> It looks like fullscreen can't do "attacks" on dom0 and other VM's, but it can do something like keylogging, just visually from the screen instead, perhaps something akin to taking frequent light sized screenshots and then sending the screenshots over the internet.
This is possible both if the VM is in full screen mode or "small/normal" mode. The vm can also key log the keyboard but only for keys sent to that vm (so only while it is focused). (while on a normal pc the kwylogger would be for the whole pc, here an infected vm can keylog itself). > But this is supposedly only a problem if fullscreen can be executed from within the VM itself, so as long as the "controls" for fullscreen remains in a secure domain, such as dom0 keybinds, it should remain safe, as the moment you use dom0 to stop fullscreen, the VM has no means to keep up its attack to keylog screenshots. I suppose that's what is meant by these words, maybe there is more to it. But it seems quite harmful if you don't mind an attacker knowing what movies you are watching, and even then, in this case it probably makes no difference if using fullscreen or not anyhow, as the non-fullscreen can be keylogged as well. So I suppose, as long you don't do anything in other windows, that has sensitive information, while you use fullscreen, we're safe. > > Unless I've misunderstood something? > The vm can go fullscreen if you allow it from vm permissions, (just click youtube fullscreen button). The problem is NOT if a vm can keylog (byscreenshot or by keyboard), if you open a virus a vm can keylog in both ways both if is fullscreen or not. the problem is HOW do you know in which vm you are? if you are not in fullscreen mode is as easy as watch the window title. but if is in fullscreen mode you can't tell where you are. and what if the vm draw a fake start menu? take this for example: https://textslashplain.com/2017/01/14/the-line-of-death/ go down you will see a fake paypal window inside the real browser. but that is not a paypal browser window on chrome, is a photo in the website! that is the problem that qubes aim to solve by preventing fullscreen. attacking qubes is not easy as the attacker to simulate your desktop must know what background and installed apps you have, what are your template and vm names. note that (unlike normal pc windows/linux) in qubes if you have an infected vm with keylogger you don't care very much if you insert sensitive data in other vm it will not be keylogged. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6635d1e-dcc5-8e5b-a44a-f70be0b28315%40posteo.net. For more options, visit https://groups.google.com/d/optout.