Hi, I am at novice level of security, studying and trying to understand some of the different aspects of running an OS and applications as securely as possible.
I have been running OpenBSD for years and understand a little of what's being done to make it more secure, albeit not the technical details of programming as much as I am not a C programmer. A friend of mine, who is computer a scientist with speciality in security, suggested Qubes-OS as a secure "solution" to security problems related to OS's and applications on a personal computer. I read up about the project and tested it out, but I am not convinced that it is a good solution at all. I am writing to this list because I know that a lot of people on this list is very security-minded. I found the reading "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments" very insightful. http://taviso.decsystem.org/virtsec.pdf First, I cannot really see the difference between an OS and a hypervisor. Both runs on the "bare metal" and both perform similar tasks. In the specific case with Qubes-OS, there isn't really a difference as it's "just" Fedora with Xen. Possibilities of exploiting the hypervisor isn't lower than possibilities of exploiting the OS. And specifically in the case of OpenBSD as the OS, that has been developed from the ground up with security in mind, the possibilities are much lower than a hypervisor that hasn't even been developed with security measures from the beginning. Second, the virtualization part as I see it, just ads another level of tons of code. If I am running Firefox on OpenBSD and Firefox gets exploited, the cracker finds himself on a very secure OS that's really hard to compromise. If I am running Firefox in some virtualization container on Qubes-OS and Firefox gets exploited, then the cracker finds himself inside a container that could possible contain lots of exploitable security holes that again runs on a hypervisor with possibly lots of security holes, stuff that hasn't been developed with security in mind and has perhaps never been audited. Qubes-OS seems to me as a solution of "patching". OpenBSD on the other hand is a completely different story. Rather than running something like Qubes-OS, which IMHO provides a fake feeling of security, with it's different "qubes", I would think of another situation that's much better. I either set up 3 different computers, or one computer where I can physically change the hard drive and I then have 3 different hard drives. On one box I setup OpenBSD and the most secure-minded browser I can find (do such a thing even exist?). On this particular setup I *ONLY* do my home banking. Absolutely nothing else. On the second box I also setup OpenBSD and the most secure-minded email client I can find and I do all my email there. I possibly also setup an office application for writing letters, etc. I don't use a browser on this setup, if someone sends an email with a link, I write the link down for latter usage. And on the third box I also setup OpenBSD with a browser and possible other applications like a video player, and this box I use for all the other casual stuff, the links from emails, etc. I possibly even run this from a non-writeable CD or SD card. It will be an inconvenience to shift between the drives, but no more than using Qubes-OS. IMHO the setup with the different OpenBSD installations provides a much more security alternative than running Qubes-OS. Am I completely of track here? Kind regards, Kim