I've been thinking of transitioning over to Qubes for security reason - If yall wanted to take down someone who used Qubes, how would you crack their PC?
So what do yall think of Qubes OS?
Joshua Hughes
Other urls found in this thread:
Jaxson Cook
fuck off pedo
Camden Parker
With sufficient funds I'd just replace your PC with an identical one that sniffs any passwords required to bypass full disk encryption and transmits them to me, then just unlock your actual PC using this information.
This can of course be defended against (e.g. only boot your PC while it's in a good Faraday cage with proper isolation) but you're not going to do that (and if you do that but then leave the Faraday cage without turning off your PC, then that would give me the opportunity to just steal your PC and read off the contents of your RAM).
Alternatively I could implant a sniffer that would transmit me everything from your keystrokes to the contents of your memory in real time. I could even replace your motherboard with a malicious one that did this, thus eliminating the possibility of visual inspection revealing any chips or inserts since there would be none. This has the advantage of you not suspecting anything is wrong and continuing to use the compromised machine.
On the other hand, if I'm not the NSA, then I probably won't be able to compromise a simple hardened, well-administrated Debian install.
James Jenkins
Is there qubes gentoo?
Austin Kelly
Any distro is topologically equivalent to any other distro so you could probably start with a Gentoo install and arrive at a Qubes setup, yes.
Landon Anderson
I've heard a lot of hype about these secure Linux distros: QubesOS, ParrotOS, and the like. I never understood - what exactly is it about them that makes them more secure than, say, Arch or Fedora?
Brandon Miller
I attached an image of the architecture in the image: they compartmentalize the OS into several virtual machines so that if some malicious code is executed in one virtual machines then it can't affect another virtual machine.
Asher Miller
It seems cool but I wouldn't use work computer for personal use and vice versa. I suppose it's an okay idea, though.
Watch this video qubes-os.org
Adam Nguyen
Henry Fisher
Everything is isolated in VMs. So if you get a virus while browsing malicious porn sites, that's fine, because now your "web browsing" container is fucked but everything else is fine. Trash it, rebuild it, and all you've lost is your browser history. So you can literally run Firefox as root with Flash enabled by default, and where that gets Gentoo infected, on Qubes everything outside your ff container will be safe.
Unless there is a vulnerability in the hypervisor or some of the systems used for intercommunication between containers, of course, and you get a virus exploiting that. But with Linux being around 2% of the desktop market and Qubes like 0.1% of that, you're not gonna find any viruses for this. On the other hand, if hypothetically vulnerabilities do exist (which they do), and you attract the ire of the NSA, and the NSA knows about the vulnerabilities (which is impossible to predict, but not unlikely), then obviously you're still screwed.
Or, you know, something like Meltdown can come along and make literally any sort of software-based separation, VM or otherwise, completely irrelevant
Juan Anderson
I mean... Am I wrong?
Dominic Reed
Yes, on so many levels I'm high in space
Nolan Thompson
So what would stop someone from doing what I said
Note that time and difficulty is not a concern - I never claimed it would be a remotely practical thing to do, only possible
Chase Morgan
Interesting.
Jacob Jones
I guess that could get past all the systemd bullshit
o did I mention qubes uses systemd
Connor Flores
It's a harmful, complex bloat. Assume there's a bug per 100 lines of code. This means there's a lot of bugs to use to take the OS down!
Carson Powell
Could you name some examples?
Asher Lee
>you can literally run Firefox as root with Flash enabled by default
But you shouldn't, because that's a good way to get fucked by the VM escape vulnerability or CPU bug du jour.
Leo Walker
If he could name examples, he would be too busy rolling in cash to make that post.
Xen is one of the most heavily audited pieces of software on the planet - since, you know, EC2 runs on it, among other things - and the rest of Qubes' VM-facing components are pretty compact and presumably written by people who aren't complete idiots.
William Murphy
Provided you're not being personally targeted, who the fuck adds VM escape capabilities to their Flash malware? I mean in theory, yeah. In practice, I'm pretty sure it's pretty safe.
Not that you're wrong - there's no practical reason to do this so you still shouldn't. The risk is still pretty much negligible though.
Samuel Williams
If nobody's targeting you, there's very little point in using Qubes at all. Garden-variety malware can be avoided with much less hassle.
Aaron Rodriguez
I said as much in my post. The main purpose of installing Qubes is to satisfy autism. On the other hand, if you're actually going through all this trouble not because it's fun but purely in the name of security, then not running Firefox as root should go without saying.
Zachary Walker
Or, you know, in case you're actually being targeted. Happens sometimes.
Matthew Williams
Read my entire post, preferably second sentence.
Also, while we're at it, if you're being targeted the best bet is probably a liveUSB with tor that you'll use only in public places without distinguishable patterns. Tails or heads is adequate for that.
Adrian Nelson
Nothing can satisfy my autism quite like virtual machines. They are tasty fuckers.