"KVMSurf" - Surfing safely
2013 (with updates 2018 and 2023)
A "Debian Live"-based Linux distribution optimized for Internet surfing within a KVM-based virtual machine.
Motivation
With all the malware and exploits floating around in the Internet, I wanted to have a safe environment for Internet access. As nothing was readily available fulfilling my requirements, I needed to create a solution by myself.
Description
A virtual machine that can be completely reset to its initial state after usage seems to be suited well.
These are my requirements:
- fast boot
- using virtio drivers and Spice
- supporting Spice vdagent to enable clipboard sharing with host
- Firefox/Iceweasel with some basic add-ons (Flash, adblocker etc.)
- fast pdf viewer available
- possibility for persistence (for browser config, browser history etc.)
- optionally: access to a network share, e.g. to a transfer directory for storing downloads
Implementation
I evaluated Webconverger, a "Debian Live"-based Internet kiosk distribution, first. It seems to be great for the purpose for which it is created: e.g. for central administration or for locking down the machine. However, adaptation to personal needs like mine does not seem to be encouraged by the authors any more.
Thus I decided to create my own little distribition, also based on Debian Live. There are alternatives to that approach, e.g. for Ubuntu there is "vmbuilder" available.
I use KVM and OpenVZ a lot. For my surf station, I chose KVM to host the virtual machine for Internet surfing. With "Spice", there is an efficient remote desktop protocol available for it. I decided to tailor the virtual machine for running within KVM with a qxl graphics adaptor. This resulted in the name "KVMSurf" for the project.
With these decisions taken and while also taking the stated requirements into account, everything else is straight-forward: I created a makefile for configuring Debian Live builder and some simple bash scripts to support my needs. Et voila: KVMSurf was born!