-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-03-15 01:14, evo wrote: > Am 15.03.2017 um 01:17 schrieb Unman: >> On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote: >>> On 03/14/2017 01:55 PM, evo wrote: >>>> hmm.. this is also a good point, thanks! so if i do not use >>>> openoffice in my bankingVM, there is no practical >>>> vulnerability in it. >>>> >>> >>> Yes and no. Off the top of my head, there are two things to be >>> concerned about with the (regular, distro) software you >>> install: >>> >>> 1. Does it cause an additional service to start accepting >>> connections? >>> >>> 2. Does it have a MIMEtype or similar mapping, so that clicking >>> on a mislabeled file could cause it to open in an >>> unwanted/risky app. Unfortunately, nautilus doesn't seem to >>> have a setting for always asking before starting an app. But >>> at least it defaults to double-click instead of single-click. >>> >> >> 3. Installing some programs, like libre/openoffice, brings with >> it numerous libraries and attendant programs which may widen the >> attack surface of your qube considerably. >> > > so its better to have such VMs as banking or email in > standalone-mode.
No, that doesn't follow. See my previous message about having multiple TemplateVMs. > The thing is... as i understood, stanalone-machines (if they are > not HVM) have all software from the template they use. So the only > way is, to install new iso on HVM, isn't it? > This doesn't follow either. StandaloneVMs and HVMs are completely independent of one another. It's possible that there is terminological confusion here. Please consult the glossary: https://www.qubes-os.org/doc/glossary/ > in that case, i don't really understand the sense of standalone > AppVMs. > StandaloneVMs can be useful for many different things, but not every user will have a need for them. For example, if you have a piece of software that installs parts of itself in both the root fs and user dirs (and you don't want to work around this with bind-dirs), and you need the software in only one VM, then a StandaloneVM is probably a perfect solution. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYycPeAAoJENtN07w5UDAwZD0P/3LtjWYp5sB0p/jKM/bOXYea shPiimxeaRgaEF/e714aamWiWCWN9a8OgaWnHbMPd2cajTSHgEc2zY8E4gPJN62B uvs1Y4958KxrNIdmT7p6ECivlwA7ZsaynzFICSM1d9QTviRCmkj7SY1+qPt6XjqO OTQ7IRGh1WBssaxWS1Dc320MJth25n9+ipNhhL7XpJA9vgOEZm6lUgeIhit3DiJg n1cjnKCoXhD8+i9bhVRcT9uurZdFdXJ3zNV13+m3l4nZKvgqXWOLkxE0/BtLQSks NyNpB4onqKA7PoQZpBLnp5sRE0axnay5Ny1uST492gFUy77B0FYdEePPtjeBoMtZ t+Y2Wav3ORW7/aXjAssHWQkZC8pgYO9inZ08PrGDa4p1ud93YoswjXj8MlM2OUOp IWZFKW8eDdjWte7vJ3lMabPJJawteTxYUS4eMsxSmcFq7JKnQwIEau0GHXerAnQn g3zwh9cyDyz6B0j51oyq8qMb1u+f6+d91hdAjpS9edjX1FAx6GGNXtaPXNxTVYDg RZQdbd5vlbq9OXLs/duEb3Dlgm7DSNmHl6Gig0Y+aBfujoq6+xY+g5CkwkPHJ8zK P+G+t82TFKKPN0QSS0J8dHLM0Z7ln4YX+gmPZTzJszEU/CX8slL311P2KlCcJ2sB fGGn+tSmARuHCbd+Lx7Y =meYj -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/294ad2fd-4890-18cf-277d-250d7c1c64df%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
