On 07/12/2016 03:44 PM, Chris Laprise wrote: > On 07/12/2016 09:23 AM, neilhard...@gmail.com wrote: >> I have a question about the security of Whonix, which is used as >> the Tor VM in QUBES 3.2. >> >> My question is... we know that the Tor Browser can be hacked, >> mainly based on Firefox exploits. >> >> So it's very possible that when I'm using Whonix, the Tor Firefox >> browser gets hacked. >> >> So when this happens, and I restart the Whonix VM... is the hack >> now gone, or is it persistent..? >> >> In other words, does the App VM load the browser itself from the >> Whonix template...? >> >> Or, does the browser itself reside in the App VM..? >> >> Presumably, if the browser is in the App VM, then the hack is >> persistent, and I would have to create the App VM all over again >> in order to clean it up. >> >> But if it's in the template VM, then it's wiped clean whenever you >> restart the App VM. >> >> Thanks >> > > Malware can persist in a Qubes appvm (although its a bit less likely > because template can't be changed). This is why disposable vms have > been proposed for whonix templates. > > If this is a big concern, you can remove and re-create the whonix > appvm for each session or when you feel its needed. You could also > setup an appvm the way you like it (with bookmarks, etc) then clone > it as needed instead of using it directly. +1 for using a dispVM for addressing these concerns (malware that persists as browser addon)
Thinking about it, if you are trying to be anonymous you are not going to want to use bookmarks/saved passwords/accounts, so there should be nothing worth keeping in the AppVM anyway. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/292855d1-6bea-ec55-96e9-6271fdd0d526%40gmx.com. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature