Some time ago i sent an email about an idea of video presentation here is an initial text idea if someone have time to read it to find if it is good, find mistakes (typo and eventually wrong conclusions), find if i am missing something important, going too much off topic, ... known "bugs": -completly missing template concept and read only file system/home dir persistency should i add it or it is too complex for an introduction video? -the first part "what is a virus" is not strictly qubes related but i think it is very important: you can't say it's safer from virus without explaining people what a virus is, also because normal people usually see a "bad guy" with a mask and a notebook, random green strings falling on the screen, 400lb hackers, (that kind of nosense images) it's also important that people understand why they need a secure os and the best way it's tell them what it is a virus and what it can do. -maybe i should remove some parts like "this has been created when i was at highschool" ok, it's useful to understand how insecure is it but has nothing to do with qubes
i still remember when we got internet at home (56k modem) and who isntalled it said "keep the cable unplugged, plug it only when you need it". i got so many dialers in win 98: connection stop working, the modem start composing a number (you hear that beeps from modem), you see nothing strange on screen. so what i did? unplug so it fail to compose, plug again, click connect, and continue from where i was interrupted! in that old days i never asked myself "omg i got a virus! and it can do EVERYTHING with my commputer! and unpluggind the cable doen't remove the virus" so please think that you are talking to someone that doesn't understand anything about security. some notes: you will see that when i say virus i mostly refer to keylogger and cryptolocker, that's because people know them. i hope that is clear and simple enough. Let me know! Matteo This is what i'd like to say in the video "how qubes is different from ... and why you should use it" Video speech follows: -------------------------- This is a presentation about how Qubes OS differ from other OSes and why it is more secure. This doesn't want to be a complex presentation, it is something that everyone will understand, so there are no complex terms. the most complex one will be "os" that means operaing system (like windows, linux, qubes) and "virtual machine" that means a virtual computer inside a real one: so the virtual computer will have it's own virtual hard disk, virtual ram, and every other needed component is virtual. when i say virtual i mean simulated/emulated (like the playstation or gameboy emulator), so that if you are inside that virtual computer seems just a computer; this is from a technical point of view. in this presentation we will call them "computers" because is what they are. as a qubes os user for you two virtual machines means two windows with a different colour quite simple! so if you have a green program and a red program you will see them like you see them on usual computers (except for the colors) but the difference is that each colout has it's own full computer, so red and green are two different computers. Also please understand that when we talk about computers usually things are true and is also true it's opposite (ex: https protects your data from being intercepted, but under some very specific conditions it can fail). In this presentation we suppose that things like https simply works, if you want to have a more detailed (and advanced) point of view check the second part. To show you how qubes is more secure we will intentionally open a virus on windows and on qubes and analyze the differences and its impact on both oses. we will also show the limits of antivirus solutions. Lets start by saying that a virus is a program, a program like calculator, paint, word, skype, ... so it can do the same things that any program that you know does, the three main differences are that: 1-it's evil and unwanted 2-it doesn't show a window (so you don't notice it's presence) 3-when you run it for the first time it copy somewhere and run automatically every time you start your os (ex: windows) otherwise it would be enough reboot the pc to remove virus (reboot close any running program) another important thing to say is how you get a virus and there are two ways to get one: 1-you "intentionally" open it (double click on it) maybe because you think that is a photo or documentt, or a game, while it's (also) a virus. 2-you are victim of a zero day: an unknown security problem with a program that you use, (usually the browser). this second it's much much much rare. in fact almost always you don't "get hacked" you open the virus yourself. before we open the virus let's see how current oses wokrs and how qubes works: current os are monolithic, they are a single big block with everything inside it, and every program that you run has access to all your files. Qubes is different: if i tell you that when your neighbor gets a virus you don't get the same virus too because of him. what do you say? probably you will say: that's obvious! they are different computers! this is what qubes os does in simple words! it provide you many different and isolated computers inside your real one (they are called virtual machines). So if you get a virus on one you don't get it also on the others. now you might ask and what if one day i open a virus in that virtual computer, another day i open another virus in another different virtual computer, ... until i have opened a virus in every single virtual computer that i have? if you do that you are 100% compromised but as you said you must open many virus to get 100% compromised