Good point, but it is not the exactly same risk.

First, the qrexec goes directly (maybe  trusted dom0), while network gores 
typically through sys-firewall. Maybe a minor difference for some, but still 
worth noting. The VM can not only sniff the traffic, but it can also modify it, 
maybe in order to attack some other VM.

Second, the Windows implementation does not look to be updated, so there can be 
unpatched known vulnerabilities. Moreover, it might be easier to find unknown 
vulnerabilities for such unmaintained software.

Both of them might be justifiable, but it is good to know when considering it.

Vít Šesták 'v6ak'

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to