| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by tholdem 525 days ago

> This is significantly underestimating the benefits of Qubes. Are you using your online banking in the same browser that you use for random web surfing? I do it in separate VMs with hardware isolation. Same compartmentalization with all other things.

What about NetVM? All AppVMs us that so what if that get's compromised? Since the templates are not hardened at all, could the attacker jump from NetVM to AppVM?

> I'm not using the same VM for everything but dedicated VMs for bank, email, HN, instant messaging and so on. A malware on a random website would only get the access to an empty VM, nothing more.

So how many Templates and AppVMs do you have? Each of those dedicated VMs would need their own AppVMs at least. You have Domain: Bank, Domain: Email (do all email accounts get their own domain?), Domain: HN, Domain: Github, Domain: Stackoverflow, Domain: Signal and so on.

> If your VM is compromised, no hardening will save your data

So that means layered security is totally meaningless and instead of keeping it default, let's remove mitigations?

> you never run anything untrusted in trusted ones and never have anything valuable in untrusted ones.

In practice, this is close to impossible.

> I don't understand why one wouldn't use them for everything not requiring saving the data

Disposable VMs were the best part of QubesOS, but unfortunately, it's is pretty common that you need to login to something or save something, which means you can't use DisposableVMs for everything.

1 comments

fsflover 525 days ago

>> If your VM is compromised, no hardening will save your data

> So that means layered security is totally meaningless and instead of keeping it default, let's remove mitigations?

Security in depth is definitely important, but it would provide a smaller improvement compared with the virtualization. Don't throw the baby out with the bathwater by refusing to use Qubes without hardening. Also, Qubes developers do have plans to implement more hardening: https://github.com/QubesOS/qubes-issues/issues/5294, https://github.com/QubesOS/qubes-issues/issues/5461, https://github.com/QubesOS/qubes-issues/issues/8823 etc.

> Each of those dedicated VMs would need their own AppVMs at least.

This would provide more security in depth but if you never run installed software in your AppVMs, it would still be reasonably secure.