... I know firmware viruses are rare, but still better safe than sorry. I am looking for safe OS to do online banking from. If i use live usb of QUBES, does that protect me against all firmware viruses ? ...
Also i can't disable all my disks in BIOS, could that be problem ? .... So my main OS can't compromise Qubes. ...
... I wanted to dedicate my old pc for online banking, but Qubes doesn't work there.
I understand, that Qubes compartmentalizes OS and parts of OS don't have access to other parts of the OS. So even if you had virus in your firmware of a network card, it wouldn't matter. I know firmware viruses are rare, but still better safe than sorry. I am looking for safe OS to do online banking from. If i use live usb of QUBES, does that protect me against all firmware viruses ? I wonder. Even there is like 0.2% chance of being infected with it. Also i can't disable all my disks in BIOS, could that be problem ? I mean if i use live-usb and don't boot my main OS, when usb is plugged in. So my main OS can't compromise Qubes. And even if disks were enabled and i boot up Qubes from live usb, i am not sure if it could get infected, because these viruses has to be loaded somehow right ? But if they are passively on the disk and you launch 2nd OS from live-usb, not sure if it could get infected like this. I wanted to dedicate my old pc for online banking, but Qubes doesn't work there.
Well that's the problem indeed, knowing if you are clean from firmware viruses in the first place. But i don't suspect i have firmware viruses and i have new pc. It takes a lot of time and money and no one would bother to infect specific user. I am no one. It could be used in attacks on multi peoples, or if already some firmware virus existed someone could use it i guess, i don't really know. Even probability is low. I am just acting responsibly about this. If i can use Qubes, than why not right. So if i use Qubes, using ROM optical disk in external mechanic. So i should be generally safe, (nothing is perfect), even if i got firmware viruses afterwards ? I can't unplug disks and disable all of them in BIOS, i am using NVME and it is blocked by GPU vertical mount and it was insane to plug it in the first place and doing that each time, it is not feasible. So if i boot from live CD, not sure if viruses on hard disks could do anything. And i won't be booting from Windows when live CD is in and it would be ROM and i'll use external CD mechanic.Also i don't know what i was saying previously, but i can't dedicate old pc for banking at least with Qubes, it doesn't work there. So i would be using it on my main PC. But if i used other Linux on my old pc and dedicated it only for online banking, that should be safe right ? Even if i had it long time, so i could have potentially some firmware viruses, that could impact security in future. Even if i had them and they didn't do anything so far. I don't know.
That being said, it is extremely difficult to reflash your BIOS when running a general OS in the normal user context, and even more difficult when running a virtualized system such as Qubes. So, if you can prevent the machine from booting from any external devices then you have just raised the bar for that adversary.
Problem with cd is: every time update for browser comes out, you would have to burn qubes on new cd. I don't know if it is okay to run old browser to access bank. How often you should upgrade your browser.