On Wed, Jan 08, 2020 at 06:30:32PM +0100, Vasiliy wrote: > Are there any security benefits of setting up standalonevm instead of appvm?
dont see any. if anything, it might reduce your security posture. i consider the volatility of the root volume of a templated appvm a good thing. not really a strong/hard security feature, but it certainly will make it harder for non qubes-aware evils to persist, or for you to wreck things by accident. > 1. Thunderbird and other communication tools sometimes can be > compromised and malicious code can affect all programs installed. I am > scared that even if I don't use a program in an appvm, it can > indirectly reduce my security. this is the "a computer is more secure without a compiler installed" cult. i am not the only one to not participate in that. > 2. If an attacker will successfully replace packages while updating > the template, they will have full access to all my appvms. I know that > Tor somewhat protects from it, but it can still happen. if attacks on update mechanism bother you, adding more VMs that need updating just increases the problem. and tor does not protect you from this. at all. it may actualy make you more visible and easier to attack in this way. this depends on your threat model, mostly on whether you believe that you are targeted a) as an individual, b) as a job function, c) as a qubes user or d) in general. > 3. Proprietary software may monitor activities of other programs even > if I don't use it. Similar to what snap does (runs in the background > and updates software without any interraction with the user) some > proprietary programs may do the same even if I don't use them. "dont run software in places where you dont want it to run" should cover this. note the term "run", not "install". it seems to be just another weird variant of (1). if your systems execute stuff without your consent, you already have a decent size problem. and considering f.ex. less than 256 byte sized generic evils that download arbitrary sized payloads from network and execute it, i dont see that an attacker that can execute stuff on your system needs your help in installing the stuff for him. > I would be happy to hear your opinions on this topic. Maybe you want > to point out where I am incorrect or have some advantages and > disadvatages that should be considred, except of usability. Thank you > in advance. if your really are a believer in the (1)+(3) things, and are willing to risk the additional exposure that comes from (2) with lots of roots, going with lots-of-templates (that have one appvm each) still seems to be much better than lots-of-standalones. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200108182759.GI8973%40priv-mua.
