On Sunday, March 12, 2017 at 9:16:16 PM UTC-4, Drew White wrote: > On Saturday, 11 March 2017 05:09:26 UTC+11, cooloutac wrote: > > On Friday, March 10, 2017 at 1:14:47 AM UTC-5, Drew White wrote: > > > On Friday, 10 March 2017 15:36:49 UTC+11, cooloutac wrote: > > > > My problem with Qubes is that i'm still noob. I don't even know what > > > > alot of system processes are or what they do. Qubes is more complicated > > > > then a normal os even just to monitor network traffic. I'm mostly in > > > > the dark compared to on bare metal os. > > > > > > > > > > I know more about qubes than the developers do by now. > > > monitoring is easy, just have a proxy that does it after the netvm. > > > NetVM -> Firewall/Proxy running WireShark or similar -> AppVM/HVM > > > > > > > > > > I'm basically at mercy of a default setup lol. But I think thats part > > > > of qubes goal. It has the misnomer of being called for nerds or > > > > enthusiasts. But its really for noobs. The hard part is just taking a > > > > step in these waters of a new world, even for most security experts. > > > > > > > > > > I wrote my own applications for qubes because the developers wouldn't fix > > > things and didn't change things to use less RAM. > > > I wrote my own manager that uses only 200 MB VRAM, instead of the current > > > one that uses over 1 GB VRAM. (Approximations) > > > > > > Qubes is built for end users, not nerds or developers or anything (or so > > > they claimed, will post reference later). > > > > > > > The hard part is just accepting the fact you will be compartmentalizing > > > > diff aspects of your daily activity on your pc. Its a different way of > > > > thinking. > > > > > > > > > > it is a different way for many people. Those of us that are like me, and > > > are developers and such, we use virtualisation every day just to do our > > > jobs. > > > > > > > > > > Its about accepting the fact you are never 100% secure and its just a > > > > matter of how persistent your assailant is. No matter what OS you are > > > > using. Everyone gets compromised imo, even most security experts. The > > > > only people that don't are people that use their computers like monks. > > > > All we can do most of the time is mitigate it. > > > > > > Accept you aren't secure. Accept that you are compromised. Then try your > > > best to prevent things from going wrong. > > > > > > It's always good to prevent what you can. > > > > > > I have a way of doing things that permits me to protect myself up the > > > wahzoo. > > > > > > More advanced than the way qubes initially did it. > > > It involves me doing different things with the iptables rules, but it's > > > workable. > > > > > > I've done things and tested things, even the vulnerabilities that they > > > say there are that makes qubes super duper easy to break, and mine hasn't > > > broken or had that vulnerability. > > > > > > Default setups, they can cause issues. > > > SystemD, issues. > > > > > > Hopefully one day, things will be back to being better, but until then, > > > we just have to try to protect ourselves as best as we can. What else can > > > we do when people like Google and Microsoft and all those others are > > > trying to steal your data and take over your life and your pc and > > > everything about you, then sell your data to the everyone.... > > > > true. Why not just use wireshark in sys-net, since its considered unsafe > > anyways? > > because I keep the data and logs separate. I have a proxyMV with it. That > way, I can restrict the VM, and pass everything to something else, thus > providing another layer of security by having the data come into the monitor, > but go no further. So I can see what's going on, and then release or halt > things myself. > > > The problem for me is identifying what vm and what process is causing the > > traffic. To use baremetal methods on every vm is impractical. > > true, but that's where certain things come in handy. > That's one thing I will look at adding, thanks for the thought. > > > I still never figured out how to make the firewall scripts to control > > everything outgoing. I still don't even believe its possible for some > > system processes. Sure i've made iptables rules file on baremetal linux no > > probs. But I have to be honest, with Qubes its too complicated for me. > > > > It's easy, use the firewall editor for the VMs. > > > another issue for is monitoring hdd activity in similar manner. > > On Dom0, use disk monitoring software.
You can accomplish same thing with sys-net but I guess its more convenient to do with a proxyvm, as well for backing it up. The firewall editor in qubes-manager doesn't block everything, neither would the script files, like some qubes system processes. The whole point for me would be to identify and more importantly LOG, ALL traffic with iptables. I know it sounds crazy to some but thats what I have done on every linux system all my life along with file integrity logs. Using programs to parse it or just eyeball it. Always Ignoring myths about overhead and storage space. But when we move to ipv6 I will be lost anyways...And with such sophisticated attackers and systems getting more complicated its probably becoming more silly. The first time I installed qubes I put iotop on dom0. Was one of my first questions on the forums. But Monitoring hdd activity is the same issue for me as network traffic, narrowing it down to the specific process and on which vm. With Qubes I feel like a total noob in the dark, but i guess thats the whole point. I don;t need to investigate anything weird. If I get paranoid I just delete the vm!! I give up on computer security nowadays anyways, so Qubes is the perfect option for me. I'm just the avg user, but with Qubes I;m more isolated then the avg os. It seems all anyone can do is stop random actors to begin with. Most "experts" are just too arrogant to admit it or in denial. To me now its more about my use of my machine then how its monitored or hardened. Its still all about user actions, even though nowadays they are less to blame and bear less responsibility for vulnerabilities that exist. I can;t live like a monk on my pc so I have to live with compromise. But I guess if qubes was to become more popular some geniuses out there would create monitoring tools designed for it. Cause doing things the old fashioned way is impractical with multiple vms. Qubes devs would probably say I am naive for thinking I can catch something with monitoring tools.. I say I probably couldn't prove anything, but i;m more likely to find anomalies making me paranoid prompting me to use the delete button on the vm haha. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12b5ef56-e5fe-444b-836c-e9b82fe5a191%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
