Qubes-OS nature.
78 views
Skip to first unread message
Jason Long
Jul 4, 2020, 3:40:58 PM7/4/20
to Qubes-users
Hello,
The Qubes-OS is secure in nature or just secure in Virtualization?
How about the system resourced that it using by default?
Thank you.
Sven Semmler
Jul 4, 2020, 3:56:24 PM7/4/20
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 7/4/20 2:40 PM, 'Jason Long' via qubes-users wrote:
> The Qubes-OS is secure in nature or just secure in Virtualization?
> How about the system resourced that it using by default?
Could you please explain your question a bit more?
Qubes OS is based on the Xen Hypervisor and runs VMs as compartments.
The security benefit is the isolation of the compartments from each
other and the underlying hypervisor.
What do you mean by "nature" opposed to "virtualization"?
The hypervisor itself runs on your hardware. How much you want to
trust that hardware depends on what you are using and what your thread
model is.
There are no simple answers. Please ask more specifically.
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl8A3n0ACgkQ2m4We49U
H7aVDBAAnpk2lchkss/siUk40KLT1K6pYrDuziXWbuDZvu+3JQrEXAQxQBNFBY77
GXVEi8CWn2vTlkrQ/SYjUJo6ReUdCJ5v2gnJz6RRUHssXt2jsDgDfhXHFhj4eo1H
O81PxpteOk6A7vTtWyDUTP+s3wG+k7wLkRTbB1UXF/984G0F7bNHGHwHkmZqdwZL
Fc03uJfX/ZfUd5CjSUvXAOxAgh/CAmNj4tWHv48CBbWPFV7ABxA4sBdGMwdc20P0
B+sM8oBCPEmXpUi+gbdaSW77RsKeBrX7IYBZqctgL8OjOk/23Awo4P+NIZz60bQ7
ehcpxphP6Q2+UodGluHmgUJRevXx8oHTwcvPDYhiJ9N9b/mtTCRfJiiMUjIXrMFm
TBxIJo7NWBpgEuV7dUZgqzWQLpVhJB7sy3mxBjgltmdDOa16w7BC1L5M/NJ36ByS
Yp4EZ2Vw6eb71Hk9FfF1aEVknmipUqQirCAAH2Xv3MMI2WfsxGMwx+V7unhHcA6K
TU41zAO2c3f0cag4uMWRW9D+zD6sBWZdLkLuGtVPITaKSxwB6clq+6vgG8a6cMWp
zEvpFc7EJwKdkmwJLK7ni7Amz8hsMMZ7Lj4qcAU9gwcah4UDIeEtDJRPFx65O59L
18bknJXfUKYvbynYj73up6FrGLIkTRe9QLW8ZBlyawJz7niWbDU=
=DWDL
-----END PGP SIGNATURE-----
Hash: SHA512
On 7/4/20 2:40 PM, 'Jason Long' via qubes-users wrote:
> The Qubes-OS is secure in nature or just secure in Virtualization?
> How about the system resourced that it using by default?
Qubes OS is based on the Xen Hypervisor and runs VMs as compartments.
The security benefit is the isolation of the compartments from each
other and the underlying hypervisor.
What do you mean by "nature" opposed to "virtualization"?
The hypervisor itself runs on your hardware. How much you want to
trust that hardware depends on what you are using and what your thread
model is.
There are no simple answers. Please ask more specifically.
