On 07/12/2016 09:23 AM, neilhard...@gmail.com wrote:
I have a question about the security of Whonix, which is used as the Tor VM in
QUBES 3.2.
My question is... we know that the Tor Browser can be hacked, mainly based on
Firefox exploits.
So it's very possible that when I'm using Whonix, the Tor Firefox browser gets
hacked.
So when this happens, and I restart the Whonix VM... is the hack now gone, or
is it persistent..?
In other words, does the App VM load the browser itself from the Whonix
template...?
Or, does the browser itself reside in the App VM..?
Presumably, if the browser is in the App VM, then the hack is persistent, and I
would have to create the App VM all over again in order to clean it up.
But if it's in the template VM, then it's wiped clean whenever you restart the
App VM.
Thanks
Malware can persist in a Qubes appvm (although its a bit less likely
because template can't be changed). This is why disposable vms have been
proposed for whonix templates.
If this is a big concern, you can remove and re-create the whonix appvm
for each session or when you feel its needed. You could also setup an
appvm the way you like it (with bookmarks, etc) then clone it as needed
instead of using it directly.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ee195db5-bbf9-27e4-5663-777f254e8601%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
