On 2020-01-08 12:30, Vasiliy wrote:
Are there any security benefits of setting up standalonevm instead of appvm?
1. Thunderbird and other communication tools sometimes can be compromised and malicious code can affect all programs installed. I am scared that even if I don't use a program in an appvm, it can indirectly reduce my security.
If this happens in an HVM you are already toast. If it gets pulled into a template while passing the signature test it lies dormant until you run that app in the AppVM, and the system volume is non-persistent there, so the binary blob that the hack downloads onto your system will not stay resident on the system volume. It will likely have to repeat the download each time the AppVM is launched, or recognize that its a Qubes system and find an alternate way to maintain persistence. That is a much higher bar to hurdle than simply installing that binary blob.
2. If an attacker will successfully replace packages while updating the template, they will have full access to all my appvms. I know that Tor somewhat protects from it, but it can still happen.
It only gains access if it is run, and if run in an AppVM it only has temporary access to that one AppVM. While that does not keep it from phoning home to the mother ship and sending all your stuff, it still will have a hard time becoming persistent. If the sending your stuff bothers you then think carefully about locking down the firewall rules for each AppVM so long as you know what each AppVM is supposedly for.
Example: I have an AppVM called Email. Its only job is to protect the rest of my system from external threats. The networking is set up with a default deny firewall and only the authentication and mail servers are permitted access. Anything else raises a red flag and my system informs me of the problem. If I click on anything malicious like a hacked PDF its opened in a one-time-use DispVM. Anything else is blocked from downloading its payload.
Steve -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aabbf6e4-f82f-19df-bcaf-0ed3994e9627%40jhuapl.edu.
