Re: [qubes-users] Security questions (templates and kde)
On Tuesday, March 6, 2018 at 7:19:05 AM UTC+1, Tim W wrote: > On Tuesday, March 6, 2018 at 12:23:10 AM UTC-5, Yuraeitha wrote: > > On Tuesday, March 6, 2018 at 5:24:50 AM UTC+1, sevas wrote: > > > Thank you both for this enlightening talk, and especially Yuraeitha for > > > such a lengthy researched opinion! > > > > > > We speak of stability. Stability and vulnerability go hand in hand, dont > > > they? > > > > > > I love the kde plasma desktop and I would like to have it. But it looks > > > like a complicated GUI that probably is not as secure as something more > > > simple. But again, the non-root GUI is not going to connect to the > > > internet. > > > > > > My previous feelings were to use one template for internet access and one > > > for background/desktop/personal use. But that may not be needed since > > > applications available in a template are not necessarily used in the > > > appVM. Is that correct or would there be some data leak? > > > > > > XFCE is something I havent used in a long time, but I will surely look > > > into my customization techniques before I make a big move. > > > > About the stability going hand in hand with vulnerability, I view it the > > same way too, though it's not always the case if it isn't possible to > > exploit it, which also isn't always possible too. > > > > Qubes once used KDE btw, you can find the discussion that made the change > > from KDE to XFCE5 here https://github.com/QubesOS/qubes-issues/issues/2119 > > Some of these issues I believe have changed though, what is perceived as > > "ugly" was back then a bit of an unlucky controversial statement due to > > different subjective opinions and it caused a bit of a stir in the KDE > > community. But I believe KDE also corrected some of those issues since > > then? > > > > It's a good idea to keep your critical offline app's and data in an offline > > VM btw, keep doing that. You can also find multiple of official Qubes > > recommendations suggesting this offline AppVM move. For example the Split > > GPG guide in the Qubes doc's recommend this approach in order to keep your > > GPG keys more secure from being hacked. For example if only one application > > makes an outgoing opening in the firewall in the AppVM, then data in that > > AppVM might be opened to risk through exploits and attacks to that > > established connection. I have about 15-17 AppVM's which I use, not > > including the ones I don't use or templates, and I'm probably a light AppVM > > user compared to the more extreme ones. If it seems overwhelming though, > > try start with a set smaller number of VM's, then as you get used to it, > > try expand with a couple of VM's at a time. Think about what it adds to > > security or practical use-cases, and keep reviewing your VM layout :) > > > > I believe there should be no issue switching between XFCE4 and KDE though, > > since the guide to KDE doesn't mention deleting XFCE4, just disabling it > > (at least it didn't at the time I read it). So presumably you should be > > able to switch between them with 2-3 commands in the tty terminal. You > > mihgt want to double-check that though, for example can you keep switching > > between them multiple of times without causing any harm to the system? > > Correct. I have had both on and functioned fine. > > For secuirty I see little difference other than maybe the amount of code. > The more code ,all things being equal, the more possible holes errors surface > area to attack. The strength of Qubes is that it takes resourceful and skilled attackers to get through, and maybe some social engineering to boot. It's not as straight forward as exploiting fedora seems to be. If something like this is "this easy", then it's very off-putting and worrisome, because then "anyone" could do it, and that to me seems to just undermine "everything". It probably matters less for dom0 though, but I'm certainly considering replacing fedora for debian on my sys-net, sys-firewall, and other online VM's with critical infrastructure, though not jumping to conclusions "just yet" either. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed7cfba3-9ff5-4333-9a86-69c8696baac8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security questions (templates and kde)
On Tuesday, March 6, 2018 at 7:19:05 AM UTC+1, Tim W wrote: > On Tuesday, March 6, 2018 at 12:23:10 AM UTC-5, Yuraeitha wrote: > > On Tuesday, March 6, 2018 at 5:24:50 AM UTC+1, sevas wrote: > > > Thank you both for this enlightening talk, and especially Yuraeitha for > > > such a lengthy researched opinion! > > > > > > We speak of stability. Stability and vulnerability go hand in hand, dont > > > they? > > > > > > I love the kde plasma desktop and I would like to have it. But it looks > > > like a complicated GUI that probably is not as secure as something more > > > simple. But again, the non-root GUI is not going to connect to the > > > internet. > > > > > > My previous feelings were to use one template for internet access and one > > > for background/desktop/personal use. But that may not be needed since > > > applications available in a template are not necessarily used in the > > > appVM. Is that correct or