On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote:
IMO, restoring user and root users in the VMs won't help with
preventing persistent exploits - only removing the persistent storage
will (and taking measures to prevent code execution from it, be it
preserved in some VMs like Whonix-Gateway).
A persistent exploit can't survive as a *rootkit* or command full use of
the appVM if, A) it's method of entry has been patched; and B) user
permissions are enforced. It would need additional exploits granting
privilege escalation in order to continue running after patch+reboot....
and those additional vulns may get patched also.
If observing normal guest OS security stopped only 5% of malware, it
would be more than worth the effort to change. It should at least be a
minimal hassle to infect a Qubes VM, though currently it isn't.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.