - and I doubt anyone is that concerned about them monitoring your devices specifically to go find them.
And what attack vectors that you know of might cause "threat to life" that would also be related to your phone and computer?
And if you're that knowledgeable about cyber-security, then why do you need to buy Rob's products? I am sure his products are very good but if you understand security and privacy yourself, you can do yourself what a lot of his products do.

@@terrydaktyllus1320 I don't understand it myself, I was thrown into chaos.
First was Iran. I was using google flights and it was giving me prices in Iranian money but when I did IP search website it came back in New Jersey but to a company registered as "Nuclear Proliferation Inc". F-ing crazy! I reported it to the appropriate people who specialize in this type of thing (US gov).
Yes, the Russia part was a joke; that you can feel free to label as 'dramatic effect'. You must be a very boring person if you can't recognize that.
Note: I have worked on all of the listed countries in the past. It is logical if they pay attention to me.
If you would like an exciting life I suggest you start by joining the army (as I did) and serving in a couple wars (as I did) and get obsessed with destroying the enemy (as I am) and maybe your 18 years will provide more opportunities.

​@@terrydaktyllus1320 Unironically would love to hear more from you or learn some of what you know 🤔 any resources I can learn from other than this channel that tackle things from a critical thinking perspective rather than biased or fear mongering angles?

yeah, many WiFi adapters have proprietary soft. You can install it separately after installing Linux, or just try some distribution that already have 3rd party proprietary soft, like Ubuntu.
When you use VirtualBox or any other type 2 hosted hypervisor, you don't have to configure much, so it should work smoothly, if you already configured it in your host OS

@@user-od4gs3iu4t thanks for the reply, i’ll try it out. I did try to install a driver after install, i was able to do it in Debian but doing the same process in Kali would never work. Go figure. Thanks again!

@@user-od4gs3iu4t it worked! 💪🏼

They are not "suspicious" profiles, they are there to give Microsoft the access that they need to be able extract as much of your private information as possible whenever they like.
In another YT channel yesterday, I can across a post by a Windows user who was very proud of himself because he'd managed to strip down Windows 10 to run in a maximum of 3GB RAM.
I responded to him and I explained that if you install Ubuntu (the most "bloated" Linux distro there is), boot it up and then open 20 or so tabs in the browser, you'd probably have a memory usage of around 1.5 to 2GB at most. The recommended minimum RAM for Windows 10 is 8GB.
So thinking about the difference in memory requirements between the two, why do you think Windows needs that much more memory? Unless it is running a lot of stuff in the background that isn't obvious...
Are you also aware that Microsoft released Windows Defender for malware detection around the time of Windows XP? it had a reputation for not being very good compared to commercial anti-malware software at the time.
These days, it has a great reputation and it's because it does real-time analysis where it reports back to Microsoft what it finds on users' PCs as an "early warning" mechanism for new malware - but that just means it's there all the time, running in background, requiring lots of memory and CPU time and constantly scanning your PC.
MacOS does the same because of the "Think Of The Children" excuse.
I think you're being deliberately obtuse and evasive here... you clearly know enough about computers to a do a degree of analysis yourself, yet you don't want to accept that the explanation for what you are seeing is the most obvious one. It's Microsoft and not some "mysterious bad actor" intruding into your PC.

@@terrydaktyllus1320 that was i was "talking" about. i know what is their purpose. i am using linux, actually back on ubuntu, but i have dual boot. i log into windows very rarely but still. there are reasons to have also windows. moreover i have to deal sometimes with pc of others, especially my parents...

@@non9886 You asked a question about why some profiles exist on Windows, I explained why they exist and you cannot trust Microsoft or Windows.
Whether or not you still use Windows is up to you and of no interest to me - once I give you my honest opinion, you can choose to listen to it or ignore it. That is up to you.

@@terrydaktyllus1320 your answer is useless. you told me what i had known alredy before. i did not ask why there are some profiles and i did not ask you...