not only one! and because of this qubes is better than conventional oses. before we continue it's important to uderstand why qubes give you some virtual machines: the idea is that you have a virtual machine for each task, for example: -one for opening emails -one for going to random websites -one to opening only the bank website -... if you want to better understand this concept check the other videos. qubes os has many other great features that makes it better than just a bunch of virtual machines and to better understand them we will open a virus on both and see what happens. now let's open this keylogger and let's see what it can do. ... as you can see the virus, also if it is not running as admin, can have full access to the keyboard and so steal anything you write. and the fact that you use a password manager doesn't help you, the fact that your password manager is password protected doesn't help too. this is quite important because how you can see virus can subvert the way program works and all the programs are designed to correctly work only if you do not have any virus! (truecrypt for example says that clearly!) the password manager password is designed to protect you in case your pc is stolen not in case you get a virus!. and things can also go worse: a virus can encrypt your files (so you notice immediatly that you got a viurs, because you see a pop up that ask for money) or it could steal them and you don't even think you got one. a virus can listen from your microphone, watch you from camera (if skype can do it when you call someone, a virus can too). now let's do the same on qubes. there is immediatly a problem: in which virtual machine we open the virus? we will open it in the "random web browsing" virtual machine, since is where you open almost any untrusted thing: -links -websites more or less trusted -new programs that you just downloaded to see if they are useful ... ok the virus is opened what it has gained? access to this computer? that's not useful! there is nothing here!! no personal files, no passwords, nothing useful! and if it encrypt all it can find well it will encrypt nothing! and you will not pay! now suppose that instead of this vm we open the virus in the "vault" vm where you have stored all your passwords. now think for a moment: we are intentionally opening it there but in real use how would you get a virus there? you never "use" that computer (vm) you only write by hand passwords the first time and then you only copy & paste to other vm when you need to login, how would you get a virus in that vm, is almost impossible! but we will open it there now, seems dangerous! ok we have a keylogger where we store the paswords what it can do? read all our passwords! and then?!?! nothing because it can't send what it got to some bad guy, there is no internet in that vm! so it has access but it can't steal them! that computer is safe also with a virus inside! now suppose that we open a virus in the "email" vm what it can do? steal all your emails and your email password (only one password) it can't steal personal documents photos, passwords, use your webcam ... because they are not there! and if your mails are encrypted it can't even steal your mails! because the key is not there. unlike conventional os where it will have full access and steal mail, passwords, files, encryption keys that protect your mails...) qubes has a special vm to open email attachment or anything you want: a disposable vm. that is a special computer that is used only once annd than is throwed away. so it always start without virus and will delete anything when you close it. in this way you can open email attachments, links, ... in a clean computer and everything is deleted on close. so if someone send you a virus by email (quite common) and you open it in that vm it will only be able to stel the copy of itself because the computer is empty! and when you close it the virus is gone!. as you can see getting a virus is more difficult because every email link and attachment is not opened in the email vm and also if you get one, it can do only a very limited damage. now you might say "but i have an antivirus!", i think that antivirus are not the solution and they are not perfect. antivirus has two main ways to protect you: -block known virus (read: old virus) -block unknown virus because they have bad behavior think for example when you add a password to a file to protect it, now think when a virus encrypt your files to ask you money. the action is the same the purpose is different, antivirus and more in general computers are stupid, and they have no ethics they just follow instructions. if i tell you go out and jump of a bridge you will not do it you will say thats not a good idea! if you tell you a computer delete all the files, personal files, configuration files it will not say "mmm seems a virus" it will just follow the instructions. so antivirus will fail because they have no ethics and is not easy to differentiate between good and bad behavior. another problem is that: 1-someone make a virus 2-you get a virus 3-antivirus is updated and your virus is detected/removed as you can see the timeline there is a delay between when you get it and when it is removed. and that makes you think that everything works! before cryptolockers everyone was happy: -virus writers because they coul steal your data -antiviurs because they sell -you because (maybe one week after you got it) the antivirus deleted a virus cryptolocker changed this, they don't hide they show you a pop up "pay me" and so you can see that antivirus doesn't work very well. that said i think that antivirus are important because they force the bad guy to change/innovate/edit the virus, without