Re: Qubes-OS is "fake" security
On Fri, 12 May 2017 03:41:05 +0200, Kim Blackwood wrote: > Hi, From: Martin Hanson To: misc Subject: Why would I need a container like Docker?! Date: Wed, 10 May 2017 05:53:07 +0200 X-Mailer: Yamail [ http://yandex.ru ] 5.0 From: Kim Blackwood To: misc@openbsd.org Subject: Qubes-OS is "fake" security Date: Fri, 12 May 2017 03:41:05 +0200 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Is it the holidays or something?
Re: Qubes-OS is "fake" security
Sorry, out of herrings. Have a listen to this instead: "Risky Biz Soap Box: A microvirtualisation primer with Bromium co-founder Ian Pratt (a.k.a. how to run Java plugin on IE8 and not die!)" https://risky.biz/soapbox3/ Am 12. Mai 2017 03:41:05 MESZ schrieb Kim Blackwood : >Hi, > >I am at novice level of security, studying and trying to understand >some of the different aspects of running an OS and applications as >securely as possible. > >I have been running OpenBSD for years and understand a little of what's >being done to make it more secure, albeit not the technical details of >programming as much as I am not a C programmer. > >A friend of mine, who is computer a scientist with speciality in >security, suggested Qubes-OS as a secure "solution" to security >problems related to OS's and applications on a personal computer. > >I read up about the project and tested it out, but I am not convinced >that it is a good solution at all. > >I am writing to this list because I know that a lot of people on this >list is very security-minded. > >I found the reading "An Empirical Study into the Security Exposure to >Hosts of Hostile Virtualized Environments" very insightful. > >http://taviso.decsystem.org/virtsec.pdf > >First, I cannot really see the difference between an OS and a >hypervisor. Both runs on the "bare metal" and both perform similar >tasks. In the specific case with Qubes-OS, there isn't really a >difference as it's "just" Fedora with Xen. > >Possibilities of exploiting the hypervisor isn't lower than >possibilities of exploiting the OS. And specifically in the case of >OpenBSD as the OS, that has been developed from the ground up with >security in mind, the possibilities are much lower than a hypervisor >that hasn't even been developed with security measures from the >beginning. > >Second, the virtualization part as I see it, just ads another level of >tons of code. > >If I am running Firefox on OpenBSD and Firefox gets exploited, the >cracker finds himself on a very secure OS that's really hard to >compromise. > >If I am running Firefox in some virtualization container on Qubes-OS >and Firefox gets exploited, then the cracker finds himself inside a >container that could possible contain lots of exploitable security >holes that again runs on a hypervisor with possibly lots of security >holes, stuff that hasn't been developed with security in mind and has >perhaps never been audited. > >Qubes-OS seems to me as a solution of "patching". > >OpenBSD on the other hand is a completely different story. > >Rather than running something like Qubes-OS, which IMHO provides a fake >feeling of security, with it's different "qubes", I would think of >another situation that's much better. > >I either set up 3 different computers, or one computer where I can >physically change the hard drive and I then have 3 different hard >drives. > >On one box I setup OpenBSD and the most secure-minded browser I can >find (do such a thing even exist?). On this particular setup I *ONLY* >do my home banking. Absolutely nothing else. > >On the second box I also setup OpenBSD and the most secure-minded email >client I can find and I do all my email there. I possibly also setup an >office application for writing letters, etc. I don't use a browser on >this setup, if someone sends an email with a link, I write the link >down for latter usage. > >And on the third box I also setup OpenBSD with a browser and possible >other applications like a video player, and this box I use for all the >other casual stuff, the links from emails, etc. I possibly even run >this from a non-writeable CD or SD card. > >It will be an inconvenience to shift between the drives, but no more >than using Qubes-OS. > >IMHO the setup with the different OpenBSD installations provides a >much more security alternative than running Qubes-OS. > >Am I completely of track here? > >Kind regards, > >Kim
Re: Qubes-OS is "fake" security
Both OpenBSD and Qubes OS don't guarantee perfect security. Qubes OS has a different take on security than OpenBSD. Both have different advantages and disadvantages. Physical separation is more expensive and you need to transport more devices from place to place. Qubes OS lets you run mainstream OSes. OpenBSD is a OS and is a great tool to get to know Unix-like OSes. It is also a great environment to practise programming in C language. See "Developing Software in a Hostile Environment". There is a "The J for junk option", pledge(2).
