Hi,
I am at novice level of security, studying and trying to understand
some of the different aspects of running an OS and applications as
securely as possible.
I have been running OpenBSD for years and understand a little of what's
being done to make it more secure, albeit not the technical details of
programming as much as I am not a C programmer.
A friend of mine, who is computer a scientist with speciality in
security, suggested Qubes-OS as a secure "solution" to security
problems related to OS's and applications on a personal computer.
I read up about the project and tested it out, but I am not convinced
that it is a good solution at all.
I am writing to this list because I know that a lot of people on this
list is very security-minded.
I found the reading "An Empirical Study into the Security Exposure to
Hosts of Hostile Virtualized Environments" very insightful.
http://taviso.decsystem.org/virtsec.pdf
First, I cannot really see the difference between an OS and a
hypervisor. Both runs on the "bare metal" and both perform similar
tasks. In the specific case with Qubes-OS, there isn't really a
difference as it's "just" Fedora with Xen.
Possibilities of exploiting the hypervisor isn't lower than
possibilities of exploiting the OS. And specifically in the case of
OpenBSD as the OS, that has been developed from the ground up with
security in mind, the possibilities are much lower than a hypervisor
that hasn't even been developed with security measures from the
beginning.
Second, the virtualization part as I see it, just ads another level of
tons of code.
If I am running Firefox on OpenBSD and Firefox gets exploited, the
cracker finds himself on a very secure OS that's really hard to
compromise.
If I am running Firefox in some virtualization container on Qubes-OS
and Firefox gets exploited, then the cracker finds himself inside a
container that could possible contain lots of exploitable security
holes that again runs on a hypervisor with possibly lots of security
holes, stuff that hasn't been developed with security in mind and has
perhaps never been audited.
Qubes-OS seems to me as a solution of "patching".
OpenBSD on the other hand is a completely different story.
Rather than running something like Qubes-OS, which IMHO provides a fake
feeling of security, with it's different "qubes", I would think of
another situation that's much better.
I either set up 3 different computers, or one computer where I can
physically change the hard drive and I then have 3 different hard
drives.
On one box I setup OpenBSD and the most secure-minded browser I can
find (do such a thing even exist?). On this particular setup I *ONLY*
do my home banking. Absolutely nothing else.
On the second box I also setup OpenBSD and the most secure-minded email
client I can find and I do all my email there. I possibly also setup an
office application for writing letters, etc. I don't use a browser on
this setup, if someone sends an email with a link, I write the link
down for latter usage.
And on the third box I also setup OpenBSD with a browser and possible
other applications like a video player, and this box I use for all the
other casual stuff, the links from emails, etc. I possibly even run
this from a non-writeable CD or SD card.
It will be an inconvenience to shift between the drives, but no more
than using Qubes-OS.
IMHO the setup with the different OpenBSD installations provides a
much more security alternative than running Qubes-OS.
Am I completely of track here?
Kind regards,
Kim
