[aborsy]

QubesOS is significantly more secure than the individual VMs. The vulnerability that the OS is compromised at the distribution level is a very special case. First of all, if Debian is compromised at source, it would be everyone that is compromised not just Qubes. This will be big news.

Qubes VMs are ephemeral. If they are compromised by the user installing malware, obviously the malware is jailed to that VM. It will also be cleared from that VM in the next reboot.

Qubes implements strictly separate compartments. Like, your password manager has no business to be in a VM that runs your media server.