@@non9886 There's clearly a language issue here so I am going to close this conversation.
If you don't like my answer then go get answers elsewhere, it is of no concern to me. I hope you find the answers you need.
Have a good rest of your day, the discussion is now closed.

disabling network will be the best. If you need network, see the description of these modes and pick up the one you need. I prefer NAT mode

It's impossible to answer the question without knowing your definition of "maximum security".
To become "secure" you have to first work out what attack vectors you are securing a system against.
For example, if malware is your concern then educating users to use common sense with email and on web sites is the best way to secure against that attack but the type of network interface would be irrelevant.
You would also need to understand how your existing network is set up. If your host is on a routable IP address then you could say that NAT with a non-routable IP address for each VM adds an additional layer of security - but then there are additional challenges setting up communications through the NAT to the VM.
In a home network, your host is probably already on a non-routable IP address so using NAT again may give you some logical network segregation and design but isn't going to add much to your security - if an intruder has already traversed one NAT interace through your ISP router then they won't have a problem getting through a second one between the VM host and the VMs.

it's still much more safer than opening files right in your windows. There might be some vulnerability in any software. Even in xz linux utility

I'm not talking about 3rd party scripts. I'm talking about CHROME CODE ITSELF

I'm not sure if Virtualbox does it, but VMware Workstation has a non-persistent setting for virtual disks. Enable it for day to day use and turn it off when you want to install updates or new software. It's basically the same thing as a linked clone or snapshot, but it happens automatically on shutdown.

No. BTW a lot of the virtualization is actually done at the CPU side now. So the host is hardly involved.

I run VM's on my NAS and they have the full run of the network ( or the parts that I provide user rights to). In fact, I use a VM to sync one NAS to my backup NAS without bogging down my desktop.

@@DavidM2002 Yes, but as I've already explained in response to your main comment, allowing Windows VMs free reign of your private network is killing your privacy, not enhancing it. All of that "lovely" data about your home networking environment is collected by Microsoft.
If it was me, I wouldn't be "crowing" about that on here in a privacy discussion.

@@terrydaktyllus1320 I did not create the VM's for privacy.

@@robbraxmantechNo? Really? The fact that you’re recording the screen of the host and it’s capturing the VM immediately disproves that. The host can absolutely see every detail of what’s going on in VMs.

I don't know anything about it yet. It's in beta I guess

@@robbraxmantechThis sounds like a fantastic idea for a future video then. 😊

That's a bit like knowing that you don't like olives but ordering a pizza with olives anyway just to pick them off the pizza before you eat it. Why not just order it without olives?
Why not just use Linux and not worry about co-pilot in the first place?
If you don't trust co-pilot (and I wouldn't trust it), then how can you consider storing your most personal data on the OS it runs on? Because you can't trust that either.

@@terrydaktyllus1320That's actually a bad analogy because you can't order windows with or without certain features in this case. So a more accurate analogy would be you're in a restaurant that has only burgers or pizza and the the pizza comes with olives. You really feel like pizza and don't want a burger so you have to order the pizza and pick off the olives.

@@linsqopiring6816 If you want to make a different analogy then so be it. But mine still works fine, and I am not debating "verbal semantics" with you.

I did forget.

@@robbraxmantechOk. It should speed up the graphics so that 4k is no problem. There are even examples of some programs running faster on virtual Linux than on native Windows ..

I did it on my Linux Distro showdown video. But I couldn't remember for this round.

@@biondanishgenomeinstitute8193 4K is a gimmick unless you are projecting onto the side of a building or the underside of a dome above your head.
My eyes have never looked at a 1080p image and said to my brain "Excuse me, but we need more pixels".

@@terrydaktyllus1320
:D
True!

