zlacker

[return to "Qubes – Secure Desktop OS Using Security by Compartmentalization"]
1. mrotte+Bl[view] [source] 2014-10-08 22:29:46
>>tete+(OP)
While I am all for virtualizing, it doesn't help security. It just moves the exploit from your OS into your hypervisor. Even worse, you add a whole new level of exploitable code.
◧◩
2. vidarh+eo[view] [source] 2014-10-08 23:19:20
>>mrotte+Bl
That's nonsense. It doesn't automatically help security.

But compartmentalization does mean that barring a hypervisor exploit, each exploit can potentially be prevented from affecting more than a small part of the system.

I care a whole lot less if Chrome is exploited if it can't access my ssh keys, for example (not that I wouldn't still care, but the potential damage would be limited).

◧◩◪
3. mrotte+oo[view] [source] 2014-10-08 23:21:37
>>vidarh+eo
Why don't you just use different user accounts and permissions? That way you don't have to trust extra code and can achieve the same goal.

Edit: But the way you talk to me, obviously I must be stupid.

[go to top]