|
|
|
|
|
|
by fsflover
529 days ago
|
|
|
>> If your VM is compromised, no hardening will save your data > So that means layered security is totally meaningless and instead of keeping it default, let's remove mitigations? Security in depth is definitely important, but it would provide a smaller improvement compared with the virtualization. Don't throw the baby out with the bathwater by refusing to use Qubes without hardening. Also, Qubes developers do have plans to implement more hardening: https://github.com/QubesOS/qubes-issues/issues/5294, https://github.com/QubesOS/qubes-issues/issues/5461, https://github.com/QubesOS/qubes-issues/issues/8823 etc. > Each of those dedicated VMs would need their own AppVMs at least. This would provide more security in depth but if you never run installed software in your AppVMs, it would still be reasonably secure. |
|
|