On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote:
IMO, restoring user and root users in the VMs won't help with preventing persistent exploits - only removing the persistent storage will (and taking measures to prevent code execution from it, be it preserved in some VMs like Whonix-Gateway).


Hopeful Fork


A persistent exploit can't survive as a *rootkit* or command full use of the appVM if, A) it's method of entry has been patched; and B) user permissions are enforced. It would need additional exploits granting privilege escalation in order to continue running after patch+reboot.... and those additional vulns may get patched also.

If observing normal guest OS security stopped only 5% of malware, it would be more than worth the effort to change. It should at least be a minimal hassle to infect a Qubes VM, though currently it isn't.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/f3ec1701-1b95-1fb1-412c-ef83ecec4ce4%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to