no bootoption for windows 10

[stefan.g...@gmail.com]

Hi,

I installed Qubes today. I thought it will add my windows to grub, but it haven´t.

I wanted to add windows manually to grub, but i have no access to the grub files. I am completely new to Qubes and need some help please.

Thanks,
Stefan

[Alex]

What I'm going to tell is not the answer to your question; it's just an
outside-the-box consideration on your goal.

As you may know, the main goal of the qubes project is a big forward
leap in workstation security, and this is achieved through multiple
layers of isolation.

One of these layers relies on hardware integrity and side channel
attacks (i.e. attacks not done on a live qubes system), hence the
general discouragement on dual booting it with anything else.

Since you say that you are new to Qubes, I'd guess you jumped in with
the wrong approach: just another OS to try. This approach is fine by
itself, but the method to successfully try Qubes is not dual booting,
but using the live usb distro.

TL;DR: if you want to try qubes, don't dual boot it, but use the Live
USB instead. If you like Qubes, but want to keep Windows, then you are
not sure you like Qubes. In this case, keep a separate computer for
windows use and install Qubes on a different computer. If you do really
really like qubes, you may want to try a Windows HVM inside of an
installation. Don't dual boot it unless you are a solution developer /
integrator, or have a really strong motive to defeat its main purpose
(security) and just want to play around.

--
Alex

[stefan.g...@gmail.com]

Thank you Alex for you answer.

I love video games and thats because i need Windows...

I thought i could use Qubes in dual boot for better security and anonymity in web.

I have no idea of side channels attacks but i seems to be dangerous.

Can you help me please to remove grub, so i can start windows again?

[Alex]

If that's the case, then a Windows HVM will not help you - the graphic
performance is not the best.

The problem with video games is that either they are perfectly legal,
and typically include DRM technologies that work like viruses/rootkits
(and may pose a security risk - sony bmg anyone??), or they are not
legal and need cracks/patches to work - and these are typically
distributed by crack repositories that like to add malware to the
original distributions.

Qubes by itself does not give you anonymity: depending on what you are
trying to protect from, you may want to use Disposable VMs and/or TOR,
and you may have to heavily change your habits - if you use TOR and
DispVMs but all you do online is check your
facebook/twitter/gmail/9gag/younameit account, well, I have some bad
news for you...

There's no canned security you can buy off the shelf.

As for GRUB, when I used to fix computers years ago, all it took was
booting off the windows cd/dvd and using FIXBOOT or FIXMBR from the
recovery console. I don't know how it can be done with Windows 10, but
others may help, or you could try a web search for updates on those
commands.

--
Alex

[stefan.g...@gmail.com]

I only play legal games I bought, but I know what you mean. I dont care in this case. Thats the reason why i wanted to use another OS.

Yeah i knew disposable VMs and TOR, i wanted to use them in Qubes. That would be very dumb to check your accounts...

Okey thanks, i will try to restore the bootfile from windows with the dvd.

[stefan.g...@gmail.com]

maybe you can help me a little bit more?

what encryption would you use for linux/windows?

what is your opinion of tails?

Thanks for your time

[Alex]

The answers for your questions depend on what your goal is. If your goal
is online anonymity / security (as in "not getting malware from web
sites"), as you stated in a previous message, then encryption is useless
on your threat model.

And my opinion on TAILS is a nice prepackaged linux distro for unlikely
extreme situations I won't easily find myself in - I'd be long dead
before reaching the point of needing TAILS.

It seems to me that you do not have a clear idea of what you are trying
to obtain; first, focus on what you want - it may help figuring out your
"enemies". Then design a security strategy around the threats. Then you
can choose the right tools to fulfill those strategies.

I have a laptop and a workstation. I use fedora with full disk
encryption on the laptop, because my enemies are casual thieves that may
steal my laptop and I carry work-related private data, but it's only
used for work demonstrations, so I don't need isolated domains nor high
network security. My workstation is instead used for reverse
engineering, developing, remote administration through ssh, and personal
things (involving 2 skype accounts). Here I love Qubes for the isolation
it provides between work/personal/skype/reversing(dangerous) domains,
and I'm less afraid of it being stolen (or any evil maids) - so I have
no problem with it being put to sleep instead of being completely turned
off. I don't have modeled any institutional enemies, because they are
expensive to defend against, but I have some threat models for the
workstation too - namely, the skype for linux monolithic binary,
possible malware from the reversing work, and unknown exploits in the
firefox browser.

To answer your question, anyway, any full disk encryption
(luks+cryptsetup, bitlocker) may suffice if your adversaries are not
going to spend a lot against you. I do believe in thermorectal
cryptanalysis above technical sophistications unless lives are at stake.

--
Alex

[stefan.g...@gmail.com]

Thanks for that informations Alex.

