On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote:
IMO, restoring user and root users in the VMs won't help with
preventing persistent exploits - only removing the persistent storage
will (and taking measures to prevent code execution from it, be it
preserved in some VMs like Whonix-Gateway).
Hopeful Fork
A persistent exploit can't survive as a *rootkit* or command full use of
the appVM if, A) it's method of entry has been patched; and B) user
permissions are enforced. It would need additional exploits granting
privilege escalation in order to continue running after patch+reboot....
and those additional vulns may get patched also.
If observing normal guest OS security stopped only 5% of malware, it
would be more than worth the effort to change. It should at least be a
minimal hassle to infect a Qubes VM, though currently it isn't.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/f3ec1701-1b95-1fb1-412c-ef83ecec4ce4%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.