Software that you don't need is a security risk as it imposes additional
attack surface - we all know that.
Besides exploits those tools might cause additional threat (e.G. RDP-
VNC-, SSH-Clients)
So you better do not install non-universal software* in a template VM.
*software that is not needed in every VM which is based on that template
So where to put non-universal software?
- user-space: allows malware to persist easily, because of persistent
write rights. And does not allow usage of standard repositories
- other (cloned) TemplateVM: You need to make sure that you keep all
templates up-to-date for security reasons, you need much more storage
space and cause more ssd aging
So what about a multi-level template system. That way you can keep at
least most software up-to-date with a single update process. This would
need a delta-filesystem instead of the current image=directory approach
i think. I don't know whether Xen has such capabilities?!
Robert
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c7962f0f-9a05-2f81-9390-ce3a7bfb87ee%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.
