[fsflover]

Your VM isn't protected from malware that you run in it. However your OS and other VMs containing sensitive data (in which you of course do not run anything untrusted at all) will stay safe, by design.

[JCattheATM]

> Your VM isn't protected from malware that you run in it.

Right, that was the point - so your suggestion that Qubes is a '100% secure OS' is false.

[fsflover]

The OS is actually secure, isn't it? As well as all your valuable data. The VM gets compromised, after which you can reset it to its original state. See: https://doc.qubes-os.org/en/latest/user/how-to-guides/how-to...

[JCattheATM]

> The OS is actually secure, isn't it?

Not 100% secure, as was your claim.

[fsflover]

It is secure after resetting the Disposable VM. It's impossible to make it better, and I don't even understand what your actual problem is.

[JCattheATM]

> It is secure after resetting the Disposable VM.

What a nonsense answer. That's like saying a bank vault is secure after being rebuilt from being broken into. Meaningless.

It's not 100% secure while using it.

> It's impossible to make it better

Far from it. A formally verified codebase and better protections than DAC would be a start.

> I don't even understand what your actual problem is.

You made a BS claim and have an allergy to admitting you were wrong.

[fsflover]

> That's like saying a bank vault is secure after being rebuilt from being broken into. Meaningless.

Did you even read my reply? All data are safe unlike in your (unrelated) example. Give me your actual threat model. 100% security never existed and never will. Security through correctness never worked and never will. Compartmentalization is the only viable approach.