zlacker

[return to "QubesOS – A reasonably secure operating system"]
1. legran+Bf[view] [source] 2023-07-11 19:15:18
>>TheFre+(OP)
What kind of threat model requires someone to use Qubes? I know Snowden uses it and there's even a testimonial of him on the Qubes site recommending it. Is this for people on 'lists' or are high value targets because they visited the wrong site or said something the authorities didn't like and their machines are now being targeted?
◧◩
2. though+eh[view] [source] 2023-07-11 19:23:39
>>legran+Bf
I know what Theo says about (x86) virtualization[1], but I think it's still useful to virtually separate your random browsing the web from things like health and banking, or where you keep your ssh keys (if you don't use a Yubikey or similar to keep it off your laptop) -- or other secrets.

You can be a victim of a random drive-by, you don't have to be a person on a "list".

[1] https://marc.info/?l=openbsd-misc&m=119318909016582

◧◩◪
3. Syonyk+vm[view] [source] 2023-07-11 19:47:51
>>though+eh
Yeah. He's probably right. When we first saw Meltdown/Spectre/etc, and he preemtively disabled hyperthreading out of an abundance of paranoia, turned out he was right...

It's all broken, all the way down. However, compromising a browser or kernel is still a lot easier than compromising a hypervisor. At least in terms of number of known exploits.

Qubes tends to make very limited use of the riskier parts of Xen anyway, though. A lot of the security notices for Xen don't apply to Qubes because of how they've configured things or what features they use.

[go to top]