Re: Qubes-OS is "fake" security
Qubes os is just linux with a gui for some kvm vms(it sux) On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD wrote: > >Both OpenBSD and Qubes OS don't guarantee >perfect security. >Qubes OS has a different take on security >than OpenBSD. Both have different >advantages and disadvantages. >Physical separation is more expensive >and you need to transport more devices >from place to place. >Qubes OS lets you run mainstream OSes. >OpenBSD is a OS and is a great tool to >get to know Unix-like OSes. It is also >a great environment to practise programming >in C language. See "Developing Software >in a Hostile Environment". There is a >"The J for junk option", pledge(2). -- Take Care Sincerely flipchan layerprox dev
Re: Qubes-OS is "fake" security
May I suggest you go read the FAQ before you spread misinformation. Qubes doesn't use KVM, it's built on Xen, and calling it just a GUI is like calling OpenBSD just a bunch of masturbating monkeys. > On May 12, 2017, at 2:37 PM, flipchan wrote: > > Qubes os is just linux with a gui for some kvm vms(it sux) > >> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD >> wrote: >> >> Both OpenBSD and Qubes OS don't guarantee >> perfect security. >> Qubes OS has a different take on security >> than OpenBSD. Both have different >> advantages and disadvantages. >> Physical separation is more expensive >> and you need to transport more devices >> from place to place. >> Qubes OS lets you run mainstream OSes. >> OpenBSD is a OS and is a great tool to >> get to know Unix-like OSes. It is also >> a great environment to practise programming >> in C language. See "Developing Software >> in a Hostile Environment". There is a >> "The J for junk option", pledge(2). > > -- > Take Care Sincerely flipchan layerprox dev
Re: Qubes-OS is "fake" security
"just a bunch of masturbating monkeys." this is the best definition of Hardware Virtualization hype. 2017-05-12 22:20 GMT+03:00, Daniel Ouellet : > May I suggest you go read the FAQ before you spread misinformation. Qubes > doesn't use KVM, it's built on Xen, and calling it just a GUI is like > calling OpenBSD just a bunch of masturbating monkeys. > >> On May 12, 2017, at 2:37 PM, flipchan wrote: >> >> Qubes os is just linux with a gui for some kvm vms(it sux) >> >>> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD >>> wrote: >>> >>> Both OpenBSD and Qubes OS don't guarantee >>> perfect security. >>> Qubes OS has a different take on security >>> than OpenBSD. Both have different >>> advantages and disadvantages. >>> Physical separation is more expensive >>> and you need to transport more devices >>> from place to place. >>> Qubes OS lets you run mainstream OSes. >>> OpenBSD is a OS and is a great tool to >>> get to know Unix-like OSes. It is also >>> a great environment to practise programming >>> in C language. See "Developing Software >>> in a Hostile Environment". There is a >>> "The J for junk option", pledge(2). >> >> -- >> Take Care Sincerely flipchan layerprox dev > >
Re: Qubes-OS is "fake" security
Virtualization has its uses though, despite the hype. It is good for testing different system configurations before deployment, and is also a good way to save on physical resources for configuring multiple low-usage services that may require different OS or system config, such that it is not possible to host these services on the same OS. Whilst there may be some security benefits to whatever isolation is provided by virtual machines, the real advantage here is the savings on physical resources. On Sat, 13 May 2017 00:12:35 +0300 valerij zaporogeci wrote: > "just a bunch of masturbating monkeys." > this is the best definition of Hardware Virtualization hype. > > 2017-05-12 22:20 GMT+03:00, Daniel Ouellet : > > May I suggest you go read the FAQ before you spread misinformation. > > Qubes doesn't use KVM, it's built on Xen, and calling it just a GUI > > is like calling OpenBSD just a bunch of masturbating monkeys. > > > >> On May 12, 2017, at 2:37 PM, flipchan wrote: > >> > >> Qubes os is just linux with a gui for some kvm vms(it sux) > >> > >>> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD > >>> wrote: > >>> > >>> Both OpenBSD and Qubes OS don't guarantee > >>> perfect security. > >>> Qubes OS has a different take on security > >>> than OpenBSD. Both have different > >>> advantages and disadvantages. > >>> Physical separation is more expensive > >>> and you need to transport more devices > >>> from place to place. > >>> Qubes OS lets you run mainstream OSes. > >>> OpenBSD is a OS and is a great tool to > >>> get to know Unix-like OSes. It is also > >>> a great environment to practise programming > >>> in C language. See "Developing Software > >>> in a Hostile Environment". There is a > >>> "The J for junk option", pledge(2). > >> > >> -- > >> Take Care Sincerely flipchan layerprox dev > > > > >
Re: Qubes-OS is "fake" security
On Fri, May 12, 2017 at 03:41:05AM +0200, Kim Blackwood wrote: > [...] > Qubes-OS seems to me as a solution of "patching". IMO this is real point in this thread - virtualization as a security meansure against buggy software doesn't make any change to that software. Virtualization or containers are not any security solution, real solution is to analyze design of existing applications and really abandon ones which are crap in security point of view, even if they have fancy features. This is hard work to be done, OpenBSD devs are great guys because they devote their personal energy to this "invisible" effort. Just look at privsep changes implemented after Heartbleed issue. Virtualization and containers make sense but what we all need is to support people - if we cannot send diffs - who are brave enough to make radical cuts in existing open-source eco system, either while publicly denouncing existing buggy applications and telling people loudly to stop using them, or sending radical diffs to make those apps start moving to more secure design. (If this would reveal as being impossible, then moving to the former stand.) Let's thank all OpenBSD devs and ports' maintainers for their great work. j.
