On Thursday, March 15, 2018 at 5:11:17 AM UTC+1, yre...@riseup.net wrote: > T520 for Qubes 4.0 , can I / should I boot Win7 HDD, and Qubes 4.0 from > an SSD? > > I'm looking at buying an i7 T520 that is listed as working on the HCM > list on a website, for like $250, I see them cheaper on ebay but , the > thing has 4GB ram , by adding a DVD tray / caddie for an SSD and an SSD > and 4GB ram, I add another $140 or so to the cost .... so am > wondering if this technically would not have the issue where dual > booting is considering insecure, if I'm actually booting from 2 separate > HDs ; and/or if doing the Qubes 4.0 install is going to be any > tricker or easier with 2 HD, assuming, I wasn't planning on doing > another dual boot off 1 HD again > > > thanks
You're right that it's more secure to have two devices, but only very, very slightly. Though, it's a good idea to do even so, even if only slightly, if you must. I believe the partition table can be more exposed here if using the same drive? but I'm not sure. - Generally you have to look at the security exploits, i.e. it may be worth reading the research and articles The Qubes OS Project has made, and other works that is being put forward. But in general, you need to be wary of firmware exploits, boot-loader exploits, never access your files from an insecure duaƦ-boot, and weak or no encryption. Something along those lines. Generally firmware exploits/attacks, to my understanding, are more exotic today, BUT! that may change one day very quickly, and you can also risk being plain unlucky. There is also the consideration that it might not be possible to make an accurate picture of how many infected firmware's there are existing in the wilds, and/if possible to make research to get an idea, it might take years before it's detected on a large scale. So you may want to be wary of firmware attacks, they may some day be a threat quicker than you think, i.e. think for example A.I.'s that can automatically modify themselves to exploit different kinds of firmwares, rather than requiring a human hand to do so (intensive labor). - Use a strong password, so that your CPU's own calculation power is insufficient to be used to crack your encryptions. - Never leave anything unencrypted. While you can't protect your firmwares, at least you can protect all drives with encryption, except, for the bootloader, which is a very big weak spot. If you want to protect yourself here, (except you are still vulnurable to firmware attacks), then you need to move your boot-loader to a locked medium, preferably one that can't be editied, i.e. a CD/DVD. You can leave that CD/DVD in your system though, since what matters is that it can't be edited, it's not the fact that it can be read. - Also you may want to consider at least 8GB RAM. Even 8gigs can feel limited, 4gigs will probably feel like a crap experience on Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9907a90-3c4a-4549-85a1-14b1dcbb0436%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
