In my opinion, the main reason for deciding between StandaloneVM and Template-based-VM is not security, it is management. With a Template-based-VM, you manage all or most of the apps in the template. If you have a single VM template for many Template-based-VMs, you just update the template and reboot the related VMs that are running. With standalone VMs, you need to update all of them separately.
Security concerns: a. Malware might not survive reboot of Template-based-VM. This is however true just for some malware that is not adapted to Qubes OS, ale even this malware might survive VM reboot. AFAIR, this is explicitly a non-goal. There are many places to hook the malware after reboot – .bashrc, /usr/local/bin, browser extensions, … b. When you have a StandaloneVM you don't run often, it might miss some updates, so you are more likely to run some software with known vulnerabilities after boot. This does not happen for Temlate-based-VM provided that you use some other VMs from the same template. c. On the other hand, Template-based-VMs always require a reboot after updating. Without that, you can still run outdated software with some known vulnerabilities. So, it depends on how you use it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54e65034-0959-458f-bba7-56757a780a44%40googlegroups.com.