I don't understand why you'd single this out as a specific problem with VMs? If host spying (presumably by reading memory contents) is that much of a concern, why would you use a browser to do online banking or enter sensitive information anywhere on your computer in ANY application?
The Spectre and Meltdown CPU vulnerabilities made that a real issue about 5 years ago (albeit stuff has been patched since then) but this isn't a "new" problem just because an application happens to manage VMs.

@@terrydaktyllus1320 you just said it exactly right. If your using windows why would you put sensative info there at all.
When you know the OS is no longer trusted.
But like you said if the only option is pizza with olives, is it possible to pull the olives off? And with windows probably not.

some questions under this video raise another one big question: do people really care so much about security or they rather become a bit paranoid ?

The point is to hide machine identifiers so that VM must not be Windows. Linux/Linux is fine of course. But most have reasons to use a non-Linux host.

It is a window

if you watched the entire video you would know the answer is no.

only in a limited way. Because many web sites that you visit have fb/meta as a "partner" site or another excuse to share your data with big techs.
The only way is direct ban fb/meta from your side. You can choose the way you can do this, depending on your infrastructure or preferences. It can be router settings, firewall block list, ad block, special extension in your browser, secure DNS with social network blocking - many DNS services offer this now )
You can choose whatever suits you well or even get them all )

you mean in this video? timestamp?

You can still do it. I was doing that last night and I got the same message but was able to run it.

so you can go shopping and get a new pc. Even if you are glad with your current one.
high chance that you also pay for one more windows

"man" said it should not be disclosed, it's a unique randomly generated identifier used in a local machine. Some problems may encounter if system is cloned, but this problem seems to be solved

do you know how it happened?

separate app, like from Microsoft Store or Apple Store

@@robbraxmantech Thanks, I avoid using apps wherever possible. I should add discord to that list now that I think about it.

Search my name and the word virtual machine

I would suggest watching a bunch of YT videos. What you have to realize is that there are a number of ways to host a VM. On your Windows machine, the app that you might want to start with is Hyper-V and I believe that Virtual Box will run on Windows ( both free). Search on those names and you should be off to a good start. Make sure that you have a minimum of 8 Gb of RAM; 4 for the host and 4 for the VM. Those are the minimums. 16 Gb would be much better. You can also find videos for setting up VMs on various brands of NAS : QNAP, Synology, etc. Lots there but you will need to spend some money on hardware. If you are really technically minded, get an old PC and install Proxmox. I've tried that and gave up because I just didn't need more VM's that required so much learning time.

@@DavidM2002 Thank you very much for the information. Greatly appreciated.

...along with the swap file, they are biggest areas of interest for tracking/spying on anybody.

VM has it's own filesystem

@@robbraxmantechWhich is also why a VM helps with client side scanning, a major idea in this video. But I wonder if client side scanning could be done at the display level. In other words whatever is sent to your display is scanned just before it goes to the display.

@@robbraxmantech You are right sir, but this thing is in HDD records and it's independent of whether files are being accessed via a filesystem or not

What names? And what about if you use an encrypted file system? If you put your VM on the encrypted file system then that can't be "read" either.

as I responded below, I've already said that this video is to protect against 3rd party privacy attacks. Not defending against the OS. So for this 3rd party threat (which is a reality and very significant and very common), a bare-metal hypervisor is overkill. However if your threat is the OS, because that is your line of work, then of course you reveal the higher level solution for the specialist.

When you are just learning, that's the last thing a newbie wants.

@@DavidM2002 the best thing for a noobie to do is learn. Stop holding yourself back.

Why? If Virtualbox provides a good enough solution, why use anything else? A Type 1 hypervisor needs virtualisation extensions in a CPU to work properly anyway, Virtualbox is slower because it does everything in software.
But if it works, who cares?

@@tacticalcenter8658 "the best thing for a noobie to do is learn. Stop holding yourself back."
So you're going to make a video for newbies on how to purchase, register and install VMware, are you? In your own time then, maestro...

