|
|
|
|
|
|
by axytol
1535 days ago
|
|
|
Some good tips on running untrusted code in VMs. If possible I'm interested to learn why you consider qemu based VMs as more secure than QubesOS? If I get it right QubesOS is Xen based so is it about the hypervisor or something else that favours qemu in your opinion? |
|
|
An AWS VM in the cloud I ssh into can't possibly snoop on another window I have open.
QubesOS on the other hand includes usability features like displaying graphical interfaces from VMs, clipboard sharing features, etc etc https://www.qubes-os.org/doc/gui/
These usability features increase attack surface, whether they're implemented on top of a Xen or KVM hypervisor.
My assumption for a local qemu setup is that the user wouldn't use things like 9p or display sharing, which I think means a smaller enough attack surface to make a difference.