Am 15.03.2017 um 01:17 schrieb Unman: > On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote: >> On 03/14/2017 01:55 PM, evo wrote: >>> hmm.. this is also a good point, thanks! >>> so if i do not use openoffice in my bankingVM, there is no practical >>> vulnerability in it. >>> >> >> Yes and no. Off the top of my head, there are two things to be concerned >> about with the (regular, distro) software you install: >> >> 1. Does it cause an additional service to start accepting connections? >> >> 2. Does it have a MIMEtype or similar mapping, so that clicking on a >> mislabeled file could cause it to open in an unwanted/risky app. >> Unfortunately, nautilus doesn't seem to have a setting for always asking >> before starting an app. But at least it defaults to double-click instead of >> single-click. >> > > 3. Installing some programs, like libre/openoffice, brings with it numerous > libraries and attendant programs which may widen the attack surface of > your qube considerably. >
so its better to have such VMs as banking or email in standalone-mode. The thing is... as i understood, stanalone-machines (if they are not HVM) have all software from the template they use. So the only way is, to install new iso on HVM, isn't it? in that case, i don't really understand the sense of standalone AppVMs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fbf49d5-8f53-4c1e-b85c-026667fc65fa%40aliaks.de. For more options, visit https://groups.google.com/d/optout.
