On 06/23/2017 09:23 AM, Unman wrote:
On Fri, Jun 23, 2017 at 08:21:07AM -1000, yreb-qusw wrote:
On 06/23/2017 05:43 AM, Unman wrote:
On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote:
On 06/21/2017 04:21 PM, cooloutac wrote:
On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote:
Permit me to ask two questions?
1) I was reading this
-----
https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c
(Credits: Micah Lee)
What's that “Convert to Trusted PDF” you were talking about?
Let's say you found an interesting document, and let's say that you had
an offline virtual machine specifically dedicated for storing and
opening documents. Of course, you can directly send that document to
that VM, but there could still be a chance that this document is
malicious and may try for instance to delete all of your files (a
behavior that you wouldn't notice in the short-lived DisposableVM). But
you can also convert it into what's called a ‘Trusted PDF’.
You send the
file to a different VM, then you open the file manager, navigate to the
directory of the file, right-click and choose “Convert to Trusted PDF”,
and then send the file back to the VM where you collect your documents.
But what does it exactly do? The “Convert to Trusted PDF” tool creates a
new DisposableVM, puts the file there, and then transform it via a
parser (that runs in the DisposableVM) that basically takes the RGB
value of each pixel and leaves anything else. It's a bit like opening
the PDF in an isolated environment and then ‘screenshoting it’ if you
will. The file obviously gets much bigger, if I recall it transformed
when I tested a 10Mb PDF into a 400Mb one. You can get much more details
on that in this blogpost by security researcher and Qubes OS creator
Joanna Rutkowska.
[https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]
------
Upon reading it on the suggested sequence of opening random/all PDFs,
maybe , people vary their sequence.
It sounds like in say my Whonix Anon-appvm , I d/l a PDF, is it then
suggested I copy this PDF to a , what, PDF dedicated AppVM 1st,
Before doing a “Convert to Trusted PDF” on the PDF file ?
This would add a step to the much faster, just “Convert to Trusted
PDF” from the actual Anon-Whonix AppVM
2)
Do folks typically backup their Template VMs ? as I noticed they
aren't set up by default to backup ?
and/or what is the thinking behind backing up various VMs ? I guess the
ones that have been the most modified eg the AppVMs ? I have 1 very
large 20 gigabyte VM with old videos/pictures on it, do I back that
one up ? for example?
you just right click on the file and hit convert to trusted pdf. i'm nto sure
what you're asking.
.......I separated the sentence out , above, it clearly says "you send the
file to a different VM" THEN convert to a trusted PDF. What would this
'diferent VM' be? ?a disposable VM ? or ?
I think you need to read that post more carefully, although it isn't
altogether clear.
I think the scenario Micah has in mind is that you have downloaded a PDF
in an untrusted network connected qube, and have a trusted isolated qube
for storage.
Instead of converting the PDF in the untrusted machine (who knows what
might have been done to your Qubes tools?), or qvm-copying the untrusted
PDF in to the storage qube, he copies it to another, converts there and
then moves the trusted PDF in to trusted storage.(I think the "copy back"
is just a mistake.) That "other" qube can be anything you choose - a
disposableVM, a dedicated converter..
This is one approach to take - I'd suggest using a disposableVM if you
want to do it. However, it looks like overkill to me, because there's a
suggestion that just having an untrusted PDF in the storage qube
increases the risk. I don't believe this need be so.
Another approach might be to have a mini template for the storage qube,
and open every file in a disposableVM. If you are wedded to GUI file
managers, you could still do this by setting default file handlers to use
qvm-open-in-dvm for pretty much every filetype.
I hope that make things a little clearer
unman
THIS only works for PDF files, not for other docs? I set up my default
disposable VM as anon-whonix , and when I go to open .docx it tries
to use Tor Browser . However, PDFs open normally in the PDF application
....hmmm
You need to ensure that the dispVMTemplate is configured to properly
deal with docx files.
There was quite a long thread earlier in the year on "How to set file
association in disposable VMs", which is worth looking at. In general,
you should be able to use mimeopen in the dispVMTemplate to set the
association, and provided that you then
'touch /home/user/.qubes-dispvm-customized' and regenetae the template,
you should be fine.
There's more information on customizing disposableVMs here:
www.qubes-os.org/doc/dispvm-customization
unman
OK, very helpful, thx
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1ecb4e62-7eb7-a687-6795-27fa9f8b0dee%40riseup.net.
For more options, visit https://groups.google.com/d/optout.
