On 1/8/20 12:30 PM, Vasiliy wrote:
Are there any security benefits of setting up standalonevm instead of appvm?
For instance, having 5 standalonevms based on minimal template with one
program installed in each instead of having 5 appvms for one program in
each based on a default template with all programs installed (for
example, fedora-30)
I am mainly worried about 3 thing:
1. Thunderbird and other communication tools sometimes can be
compromised and malicious code can affect all programs installed. I am
scared that even if I don't use a program in an appvm, it can indirectly
reduce my security.
2. If an attacker will successfully replace packages while updating the
template, they will have full access to all my appvms. I know that Tor
somewhat protects from it, but it can still happen.
3. Proprietary software may monitor activities of other programs even if
I don't use it. Similar to what snap does (runs in the background and
updates software without any interraction with the user) some
proprietary programs may do the same even if I don't use them.
I would be happy to hear your opinions on this topic. Maybe you want to
point out where I am incorrect or have some advantages and disadvatages
that should be considred, except of usability. Thank you in advance.
IMO the only benefits of using standalone is configuration flexibility
when one or more packages directly conflicts with Qubes' template
system. It can also simplify the process of temporarily trying a complex
new app or configuration. There are no security benefits.
I don't think the package updates threat is what you think, since you
still have to update your standalone VMs to keep them secure anyway.
Plus you now have many more updates to run. Updates should all be
cryptographically signed, so in any realistic scenario they should be
the least of your worries.
OTOH, using your apps on standalone vms could result in a successful
attack against them leading to the guest OS being compromised. This is a
more realistic threat, and using template-based vms help protect against
it – the OS is clean again when you restart the vm.
Snap or flatpak may actually be a part of your ideal solution. I think
there are Qubes instructions for using them with template-based Appvms.
If not, you could use template-based Appvms and command them to install
the desired packages each time the vm starts.
Another thing that might help you is my Qubes-VM-hardening project. It
allows you to perform automatic checks and run scripts, and disable
/rw-based malware on vm startup:
https://github.com/tasket/Qubes-VM-hardening
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0349dc3e-f977-e570-3274-79701d18e0bf%40posteo.net.
