zlacker

[return to "Open source Qubes OS is ultra secure"]
1. ori_b+o4[view] [source] 2010-04-08 16:15:52
>>dreemt+(OP)
I'm not sure how putting things on different VMs improves security - If the VMs can communicate with each other seamlessly enough for the system to be usable, then there's a hole big enough for the virus to just kind of step through and damage the other machines without even running on them.

On the other hand, if usability drops because the VMs are actually isolated - and this seems to be the approach that was taken - users will simply consolidate more applications on one machine, and infect everything at once this way.

◧◩
2. hga+P4[view] [source] 2010-04-08 16:27:17
>>ori_b+o4
Perhaps you could define "seamlessly enough for the system to be usable"?

The architecture envisions consolidating applications by domain, e.g. one for your social networking, one for banking (and that would be very locked down, e.g. http(s) only), etc.

It accepts that there will be comprise (or so I gather) and is explicitly designed to mitigate it. For me, that improves security significantly (I already do a form of this by running three browser instances on two machines).

It's a very pragmatic approach, and I can see from the lead's background why she'd take it.

[go to top]