zlacker

[return to "Qubes – Secure Desktop OS Using Security by Compartmentalization"]
1. mrotte+Bl[view] [source] 2014-10-08 22:29:46
>>tete+(OP)
While I am all for virtualizing, it doesn't help security. It just moves the exploit from your OS into your hypervisor. Even worse, you add a whole new level of exploitable code.
◧◩
2. spindr+Ql[view] [source] 2014-10-08 22:33:21
>>mrotte+Bl
Of course it improves security. On Qubes, someone who can exploit your browser (pdf reader, word processor) doesn't automatically get free rein on your machine. They still need to escape Xen.
◧◩◪
3. mrotte+lo[view] [source] 2014-10-08 23:20:31
>>spindr+Ql
Nope. If somebody exploits your PDF reader, they still have to circumvent the OS. Sound familiar?

Now instead of one layer with hardware contact, you have two (assuming you want performance too). Twice the attack surface.

◧◩◪◨
4. wyager+Rq[view] [source] 2014-10-09 00:08:20
>>mrotte+lo
> If somebody exploits your PDF reader, they still have to circumvent the OS.

That is correct. This is probably why privesc exploits are much more expensive than adobe reader exploits.

You are kind of arguing against yourself here.

[go to top]