On Thursday, October 19, 2017 at 5:44:20 PM UTC, Νικος Παπακαρασταθης wrote: > Hello > > Is there any kind of end point security fore qubes xen hv except of > isolation? Something like usual ...internet security software used in > windows(antivirus antispam etc unified).If not how for example payments are > safe?
There is a good method to increase security for i.e. payments in an AppVM. If I understand you correctly, you're ferering to AppVM security here? and not Qubes in general? If so, you can simply make good use of your AppVM firewall. For example create a AppVM strictly and only for payments, then limit all internet connections in the firewall to only talk with your bank, and whichever additional services your bank may use. Although it can be a bit of a hassle with some services, who use many different domains, and they typically change too from time to time. Either way, this way, nothing gets into your bank AppVM, except those connections you allowed in. You can also use a more lax method, i.e. block any regular http:// and only allow https:// Furthermore you can block different types of protocols as well. Essentially, the fewer ports, addresses, protocols, is allowed, the harder it becomes for an attacker to find a weak attack surface to exploit. Especially if thaat AppVM only connects to your bank and its bank services, and absolutely nothing else. You can do something similar with buying online, although it's a bit more tricky due to the many different websites. Also there is very few malware for Linux (and thereby Qubes), and if any, they typically hide in your firefox cache or something, in your home folder, apparently capable of exploiting security holes in firefox. Something like that. But that's easily fixed with a clean-up, especially if you don't visit dodgy websites with your bank AppVM. You should be more worried about hack attacks than malware, and if you do a good job securing your system, you're narrowing down the amount of hackers who can actually pull such an attack off. I.e. if you stay ahead of the script kiddies and poor hackers, and you're not infamous in the world, then you're probably unlikely to get hacked by someone skilled. Disclaimer, someone might know better and correct me. Feel free to do so if I got anything wrong. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af143cea-9e6a-4ecf-b701-85e14d39bccc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
