On Thu, Apr 06, 2017 at 02:17:53AM -0400, Jean-Philippe Ouellet wrote:
> On Wed, Apr 5, 2017 at 11:59 PM, Sam Hentschel <hentsche...@gmail.com> wrote:
> An interesting goal. In practice I'm not sure what real benefit you'd
> get from using a DispVM vs. just a regular stateful AppVM (assuming
> you just use one printer/scanner). Presumably what you care about in
> this context is confidentiality of your documents. Your
> printer/scanner is by its very nature in a perfect position to steal
> your documents, and likely also has a means to store or transmit them.
> This seems true regardless of whether or not your printer/scanner can
> compromise or persistently compromise a VM (which only deals with
> printer drivers and documents the printer will know anyway).
>
> If you use multiple printers, then I can see an argument for wanting
> separate AppVMs per printer, and if you constantly use different
> printers then sure I guess DispVMs make sense. Is this the case?
>
> In other words, I'm curious what threat you're actually trying to
> mitigate by doing this.
On a daily basis I interact with about three printers: one at home, one
at work, and one at school. My goals were as follows:
- Keep one printer from getting what another printer has handled
- Stop the spread of pritner malware from one printer to another (if
that makes sense?)
- Stop the printers (which may be and probably are compromised) from
compromising one of my security domains.
- Kind of the same reasons as moving out the networking software and
drivers to the NetVM and the USBs to a USBVM?
An example scenario: an employer or future employer requires me to print
out some forms from an email, fill them out, scan them, and email them
back. In this case, it would be nice to be able to print the forms via
a DispVM (which I open anyway when interacting with email attachments),
fill them out, scan them in the same or a different DispVM and send it
back. This way the PDF or word document is never opened in my Email
Qube. I can thus takeout extra software in that VM, and minimize it to
just working with email.
> If you want to make additional software available, then do so in the
> template of the dispvm (in your case fedora-23 (but you should really
> update to fedora-24!)).
Ok, if thats the case I may clone the fedora template and make one
specifically for the DispVMs. Some of the software I want on DispVMs, I
don't want on my AppVMs and vice versa. Since its the case that the
DispVM uses the fedora-23 template, shouldn't the document say to edit
that instead of the fedora-23-dvm AppVM? If you agree, maybe I'll go
pull down the documentation and rewrite some of it.
--
Respectfully,
Sam Hentschel
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20170406125158.GA999%40Personal-Email.
For more options, visit https://groups.google.com/d/optout.
