On Friday, 15 February 2019 16:37:17 UTC+11, Chris Laprise wrote: > On 2/14/19 10:02 PM, nosugarmaxta...@gmail.com wrote: > > Hi all, > > > > Right now I use Qubes for a bit of fun - setting up VPN's - chaining them, > > trying to get HVM's up and running, just messing about. I do plan to > > totally phase out my other OS's for it, but theres one thing that keeps > > going through my mind.. how isolated are the VM's from each other actually? > > > > I know Qubes is 'reasonably' secure, but how secure? Could a whistle blower > > have a whonix VM open handling sensitive materials while at the same time > > have a personal VM with ISP connection and google/facebook/work sites open, > > with no issue at all? If the whistleblower would only be able to use the > > machine for sensitive purposes due to leak potentials, etc, wouldn't this > > make using Qubes pointless? > > Of the myriad remote attacks that can be used against traditional > operating systems, basically one type is thought to be effective against > Qubes in general: Side-channel attacks. > > https://en.wikipedia.org/wiki/Side-channel_attack > > The best way to mitigate these is to not run public key crypto in > trusted VMs at the same time untrusted VMs are running (although this > can be a problem when VMs like sys-net and sys-usb are considered). > Also, test your hardware to see if its susceptible to rowhammer. > > In contrast, even a physically isolated system can be less secure than a > Qubes system. This is because the devices and drivers used for > interfacing (SD cards, DVDs, USB drives - even occasionally) are much > more complex and vulnerable than the interfaces on a Qubes VM. And if a > Qubes VM does become compromised, chances are much better that the core > system and firmware will remain safe. > > https://blog.invisiblethings.org/2014/08/26/physical-separation-vs-software.html > > Finally, assuming that attacks will succeed at least occasionally (and > Qubes is built with this assumption for guest VMs): How recoverable is > the situation? A Windows system that had its firmware compromised will > continue to run malware even after the OS is wiped and re-installed. A > Qubes system OTOH probably has intact firmware and malware can be > removed by removing the affected VM. > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
Thanks for the reply, Chris. So, apart from the rare chance of a side-channel attack. One should be able to surf safely in Whonix, or a private VPN'd VM, while being able to surf regular sites such as this google hosted mail group on another without overlap, or the data from Whonix hitting a non-torified machine? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/959953e2-7216-4af2-9251-10f1a433b82f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