Mobile OS are already virtual machines (each app is isolated)

certainly it will

If you have this level of distrust then the host has to be Linux. which is even better and then use KVM. Or even Qubes

Yes, Virtualbox is Open Source. You should probably be more concerned with VMware having back doors, given it is closed source.

@@robbraxmantech you could have a Linux host and a Linux guest all on a single USB drive, too.

They are diametrically opposed concepts - Tails OS is designed to be non-persistent and booted from a USB stick each time you use it. Data created when using Tails OS is stored in RAM, it is lost when the machine is powered off.
A VM is designed to be a persistent image that can be deployed quickly, updated and snapshotted as required - completely the opposite.

@@terrydaktyllus1320 Okay, Tails is normally launched from a usb drive, which seems to me to be a persistent image on the usb drive. But that requires a machine reboot to load. Yes, RAM is lost when you shut down a Tails session, but isn't RAM also lost when the VM gets shut down and memory is reallocated to the host OS? It seems to me if a clean Tails image is deployed in VM and RAM returned to the host at the end of the session, the advantage goes to Tails on VM because of no need to reboot. What am I missing? Kind regards.

@@ajkurp5919 "Okay, Tails is normally launched from a usb drive, which seems to me to be a persistent image on the usb drive."
By "non persistent" I am referring to the run state of the computer system at the point you turn it off - none of your personal data is written to the USB drive, which contains a "persistent" image.
But you know this already, you're trying to turn this into a game of verbal semantics because you know I am correct about this - and you can play that game on your own.
"But that requires a machine reboot to load."
Sure, and when you load a VM you are resetting the "software PC" too. But your point is precisely what here?
"Yes, RAM is lost when you shut down a Tails session, but isn't RAM also lost when the VM gets shut down and memory is reallocated to the host OS?"
Again, this is easy to understand and I don't believe you are this obtuse.
By default, an OS is going to store transient and persistent data on the storage media in the computing device - that means it persists after a power down, it doesn't matter if it's bare metal or a VM.
Tails OS is configured to only use RAM and RAM disks for storage of transient or "persistent" data, which is lost when the machine powered down.
I really don't expect to have to explain this to you again.
"It seems to me if a clean Tails image is deployed in VM and RAM returned to the host at the end of the session, the advantage goes to Tails on VM because of no need to reboot."
Absolutely, but then there is absolutely no advantage to running it in a VM in the first place is there! That's my point. Well done, you got there in the end.
"What am I missing?"
Nothing, now that I've played your little game and explained it to you a second time. Your job now is to "read and understand" so that the time and effort I have put in explaining this to you isn't wasted.
"Kind regards."
You're welcome, you can thank me later.

I think that you miss the concept of VM state saving. By default you can either shut down, or save state. But you can also revert to the last system saved state which can be... fresh installation, or just space allocation. So if you configure your VM the right way, this should work

Terry, you miss one more important function of VM, that the image can not only be saved, saved incrementally etc , but also reverted to the last saved state. Good if you need to test something or use internet session without any change on your pc

Yes that's what I said. However, be aware that the network could still be monitored (MITM), which is a different threat though.

It will provide scanning isolation of the host from the VM, but I am not sure you gain that much running MacOS within MacOS. The whole point to using a Linux VM is that it's an OS that starts off being private - potentially the same scanning tools running on a MacOS VM host can also run independently on the VM. In simple terms, Apple still scans both machines.

Yes, that was the intent of my question. Do they (Apple) have tools that would scan the MacOS VM as well.@@terrydaktyllus1320

I think the term "scan" is not the best for characterization of the activity. They don't scan you from internet. But your system - and highly likely irrelevant if this is a host or a virtual machine, run their own processes that collect, pack, and send some info to the HQ.
If you don't trust your Mac OS, then the best deal is probably just stop using it )
my old Mac book now happily running ubuntu, old Mac OS is completely wiped out. And no regrets )

I missed the detail about running MacOS on the client. Bad thing.

Past when?

@@lussor1like 20 yrs ago