|
|
|
|
|
|
by saidnooneever
1 day ago
|
|
|
this relys wholly on user skill which most people will not be able to do. you need extreme tradecraft and opsec to keep really secure. any little mistaken copy between domains etc. might compromise. This is the downside of isolation machines and their upside. Hard to make a completely isolated machine for all workflows and keep all data at all times inaccessible for exploits. But because each user has their own ways its more potential that 'your particular way of breaking the model' is not known or exploitable (yet). A lot of holes you open are one-time actions from within a restricted domain. in qubes you have cross domains tools from domain0 for this, which is very hard to reach (but not impossible). And then supplychain is also hard. Qubes have canaries, but i think most ISO people copy into their dom0 and spinnVMs off of are not doing such rigorous things. (depends what u use ofc). |
|
|
This depends on the chosen level of compartmentalization. For most people, it might be sufficient to store passwords in a dedicated, offline VM and do everything else in another one. This will already be huge improvement.