[ghgr]

I've been using QubesOS for years, and I highly recommend it. Not only for security (which of course), but also for the cleanliness of not polluting your computer with a myriad of dependencies for projects you just tried once.

And of course, the high-risk activities that we all have to do at some point (now at least their risk is limited to their virtual machine) :

  - curl|bash or similar 
  - pip install, npm install etc
  - run any random github project
  - sudo install the drivers of my Brother printer
  - install zoom
  - plug random cheap USB devices to eg update their firmware

[Always_Anon]

Why not just do all that in a throwaway container?

[fsflover]

Hardware virtualization is much more secure.

[Always_Anon]

Not any more it isn't. Rootless non-root containers are about as secure as VMs today.

[fsflover]

Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself: https://en.wikipedia.org/wiki/Blue_Pill_(software)

How is it about the containers?

[Always_Anon]

>Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself:

Have you been living under a rock [0]?

>How is it about the containers?

Container security aka OS virtualization has been quite secure for a while now.

[0] https://www.csoonline.com/article/551445/significant-virtual...

[fsflover]

> Have you been living under a rock [0]?

I think you don't understand: Qubes relies on hardware, not software virtualization: https://en.m.wikipedia.org/wiki/Hardware-assisted_virtualiza...