On 10/19/2017 03:52 PM, [email protected] wrote: > If so, you can simply make good use of your AppVM firewall. For > example create a AppVM strictly and only for payments, then limit > all internet connections in the firewall to only talk with your > bank, and whichever additional services your bank may use. Although > it can be a bit of a hassle with some services, who use many > different domains, and they typically change too from time to time. > Either way, this way, nothing gets into your bank AppVM, except > those connections you allowed in.
That was my initial setup. I had a banking VM, a shopping VM and a "untrusted web" VM. First I got rid of the "untrusted web" VM in favor of just doing all non-logged-in browsing in a disposable VM. Soon I realized that keeping the firewall configuration of the shopping VM working was a constant battle ... so I got rid of it too. Instead I am using a disposable VM instance, the additional step of logging in isn't that painful (KeepassX in the vault VM and Qubes Copy&Paste support). Finally I didn't see the point in a dedicated banking VM anymore and started using a disposable VM for that too. Looking at my domains now, I have only one that is online and with firewall rules (email). All others are offline (dev, office, vault). All web browsing happens in a disposable VM. I am pretty happy with that and are under the impression that this is probably the safest I can get. Obviously this is only safe / compartmentalized if one opens a new disposable VM for each destination, which is reasonably fast on my machine. /Sven -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/829b68d4-5720-0175-0944-42ebe481e5c7%40SvenSemmler.org. For more options, visit https://groups.google.com/d/optout.
