On 06/15/2016 03:14 AM, [email protected] wrote:
> On Wednesday, 15 June 2016 04:40:03 UTC+10, Lorenzo Lamas  wrote:
>> ".....Imho it would still be a good idea because of the PaX protections on 
>> user applications.
>> For example it could prevent exploitation of your mail client...."


Ditto. what he said!



>>   The infection may not be able to survive AppVM reboot but it could still 
>> steal information. You can of course limit the damage by compartmentalizing 
>> more granular, but that doesn't prevent it in the first place and more 
>> AppVMs means more resource usage.

Ditto again!


> That's how I looked at it too.  (Additionally, reboots don't protect against 
> infections in /home, such as malicious browser extension, modified .bash_rc, 
> etc.)

Ditto again. There once was strong interest in multiple varieties of 
DispVMs - i.e. you could have a Thunderbird VM in addition to the single 
browser VM. This would allow cleansing through reboots.

(FWIW, some presently run TBird and other applications exclusively in 
individual DispVMS - by starting a DVM, "emptying" /home, then starting 
TB after copying Tbird user config and mail txt data into it. Before 
shutdown, copy updated mail/usenet txt data only back to vault for 
subsequent use)


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57616773.d8908c0a.7244b.ffffa619%40mx.google.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to