On Monday, December 30, 2019 at 6:25:03 AM UTC-5, xao wrote: > > Don't know how I missed this link before, but after reading it, things got > much clear. Thank you! >
One important tenet of Qubes is that the security focus is primarily protecting you from cross-domain (cross-VM) disclosure or exposure. However, anything within a particular VM/domain is about as vulnerable as a typical linux system. Hence, why Qubes requires a certain amount of self-discipline even for basic use cases. In addition some folks extend that a bit and utilize Qubes further to separate "personae" from eachother, sometimes routing each through different VPNs. Banking VM only for banking; job1 VM only for day job; ...and superhero domain only for your alternate crime-fighting identity, etc. In addition, as soon as one starts customizing templates, fingerprinting during a breach becomes easier, to the point where a breach in two VMs can end up cross-correlating personae in two VMs even if they connect to the internet differently. That's why question #0 is: what are your specific threat concerns? Question 1 is: how will you mitigate them? Mitigations *begin* with behavior, not technology. Technologies just assist with/automate the behavior. Lastly, one assumption that comes up a lot is that disposable VMs are amnesiac. They are not (currently anyway*). The data written to the disposable VM is unlinked when the disposable VM volumes are removed but they are not explicitly erased from storage (though may be overwritten over time). Why? The primary intent of disposable VMs was to prevent propagation of malware from dodgy files or dodgy websites or targeted attacks. The intent was NOT to prevent forensic recovery of data from shut-down disposable VMs.* B * though, that would be a nice feature. there are some baby steps happening now (e.g. blkdiscard is now run across the volumes before unlinking them, which may end up being opportunistically anti-forensic on *some* hardware if trim is enabled all the way down through the storage stack). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e7875c6-0bcb-47c4-8581-c687259ae654%40googlegroups.com.