an antivirus bad guy could vrite a virus once and use it for 10 years and meanwhile improve it and add other bad features. antivirus force them to keep it simple and force them to revwrite it every time. the same is true for cheaters in games and anti cheat. one last important thing: you don't have to choose between qubes and antivirus (or any other nice security program that you know) you can have both! qubes support also windows not only linux. The problem with conventional oses is that they are insecure in fact people suggest you "don't open suspicius links, emails, email attachments, programs,..." but they never say what suspicius means. if something is suspicius you are intelligent enough to not click it, for example if you receive an email like this: free virus!! to get infected please follow the instructions: 1-download this attachment or click the link that will offer you to download the file 2-when is downloaded open it 3-done but what if you receive something like this (personalized for your country, and in better english): hello, this is the tax office of your government from a check seems you haven't payed your taxes, you must pay 10000€ because you don't pay taxes. if you think that it's our mistake please compile and send the attached module. attached you also find our check result. i bet you will download the "pdf" (or click the link that allows you download it) and then open it! the problem isn't you! it's the os that is insecure!!! mails are designed to be opened! so instead of being constantly worried about opening an email get qubes os and open every single email! the "pdf" problem happens because windows settings are insecure by default: it has as default option "hidde known extensions" so .pdf (document) and .exe (program) are not visible and you can't see the difference between pdf and application (applications has own icon!). the fact that you can tweek that option yes, helps, but if it's designed in that way for each setting that you tweek to improve the security there are others that you might miss, so its better to get something like qubes wich is is secure by design the same is true for usb drives pepole say "don't insert random usb found on ground" but it's a mistake! usb drives are designed to be plugged in a computer and if that found usb might be suspicius the one that your friend gave you isn't and he might have a virus on his pc and usb. again the problem isn't you, the user, it's the os that can't protect you from such a basic task like plugging an usb drive also note that webcam & mic are disabled by default (not attached to a virtual machine) on my pc i have added a physical switch but is important to say that on qubes by default if you open a virus it can't listen your conversation nor spy you from your webcam! ------ quick faq: -are you teaching criminals? why you sugget how to make a phishing email? there is nothing new in there, the only one who can be teached is you -if all the programs are designed to work correctly only if they are without virus how qubes can solve it? it doesn't in fact also if you (only) use the virtual machines we must not forget that there is a real computer behind everything and there is also a special place that manage all these vm, is called dom0 and since getting a virus there would be a 100% compromise you must never use it, virtual machines are there to be used! and since the authors know that people make mistakes there is no internet in dom0 and there is no easy way to copy a file (virus) in there to open it. it's also important to note that it offer some protection against a zeroday: while a single zeroday in a normal os is game over (pc fully compromised); in qubes you need at least two: one to hack into a vm and the other to hack from the vm in dom0, and you can't just use the same twice because they are different tasks. so it has (at least) doubled the difficulty. -can i have the keylogger? where can i download it? you can't it's home made and i don't want it to be used for evil purpose. -is it a super advanced virus? absolutly not and i have made it while i was at high school, this should make you think about how secure your os is. -what if you send me and i don't open it? you are safe! but you will open it, there are so many ways to trick people in clicking things that they souldn't, i prefeer to not publish them because some aren't even used by bad guys, and are unknown also at university (tip: found in one state sopnsored attack, and then never again) that's why you need a secure os! -can it be hacked? i think yes, but not by me (contrary to windows) -if both can be hacked why should i use it? just because both can be hacked doesn't mean that they are equal, qubes it's much harder and this is why you should use it. i usually see this kind of question in politics: "by improving x we have found a way to save 50 M€" and other say "yes but it's not 100 M€" that kind of answer is always true but you should note that it's much better than the current state. ------ advanced faq: -what if a virus uses, for example, acoustical covert channels to exfiltrate data to other computers? appvm hasn't mic input, only output by default so it's a one way communication and as i said above just because it might not be "nsa proof" doen't mean that you should not use it. in fact i think that it is able to stop almost any common virus that i see on the web. and probably some not so advanced state sponsored malware. also this covert channel can be applied on other oses too so i don't get the point of such question. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5a046fc7-feb8-c223-3a9b-92acce7d0e35%40posteo.net. For more options, visit https://groups.google.com/d/optout.
