On 06/15/2016 03:14 AM, [email protected] wrote: > On Wednesday, 15 June 2016 04:40:03 UTC+10, Lorenzo Lamas wrote: >> ".....Imho it would still be a good idea because of the PaX protections on >> user applications. >> For example it could prevent exploitation of your mail client...."
Ditto. what he said! >> The infection may not be able to survive AppVM reboot but it could still >> steal information. You can of course limit the damage by compartmentalizing >> more granular, but that doesn't prevent it in the first place and more >> AppVMs means more resource usage. Ditto again! > That's how I looked at it too. (Additionally, reboots don't protect against > infections in /home, such as malicious browser extension, modified .bash_rc, > etc.) Ditto again. There once was strong interest in multiple varieties of DispVMs - i.e. you could have a Thunderbird VM in addition to the single browser VM. This would allow cleansing through reboots. (FWIW, some presently run TBird and other applications exclusively in individual DispVMS - by starting a DVM, "emptying" /home, then starting TB after copying Tbird user config and mail txt data into it. Before shutdown, copy updated mail/usenet txt data only back to vault for subsequent use) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57616773.d8908c0a.7244b.ffffa619%40mx.google.com. For more options, visit https://groups.google.com/d/optout.
