Hacker News new | ask | show | jobs
by fsflover 2229 days ago
> I find it hard to believe that any contemporary operating system can robustly prevent a locally executing program from tricking the average desktop user into entering the administrator password equivalent to TFA's /tmp/sudo example, not on today's average computer.

Qubes OS can. Though it's not for the average users.
1 comments
AstralStorm 2229 days ago
It's more that it makes said sudo much less effective. You still can get tricked inside the VM or a canny enough attacker will find a bypass for VM security.

It is a somewhat higher bar though.

The point is moot, as the most destructive attacks are ransomware, which this limits but does not prevent, website ID (login, address, credit card) and data theft, phishing and scams. None of which is prevented by Qubes.

Evil maid attacks are frustrated though if you install its extra security features.

However, it is wise to remember that security is as strong as the weakest link, so do use it if you're an admin or dev.

link
fsflover 2229 days ago
> The point is moot, as the most destructive attacks are ransomware, which this limits but does not prevent

Qubes OS assumes (promotes and helps with) that you do not open random links inside your banking or important VM. You can even open links automatically in a disposable VM upon a mouse click. It should help here I guess.

> bypass for VM security

VT-d virtualization was broken only once by a software attack. An it was done by the Qubes founder.

link