No I need encryption for my data on ssd. So when I get malware on windows it can affect other linux os?

That sounds very dangerous, but eciting too. I don´t think that I´ve got enemies out there. I just want to change my online security/anonymity. So I try some things, but I can´t disclaim windows.

I´ve got a workstation and a notebook. Both running windows, because I need it for work too. On both I have data to protect.

How should I encrypt my data with windows?

> To answer your question, anyway, any full disk encryption
> (luks+cryptsetup, bitlocker) may suffice if your adversaries are not
> going to spend a lot against you. I do believe in thermorectal
> cryptanalysis above technical sophistications unless lives are at stake.

So you think any encryption will fail, when you spend enough time & material?

-
Stefan

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 06/16/2016 10:38 AM, stefan.g...@gmail.com wrote:

> So you think any encryption will fail, when you spend enough time &
> material?

https://xkcd.com/538/


- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXYmZ1AAoJEC3TtYFBiXSvZ7MP/i/h2b/9Txkl2SCf5NJXGy+x
KSAJCO5J/3WK1LryJwUzvUetN4QtjpVeyafvMiky/R8OfYHw+znP6icHf8Oh/0Q9
tJbI9pOYYMELYczylMnmUWsaGUV8tP+gBjDSckHFE1I1kHvHu+x2dNFcZDdWvozY
og9l3WMpywgZE3maWCGZIQ0hnYfx77Mmju9mV1NHemdw4YoP4CGMhd6hWf8pS+mV
OqhMVWHhPxzAdHI9CjW/DfK1jUkfmCKYg3PtFxBgjcG6yi5cMKv6+3kZEBoz10qX
i3NoS9MUTSdAgpMYDzBvKAxqxyX49wMovBHt3Z9TudrNflKWIW2C5dYC2MaoTo/N
x81pD3DGktY0Z+FY7WazcM63XNOC3TyK7bWzMtfiRIwdQbyoxc7eDSGgoX0ZXQiC
L6ac1d3V7X5hqokNIXtNOEIBl01Z87Sj61ubdoxqIb+OYJAhMD2ngfWDFtskHOSE
BwmLLjY+TEP8k4+sS6Lsov9zcFBUQDvRorEEJJttEcz8r8enRPaQhrTIDMx52Egp
XAGxlRMWL6SC1d8P8TnklujvOf8pg2tDdNzeTOILNDkGu3c61cPqhOZddd2xGmXR
IMlyuyekHk+ir3lgGyxPQMnEAhvykIBVLlbdWqryXkx+7mvYMQiY2gGNxWAQNXXV
9L8l4+AHFkLzXExueL7V
=DKth
-----END PGP SIGNATURE-----

[Alex]

On 06/16/2016 10:38 AM, stefan.g...@gmail.com wrote:

> No I need encryption for my data on ssd. So when I get malware on
> windows it can affect other linux os?

It could install a different bootloader, and take control of any loading
OS should it be designed to do so. It's also extremely unlikely that
such a sophisticated tool would be freely found on the Internet; as I
said before, you should proceed with order and model your threats first,
and think of a sensible defense later.

> That sounds very dangerous, but eciting too. I don´t think that I´ve
> got enemies out there. I just want to change my online
> security/anonymity. So I try some things, but I can´t disclaim
> windows.
>
> I´ve got a workstation and a notebook. Both running windows, because
> I need it for work too. On both I have data to protect.

In this case Qubes is quite nice because it may help separate your lifes
- eg. threats that may harm your personal life (data exfiltration,
malware) have a hard time expanding to other environments.

As for online security, disposable VMs add another layer of insulation.

> How should I encrypt my data with windows?

I've been using TrueCrypt (when it was still maintained), DiskCryptor (a
fork/port of truecrypt to support Win 8 and later), but I would suggest
bitlocker for the same scenario, which is protection against casual theft.

If your enemies are keeping you in their crosshairs and are willing to
spend, you will want to make sure of always turn completely off your
computers when you are not using them (cold boot attacks likelihood
reduced) but in the end nothing purely computational will protect you
from the XKCD scenario Zrubi linked.

> So you think any encryption will fail, when you spend enough time &
> material?

Yes, if it's protecting anything worthy to a human.

--
Alex

[stefan.g...@gmail.com]

I don´t think, this scenario will happen to me. @Zrubi

Thanks, I have understand Alex.

I will use Bitlocker on my notebook. I also will use Bitlocker for my windows on workstation.

Can I use fedora in multiboot? I want to install a linux system on my workstation that has virtual machines support.

[Alex]

On 06/16/2016 11:19 AM, stefan.g...@gmail.com wrote:

You can use any system you like - even Windows supports virtual
machines, with vmware/virtualbox/younameit. Fedora will do, you will
have to install virtualbox or any virtualization system of your choice.

--
Alex