> Given that more installed applications generally create a larger attack > surface, why aren't the minimal templates set as the default templates for > sensitive VMs such as the SysVMs?
* Having an extra app installed might add some attack surface, but not always. Having app like Firefox in sys-firewall adds zero attack surface until you (either accidentally or on purpose) run it. * With minimal Template without installing anything else, you might be unable to use Wi-Fi etc. So, this might be viable for sys-firewall, but not for sys-net. (Not sure about sys-usb.) > Are there any significant protections afforded by the full-featured VM images > that are absent in the appropriately configured minimal VMs [going by the > current Qubes documentation]? Any pitfalls exposed by the latter? The only (sort of) protection I am aware about is haveged – a RNG that feeds kernel RNG. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/62f067a7-08e8-4d2e-8773-229a2af5119f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
