Security advantages of static DVMs for sys-VMs?
41 views
Skip to first unread message
fiftyfour...@gmail.com
Jul 16, 2020, 5:54:06 AM7/16/20
to qubes-users
Hi there,
I read about running sys-vms as static disposable VMs on the Qubes documentation site, then on the Whonix guide to Qubes security. I have my reservations about this (but then I'm no expert) and it feels like the outcome will be unstable and hard to use. However, since this is on both the Qubes and Whonix sites, this is probably worth looking at.
What do you think about using static DVMs as sys-VMs?
Peter Funk
Jul 16, 2020, 6:26:10 AM7/16/20
to fiftyfour...@gmail.com, qubes-users
fiftyfour...@gmail.com asked:
The basic idea of disposable VMs is, that any bad change to
this virtual machine is disposed (thrown away) after a restart
by returning to an "known good state" automatically.
However: If it was possible in the first place that something
bad happened to this "known good state" then starting over
will not remove this possibility for future events.
Throwing everything away will also delete any evidence that
something bad might have happened to this part of your digital
life and will make later analysis of the events harder.
I think those disposable VMs are great if you want to enter
new unexplored territory and want to keep the risk of your
experiments under better control.
However if for example you use an external USB keyboard (as
most of us must today as the old PS/2 connector is dead) and
you have this device connected to your Qubes OS laptop using
the ordinary USB socket then I see not much gain by bothering
about making sys-usb a static DisposableVM.
Please correct me if I'm wrong.
Best regards, Peter.
--
Peter Funk ✉:Oldenburger Str.86, 27777 Ganderkesee, Germany; 📱:+49-179-640-8878
✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany
☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/>
> I read about running sys-vms as static disposable VMs on the Qubes
> documentation site
> <https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys->,
> documentation site
> then on the Whonix guide to Qubes security
> <https://www.whonix.org/wiki/Qubes-Whonix_Security>. I have my reservations
> about this (but then I'm no expert) and it feels like the outcome will be
> unstable and hard to use. However, since this is on both the Qubes and
> Whonix sites, this is probably worth looking at.
>
> What do you think about using static DVMs as sys-VMs?
I'm no real expert either. But from my knowledge so far:
> unstable and hard to use. However, since this is on both the Qubes and
> Whonix sites, this is probably worth looking at.
>
> What do you think about using static DVMs as sys-VMs?
The basic idea of disposable VMs is, that any bad change to
this virtual machine is disposed (thrown away) after a restart
by returning to an "known good state" automatically.
However: If it was possible in the first place that something
bad happened to this "known good state" then starting over
will not remove this possibility for future events.
Throwing everything away will also delete any evidence that
something bad might have happened to this part of your digital
life and will make later analysis of the events harder.
I think those disposable VMs are great if you want to enter
new unexplored territory and want to keep the risk of your
experiments under better control.
However if for example you use an external USB keyboard (as
most of us must today as the old PS/2 connector is dead) and
you have this device connected to your Qubes OS laptop using
the ordinary USB socket then I see not much gain by bothering
about making sys-usb a static DisposableVM.
Please correct me if I'm wrong.
Best regards, Peter.
--
Peter Funk ✉:Oldenburger Str.86, 27777 Ganderkesee, Germany; 📱:+49-179-640-8878
✉office: ArtCom GmbH, Haferwende 2, D-28357 Bremen, Germany
☎office:+49-421-20419-0 <http://www.artcom-gmbh.de/>
unman
Jul 16, 2020, 8:48:52 AM7/16/20
to qubes-users
are as stable as a normal sys-VM and transparent in use.
Peter - I think you are missing this point - when you set up (e.g) a
disposable sys-usb you need not start the template before creating the
disposableVM. That means that there is (almost) no prospect of the
"known good state" being compromised.
In the USB case, if someone were to access your computer with a BadUSB,
then they may be able to dump a payload which could then compromise any
other USB devices, or possibly other qubes. Using a disposable sys-usb
reduces this risk.
I routinely cycle my usb qubes after removal of any device.
fiftyfour...@gmail.com
Jul 17, 2020, 10:34:30 AM7/17/20
to qubes-users
On Thursday, 16 July 2020 20:48:52 UTC+8, unman wrote:
54th - static disposableVMS are neither unstable nor hard to use. They
are as stable as a normal sys-VM and transparent in use.
Unman, you're right. I was being overly cautious and, to be frank, scared of making my OS more complicated, but it's worth it.
Peter Funk wrote:
Throwing everything away will also delete any evidence that
something bad might have happened to this part of your digital
life and will make later analysis of the events harder.
Logs aren't really a concern for me, but it's still something that I should look at for DispVMs. Thanks
Reply all
Reply to author
Forward
0 new messages