> It looks like fullscreen can't do "attacks" on dom0 and other VM's,
but it can do something like keylogging, just visually from the screen
instead, perhaps something akin to taking frequent light sized
screenshots and then sending the screenshots over the internet.

This is possible both if the VM is in full screen mode or "small/normal"
mode. The vm can also key log the keyboard but only for keys sent to
that vm (so only while it is focused).
(while on a normal pc the kwylogger would be for the whole pc, here an
infected vm can keylog itself).

> But this is supposedly only a problem if fullscreen can be executed
from within the VM itself, so as long as the "controls" for fullscreen
remains in a secure domain, such as dom0 keybinds, it should remain
safe, as the moment you use dom0  to stop fullscreen, the VM has no
means to keep up its attack to keylog screenshots. I suppose that's what
is meant by these words, maybe there is more to it. But it seems quite
harmful if you don't mind an attacker knowing what movies you are
watching, and even then, in this case it probably makes no difference if
using fullscreen or not anyhow, as the non-fullscreen can be keylogged
as well. So I suppose, as long you don't do anything in other windows,
that has sensitive information, while you use fullscreen, we're safe.
> Unless I've misunderstood something?
The vm can go fullscreen if you allow it from vm permissions, (just
click youtube fullscreen button).

The problem is NOT if a vm can keylog (byscreenshot or by keyboard), if
you open a virus a vm can keylog in both ways both if is fullscreen or not.

the problem is HOW do you know in which vm you are?
if you are not in fullscreen mode is as easy as watch the window title.
but if is in fullscreen mode you can't tell where you are.
and what if the vm draw a fake start menu?
take this for example:
go down you will see a fake paypal window inside the real browser.
but that is not a paypal browser window on chrome, is a photo in the
that is the problem that qubes aim to solve by preventing fullscreen.
attacking qubes is not easy as the attacker to simulate your desktop
must know what background and installed apps you have, what are your
template and vm names.

note that (unlike normal pc windows/linux) in qubes if you have an
infected vm with keylogger you don't care very much if you insert
sensitive data in other vm it will not be keylogged.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to