would there be some data leak? > > > > > > XFCE is something I havent used in a long time, but I will surely look > > > into my customization techniques before I make a big move. > > > > About the stability going hand in hand with vulnerability, I view it the > > same way too, though it's not always the case if it isn't possible to > > exploit it, which also isn't always possible too. > > > > Qubes once used KDE btw, you can find the discussion that made the change > > from KDE to XFCE5 here https://github.com/QubesOS/qubes-issues/issues/2119 > > Some of these issues I believe have changed though, what is perceived as > > "ugly" was back then a bit of an unlucky controversial statement due to > > different subjective opinions and it caused a bit of a stir in the KDE > > community. But I believe KDE also corrected some of those issues since > > then? > > > > It's a good idea to keep your critical offline app's and data in an offline > > VM btw, keep doing that. You can also find multiple of official Qubes > > recommendations suggesting this offline AppVM move. For example the Split > > GPG guide in the Qubes doc's recommend this approach in order to keep your > > GPG keys more secure from being hacked. For example if only one application > > makes an outgoing opening in the firewall in the AppVM, then data in that > > AppVM might be opened to risk through exploits and attacks to that > > established connection. I have about 15-17 AppVM's which I use, not > > including the ones I don't use or templates, and I'm probably a light AppVM > > user compared to the more extreme ones. If it seems overwhelming though, > > try start with a set smaller number of VM's, then as you get used to it, > > try expand with a couple of VM's at a time. Think about what it adds to > > security or practical use-cases, and keep reviewing your VM layout :) > > > > I believe there should be no issue switching between XFCE4 and KDE though, > > since the guide to KDE doesn't mention deleting XFCE4, just disabling it > > (at least it didn't at the time I read it). So presumably you should be > > able to switch between them with 2-3 commands in the tty terminal. You > > mihgt want to double-check that though, for example can you keep switching > > between them multiple of times without causing any harm to the system? > > Correct. I have had both on and functioned fine. > > For secuirty I see little difference other than maybe the amount of code. > The more code ,all things being equal, the more possible holes errors surface > area to attack. The big issue with Fedora that Chris pointed out worries me though, with man in the middle attacks on the updating/install processes. Potentially anyone could then be targeted very easily, or are such attacks more exotic and tricky to perform in a real life setting? I don't suspect they are as easy as to allow script kiddies to do it, but it might not take the most skilled hackers around either? We're not even talking about infecting packages here, but just preventing critical updates from reaching the targeted update system. This seems like a very big deal, and appears to hurt fedora's reliability, trust and security. Maybe I'm blowing this out of proportion from reading this, but it just seems "Bad!" with a big fat capital letter B!. If I was an attacker, this is certianly a method I would find feasible by the sound of it and try look into. Seen from an attackers PoV, why wouldn't an attacker use this method? It seems ideal and effective, which is what scares me about it. If there is a way/method to circumvent and avoid this issue, then it needs to be made an issue that more people are aware about? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visi
Re: [qubes-users] Security questions (templates and kde)
On Tuesday, March 6, 2018 at 12:23:10 AM UTC-5, Yuraeitha wrote: > On Tuesday, March 6, 2018 at 5:24:50 AM UTC+1, sevas wrote: > > Thank you both for this enlightening talk, and especially Yuraeitha for > > such a lengthy researched opinion! > > > > We speak of stability. Stability and vulnerability go hand in hand, dont > > they? > > > > I love the kde plasma desktop and I would like to have it. But it looks > > like a complicated GUI that probably is not as secure as something more > > simple. But again, the non-root GUI is not going to connect to the > > internet. > > > > My previous feelings were to use one template for internet access and one > > for background/desktop/personal use. But that may not be needed since > > applications available in a template are not necessarily used in the appVM. > > Is that correct or would there be some data leak? > > > > XFCE is something I havent used in a long time, but I will surely look into > > my customization techniques before I make a big move. > > About the stability going hand in hand with vulnerability, I view it the same > way too, though it's not always the case if it isn't possible to exploit it, > which also isn't always possible too. > > Qubes once used KDE btw, you can find the discussion that made the change > from KDE to XFCE5 here https://github.com/QubesOS/qubes-issues/issues/2119 > Some of these issues I believe have changed though, what is perceived as > "ugly" was back then