On 8/27/19 4:18 AM, panina wrote:
> What I'm after is something that does what dvm's do, but not through
> Qubes. Same effect, on something that boots on a USB stick or so, much
> in the way that Tails does.
TAILS won't protect you from malware that can escalate privileges and
bypass the read-only flag on a USB stick and/or add itself to the
BIOS/UEFI firmware. And the malware could come from a compromised
network card if that hardware is not isolated.
The main point of Qubes is to not rely on a complex monolithic kernel
(Linux, Windows, etc) as your primary means of security... Using a small
hypervisor with hardware isolation instead.
The only alternative that I know can be achieved simply is to install an
OS like Ubuntu onto the USB stick and then install it again inside a
Virtualbox container. Its a step down from Qubes security (and slower
than Qubes), but its still a hypervisor and you can keep resetting the
VM to an earlier snapshot.
You could also just use a bare Ubuntu or other Linux, and setup
different (unprivileged) users for different tasks, like you setup
different qubes. It wouldn't be too hard to keep resetting the user
directories that need protection. But you're relying entirely on Linux
security at that point.
-
Re: Intel processors, have you seen the threads about AMD based hardware
like the Lenovo G505s?
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/9c54ed8d-d604-4a8a-8a3e-e168cac845f5%40posteo.net.