Re: Qubes-OS is "fake" security
Why not just run the browser on ur regular openbsd desktop computer but run it with chroot/bubblewrap/firejail so that even if it will execute some Java cancer (all Java is cancer^^) that will rm -rf / your system won't be fucked On May 12, 2017 3:41:05 AM GMT+02:00, Kim Blackwood wrote: >Hi, > >I am at novice level of security, studying and trying to understand >some of the different aspects of running an OS and applications as >securely as possible. > >I have been running OpenBSD for years and understand a little of what's >being done to make it more secure, albeit not the technical details of >programming as much as I am not a C programmer. > >A friend of mine, who is computer a scientist with speciality in >security, suggested Qubes-OS as a secure "solution" to security >problems related to OS's and applications on a personal computer. > >I read up about the project and tested it out, but I am not convinced >that it is a good solution at all. > >I am writing to this list because I know that a lot of people on this >list is very security-minded. > >I found the reading "An Empirical Study into the Security Exposure to >Hosts of Hostile Virtualized Environments" very insightful. > >http://taviso.decsystem.org/virtsec.pdf > >First, I cannot really see the difference between an OS and a >hypervisor. Both runs on the "bare metal" and both perform similar >tasks. In the specific case with Qubes-OS, there isn't really a >difference as it's "just" Fedora with Xen. > >Possibilities of exploiting the hypervisor isn't lower than >possibilities of exploiting the OS. And specifically in the case of >OpenBSD as the OS, that has been developed from the ground up with >security in mind, the possibilities are much lower than a hypervisor >that hasn't even been developed with security measures from the >beginning. > >Second, the virtualization part as I see it, just ads another level of >tons of code. > >If I am running Firefox on OpenBSD and Firefox gets exploited, the >cracker finds himself on a very secure OS that's really hard to >compromise. > >If I am running Firefox in some virtualization container on Qubes-OS >and Firefox gets exploited, then the cracker finds himself inside a >container that could possible contain lots of exploitable security >holes that again runs on a hypervisor with possibly lots of security >holes, stuff that hasn't been developed with security in mind and has >perhaps never been audited. > >Qubes-OS seems to me as a solution of "patching". > >OpenBSD on the other hand is a completely different story. > >Rather than running something like Qubes-OS, which IMHO provides a fake >feeling of security, with it's different "qubes", I would think of >another situation that's much better. > >I either set up 3 different computers, or one computer where I can >physically change the hard drive and I then have 3 different hard >drives. > >On one box I setup OpenBSD and the most secure-minded browser I can >find (do such a thing even exist?). On this particular setup I *ONLY* >do my home banking. Absolutely nothing else. > >On the second box I also setup OpenBSD and the most secure-minded email >client I can find and I do all my email there. I possibly also setup an >office application for writing letters, etc. I don't use a browser on >this setup, if someone sends an email with a link, I write the link >down for latter usage. > >And on the third box I also setup OpenBSD with a browser and possible >other applications like a video player, and this box I use for all the >other casual stuff, the links from emails, etc. I possibly even run >this from a non-writeable CD or SD card. > >It will be an inconvenience to shift between the drives, but no more >than using Qubes-OS. > >IMHO the setup with the different OpenBSD installations provides a >much more security alternative than running Qubes-OS. > >Am I completely of track here? > >Kind regards, > >Kim -- Take Care Sincerely flipchan layerprox dev