a bit of an unlucky controversial statement due to > different subjective opinions and it caused a bit of a stir in the KDE > community. But I believe KDE also corrected some of those issues since then? > > It's a good idea to keep your critical offline app's and data in an offline > VM btw, keep doing that. You can also find multiple of official Qubes > recommendations suggesting this offline AppVM move. For example the Split GPG > guide in the Qubes doc's recommend this approach in order to keep your GPG > keys more secure from being hacked. For example if only one application makes > an outgoing opening in the firewall in the AppVM, then data in that AppVM > might be opened to risk through exploits and attacks to that established > connection. I have about 15-17 AppVM's which I use, not including the ones I > don't use or templates, and I'm probably a light AppVM user compared to the > more extreme ones. If it seems overwhelming though, try start with a set > smaller number of VM's, then as you get used to it, try expand with a couple > of VM's at a time. Think about what it adds to security or practical > use-cases, and keep reviewing your VM layout :) > > I believe there should be no issue switching between XFCE4 and KDE though, > since the guide to KDE doesn't mention deleting XFCE4, just disabling it (at > least it didn't at the time I read it). So presumably you should be able to > switch between them with 2-3 commands in the tty terminal. You mihgt want to > double-check that though, for example can you keep switching between them > multiple of times without causing any harm to the system? Correct. I have had both on and functioned fine. For secuirty I see little difference other than maybe the amount of code. The more code ,all things being equal, the more possible holes errors surface area to attack. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a9babef-ccf3-44d9-89f5-4b4b3640e745%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security questions (templates and kde)
On Tuesday, March 6, 2018 at 5:24:50 AM UTC+1, sevas wrote: > Thank you both for this enlightening talk, and especially Yuraeitha for such > a lengthy researched opinion! > > We speak of stability. Stability and vulnerability go hand in hand, dont they? > > I love the kde plasma desktop and I would like to have it. But it looks like > a complicated GUI that probably is not as secure as something more simple. > But again, the non-root GUI is not going to connect to the internet. > > My previous feelings were to use one template for internet access and one for > background/desktop/personal use. But that may not be needed since > applications available in a template are not necessarily used in the appVM. > Is that correct or would there be some data leak? > > XFCE is something I havent used in a long time, but I will surely look into > my customization techniques before I make a big move. About the stability going hand in hand with vulnerability, I view it the same way too, though it's not always the case if it isn't possible to exploit it, which also isn't always possible too. Qubes once used KDE btw, you can find the discussion that made the change from KDE to XFCE5 here https://github.com/QubesOS/qubes-issues/issues/2119 Some of these issues I believe have changed though, what is perceived as "ugly" was back then a bit of an unlucky controversial statement due to different subjective opinions and it caused a bit of a stir in the KDE community. But I believe KDE also corrected some of those issues since then? It's a good idea to keep your critical offline app's and data in an offline VM btw, keep doing that. You can also find multiple of official Qubes recommendations suggesting this offline AppVM move. For example the Split GPG guide in the Qubes doc's recommend this approach in order to keep your GPG keys more secure from being hacked. For example if only one application makes an outgoing opening in the firewall in the AppVM, then data in that AppVM might be opened to risk through exploits and attacks to that established connection. I have about 15-17 AppVM's which I use, not including the ones I don't use or templates, and I'm probably a light AppVM user compared to the more extreme ones. If it seems overwhelming though, try start with a set smaller number of VM's, then as you get used to it, try expand with a couple of VM's at a time. Think about what it adds to security or practical use-cases, and keep reviewing your VM layout :) I believe there should be no issue switching between XFCE4 and KDE though, since the guide to KDE doesn't mention deleting XFCE4, just disabling it (at least it didn't at the time I read it). So presumably you should be able to switch between them with 2-3 commands in the tty terminal. You mihgt want to double-check that though, for example can you keep switching between them multiple of times without causing any harm to the system? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3abb784a-7596-4fce-9f2b-5eeec293d94f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security questions (templates and kde)