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl8A3n0ACgkQ2m4We49U
H7aVDBAAnpk2lchkss/siUk40KLT1K6pYrDuziXWbuDZvu+3JQrEXAQxQBNFBY77
GXVEi8CWn2vTlkrQ/SYjUJo6ReUdCJ5v2gnJz6RRUHssXt2jsDgDfhXHFhj4eo1H
O81PxpteOk6A7vTtWyDUTP+s3wG+k7wLkRTbB1UXF/984G0F7bNHGHwHkmZqdwZL
Fc03uJfX/ZfUd5CjSUvXAOxAgh/CAmNj4tWHv48CBbWPFV7ABxA4sBdGMwdc20P0
B+sM8oBCPEmXpUi+gbdaSW77RsKeBrX7IYBZqctgL8OjOk/23Awo4P+NIZz60bQ7
ehcpxphP6Q2+UodGluHmgUJRevXx8oHTwcvPDYhiJ9N9b/mtTCRfJiiMUjIXrMFm
TBxIJo7NWBpgEuV7dUZgqzWQLpVhJB7sy3mxBjgltmdDOa16w7BC1L5M/NJ36ByS
Yp4EZ2Vw6eb71Hk9FfF1aEVknmipUqQirCAAH2Xv3MMI2WfsxGMwx+V7unhHcA6K
TU41zAO2c3f0cag4uMWRW9D+zD6sBWZdLkLuGtVPITaKSxwB6clq+6vgG8a6cMWp
zEvpFc7EJwKdkmwJLK7ni7Amz8hsMMZ7Lj4qcAU9gwcah4UDIeEtDJRPFx65O59L
18bknJXfUKYvbynYj73up6FrGLIkTRe9QLW8ZBlyawJz7niWbDU=
=DWDL
-----END PGP SIGNATURE-----
Catacombs
Jul 4, 2020, 6:33:10 PM7/4/20
to qubes-users
Qubes is secure in how one uses it. I would prefer, that some of the more experienced on here point out a concise checklist of the "how to stay secure" with a list of don't ever do this, and think you are going to stay secure.
There is an old saying, 'Encryption is usually broken in practice, not in theory.' Meaning people do dumb things while trying to stay secure. Like in WW One, when they changed codes on the front lines, someone would lose their new code book, So command, after sending orders in code, would sent the same thing "in the clear" not encrypted. Giving the code beakers a crib.
Qubes security, order of how one uses it, is not just encryption.
I repeat. Be great if one of the more knowledgeable created a concise checklist, "how to stay secure using Qubes."
Sven Semmler
Jul 5, 2020, 4:08:39 PM7/5/20
to hack...@yahoo.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 7/5/20 5:32 AM, Jason Long wrote:
Hash: SHA512
> I just want to use Qubes-OS in general and not use its
> Virtualization feature. Is it secure or just secure in
> Virtualization?
Please always answer to the list so others can follow and contribute
to our conversation.
Qubes OS without virtualization is basically an always offline Fedora.
Any system that is always offline avoids an entire domain of threads.
You still have to worry about physical access, sound, line of sight
and electromagnetic emissions though.
/Sven
- --
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-----BEGIN PGP SIGNATURE-----
H7aP/RAA1qYGccX3oLPHVTOmEufiqCPhd2MSNhR3aDYuugpQxsS/S6bnIwccehS1
+xmqhUFNFECVPnR2Af0N56KNzLN3y8QQnq99Ky2O93wGILx0Hk9imrAXh8ITuzHu
zTrIKB7AyxY8xl2yDXRq66jVJr/G+aUFAKafilOEA8lyLYE4YmMrgOop9O+ksnpP
5Ymfkm61Z3NpIFl5w11qMkeqowEW9pT/YxKYmOwp5851Nv5fsMIKRz+TMqvsr5+Q
V0zne+hE5WYgO8fZBd2Imw4pEiE6en13aicmOaHSXvZ8yyAymzgAGDmXfHP75qGP
aOt9rmMYihC2LuG4i4SiTjh7g//tBwSiaO/EirEeGtxh8Eft4+j6+JuKSl5yT6wf
dXu4sD41GahNnsNAwWbDQ7QH49uzXuc3xn8FwRtWJzDwAyGb7OgDVydfb4HIFNJ/
Zu12+QG3PcVolZu271x0xKSWnd9rw7g+ooTcO4S+z8seq5axHvETDbqWxEzHDx0N
uhpbv53X+2tPwvoI+ndLpEdP6gTdRfCaytfNtUyELNDdRSDhW34rpW+m6KLBNs9W
MNxxVf1Hw4dG2diFCkwk508NK+XrTdY09uhwqggvVtFFezOaEdUzuZE1kANMvpnz
IrtEnoy/XckTgADcUi5zlnyPc48K/DYkBJE0kyg8yQtO72GWtzU=
=6Bnk
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages