On 08/20/2017 05:44 AM, cooloutac wrote:
On Sunday, August 20, 2017 at 12:42:55 AM UTC-4, qubester wrote:
On 08/16/2017 05:55 AM, cooloutac wrote:
I'm glad Bruce Schneier changed his tune and is no longer encouraging kids to
learn how to hack in live environments, cause I think that breeds sociopaths,
and is dangerous. (and we are living in an epidemic)
Now he has to stop calling secure boot security theater, because alot of
people seem to believe it and take his word like gospel.
Is protecting the bios from rootkits its intended purpose? seems so?, it helps
anyways, and it definitely was intended to protect the firmware. Its not just
kernel code signing, its driver code too.
I would add also make a password on your bios obviously, and enable flash
protections.
I don't even think most the ITL members use aem, it sounds complicated and
buggy and I can't afford to buy new hardware if it red flags anyways.
So......if you feel so strongly about it, how come you are using Qubes?
Maybe I should go back to using Windows 10, if secure boot trumps
the other security aspects of Qubes.
Or, do you think your 'safer' using Qubes, if so, why ?
To be honest, it really doesn't matter what os you use, its all about what the
user does on it. When using qubes the user still has to be careful. It
doesn't matter if dom0 is compromised if a vm with sensitive info is. You
really have to be strict with yourself.
You going to play online video games? might as well use windows.
Dual booting? might as well just use windows.
disabling iommu features? might as well just use windows.
Worried about government spying? Might as well not use anything.
You have to live like a monk if you really want privacy.
I have a windows machine and a qubes machine. the qubes machine is for offline
documents, compartmentalizing specific website login activity, and random
browsing. The windows machine is for gaming and movies.
The guy Brad Spengler already warned dom0 and vms can be compromised by bad
system updates. And I believe this happened to me and led to my bank account
being hacked. Also just after intel announced their patch for the hardware
backdoor that existed for 8 years.
Qubes did last almost 2 years for me though(minus gaming), when barebones
linux wouldn't last a day and windows wouldn't last a couple months. Simply
because I refuse to give up doing the things I own a pc for. The other thing
he warned about was using too much of the gpu in qubes... I foresee that
coming in the future with people demanding passthrough for it.
If you do decide to go back to windows 10, hardenwindows10forsecurity.com
also might interest you hardenubuntu.com (scroll down to harden ubuntu
section) The user activities and security and trust of the developers become
the deciding factor after a point.
I don't think any operating system does it all. Just like alot of people
didn't think root privilege escalation in
vms, being trivial to bypass, was an excuse not to add that layer of
protection. I think its even worse not to use secure boot.
So, I'm still confused, if you feel secure boot is So important, why is
it that you don't use an OS that supports it ?
Or are you saying that besides the secure boot, that Qubes or Linux IS
more "secure" , and it's a "know your adversary" thing? If I'm
understanding this correctly the main adversary re: secure boot would be
some "advanced threat" like a government with that level of "skills" ??
I'm more "newb" than you, what does a "failed" update look like ?? I
have been feeling a lot more secure using a dedicated VM to do banking
, which actually was how I started down the path to use Qubes ...
I don't know what "root privilege escalation in
vms, being trivial to bypass, was an excuse not to add that layer of
protection" means ; if you might explain that as well .(btw, is some
of this to improve with Qubes 4.x ?
Personally, I also enjoy how well Whonix works in Qubes , and use it
for most things that don't require logins, and I like the speed or the
OS vs win10 , which nows feel clunky, esp on VPN
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d30827f7-ef2f-c213-f9da-57853de15fe4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
