So the question of the year; which BB setting is the most secure - fully virtualized or untrusted???
I’m using “untrusted”.
You can also check Chiron’s guide about CIS installation
So is fully virtualized no good for protection? I currently have mine set at untrusted, I just wanted to know what other options are avaliable?
Well, since the “fully virtualized” option is a new technology (added only in version 6 of CIS), some users prefer to keep BB on “untrusted” and wait maybe for CIS 7 (hopefully with improvements on virtualization) to switch to “fully virtualized”.
If I’m not wrong, when CIS 6 firstly came out, “fully virtualized” option was available only by a registry tuning.
I personally think that “untrusted” is the best setting for daily use. Then, if you do homebanking, you can use the Virtual Kiosk and open your browser there.
My top recommendation was, and still is, Untrusted. However, I am personally using Fully Virtualized on my own computer.
The discrepancy comes from the issues which still exist with Fully Virtualized. The ones which still bother me are that keyloggers running as Fully Virtualized can log keys, and grab screenshots, from the real computer. Also, it’s still possible for malware to piggyback on the browser to submit small amounts of information without triggering the firewall. Thus, it’s theoretically possible for a keylogger to log passwords and transmit them without the user being able to block it. There are some other vulnerabilities, but those are just annoyances which on the rare case you get hit by them will just cause your to have to log off and log back on to fix everything. Keyloggers scare me more because they can run silent in the background.
However, this is only possible if the user did not restart their computer in-between when the malware was run and when the passwords were used. Also, it requires that the user is not bothered by, or did not notice, an unknown application running as Fully Virtualized. As I pay attention to these I am fine with running Fully Virtualized.
The nice thing about Fully Virtualized, as compared to Untrusted, is that many software will still be able to run. Thus, there is less of a necessity to add files to the TFL, which for an advanced user is likely the larger vulnerability.
Thus, I suppose my advice would actually be for advanced users to consider using Fully Virtualized, but for all others (including many advanced users) to use Untrusted. Thus, as this is complicated advice to provide in an article, I have kept my advice as running CIS as Untrusted.