On Tuesday, March 6, 2018 at 5:24:50 AM UTC+1, sevas wrote: > Thank you both for this enlightening talk, and especially Yuraeitha for such > a lengthy researched opinion! > > We speak of stability. Stability and vulnerability go hand in hand, dont they? > > I love the kde plasma desktop and I would like to have it. But it looks like > a complicated GUI that probably is not as secure as something more simple. > But again, the non-root GUI is not going to connect to the internet. > > My previous feelings were to use one template for internet access and one for > background/desktop/personal use. But that may not be needed since > applications available in a template are not necessarily used in the appVM. > Is that correct or would there be some data leak? > > XFCE is something I havent used in a long time, but I will surely look into > my customization techniques before I make a big move. I recommend you listen to Chris here though. As mentioned some people are much more knowledgeable than I about security while I'm still only an early learner (and he's one of those who are much more knowledgeable). I also learned from reading his post as well. You can use my post to put forward new questions though (keep learning and dig deeper over time), but use Chris post for actual answers here regarding the security, he's way more credible. Notice too how he legit dismantles my argument "that Fedora is the slightly more secure one", when it turns out Debian appears ahead of Fedora in terms of security, and it seems like it might not be by just a little either. I stand corrected, I need to read more on this topic. Keep learning though, it's awesome you ask and try find answers to questions like these. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9dcc60e-e397-4ec6-b8fb-4c5cc8c20646%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security questions (templates and kde)
Thank you both for this enlightening talk, and especially Yuraeitha for such a lengthy researched opinion! We speak of stability. Stability and vulnerability go hand in hand, dont they? I love the kde plasma desktop and I would like to have it. But it looks like a complicated GUI that probably is not as secure as something more simple. But again, the non-root GUI is not going to connect to the internet. My previous feelings were to use one template for internet access and one for background/desktop/personal use. But that may not be needed since applications available in a template are not necessarily used in the appVM. Is that correct or would there be some data leak? XFCE is something I havent used in a long time, but I will surely look into my customization techniques before I make a big move. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/189c4ff2-0d71-4244-a51f-0a6f0dec1f3a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security questions (templates and kde)
On 03/05/2018 05:39 PM, sevas wrote: Does choosing a TemplateVM have any tactical advantage to security? Does installing KDE have any tactical disadvantage to security? The different operating systems used by the templates may have their own security profiles with varying advantages. Some specific points: * Debian is probably your best choice for all-around security and functionality, particularly for people asking the above questions. The Debian template currently, however, comes in a fairly 'minimal' form which is more secure out of the box but needs a bit of attention to make it more functional. A shortcut to adding desktop features to Debian is to use 'tasksel' and choose a desktop type such as KDE, Gnome, etc. * KDE is used in the Whonix templates distributed with Qubes. Its fine for use in template-based VMs. * IIRC, Fedora was initially chosen by Qubes developers out of expediency and they have stated an intention to eventually move away from Fedora toward something like Debian. In particular, Fedora's downfall is that its one of the very few distros that don't sign/secure their overall software manifest; a MITM attacker can prevent you from receiving specific bug fixes without you realizing. * The fedora-minimal templates may enhance security for some users and admins familiar with Linux, but the above software security problem still exists even there. * Some specialized and experimental templates exist that (supposedly) have security advantages. You can do a search for 'unikernel' for example and try that if you're apt. * Template security can be enhanced in other ways that are not very complicated. For example, you can enable sudo authentication[1] in VMs and enhance that further by adding a service like Qubes-VM-hardening[2]. AppArmor and other measures can also be enabled, but they're not distro specific. Finally, Qubes is designed so that the biggest factor in maintaining security is always how you divide up your data and workflows between VMs; Choice of template isn't as critical. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/acfd4c47-66a2-caa6-99bb-05002d50d970%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Security questions (templates and kde)
Does choosing a TemplateVM have any tactical advantage to security? Does installing KDE have any tactical disadvantage to security? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32ffe776-6876-4b12-8a21-e76d6dd74818%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
