Re: Qubes-OS is "fake" security

[flipchan]

Why not just run the browser on ur regular openbsd desktop computer but run it 
with chroot/bubblewrap/firejail so that even if it will execute some Java 
cancer (all Java is cancer^^) that will rm -rf / your system won't be fucked

On May 12, 2017 3:41:05 AM GMT+02:00, Kim Blackwood 
 wrote:
>Hi,
>
>I am at novice level of security, studying and trying to understand
>some of the different aspects of running an OS and applications as
>securely as possible.
>
>I have been running OpenBSD for years and understand a little of what's
>being done to make it more secure, albeit not the technical details of
>programming as much as I am not a C programmer.
>
>A friend of mine, who is computer a scientist with speciality in
>security, suggested Qubes-OS as a secure "solution" to security
>problems related to OS's and applications on a personal computer.
>
>I read up about the project and tested it out, but I am not convinced
>that it is a good solution at all.
>
>I am writing to this list because I know that a lot of people on this
>list is very security-minded.
>
>I found the reading "An Empirical Study into the Security Exposure to
>Hosts of Hostile Virtualized Environments" very insightful.
>
>http://taviso.decsystem.org/virtsec.pdf
>
>First, I cannot really see the difference between an OS and a
>hypervisor. Both runs on the "bare metal" and both perform similar
>tasks. In the specific case with Qubes-OS, there isn't really a
>difference as it's "just" Fedora with Xen.
>
>Possibilities of exploiting the hypervisor isn't lower than
>possibilities of exploiting the OS. And specifically in the case of
>OpenBSD as the OS, that has been developed from the ground up with
>security in mind, the possibilities are much lower than a hypervisor
>that hasn't even been developed with security measures from the
>beginning.
>
>Second, the virtualization part as I see it, just ads another level of
>tons of code.
>
>If I am running Firefox on OpenBSD and Firefox gets exploited, the
>cracker finds himself on a very secure OS that's really hard to
>compromise.
>
>If I am running Firefox in some virtualization container on Qubes-OS
>and Firefox gets exploited, then the cracker finds himself inside a
>container that could possible contain lots of exploitable security
>holes that again runs on a hypervisor with possibly lots of security
>holes, stuff that hasn't been developed with security in mind and has
>perhaps never been audited.
>
>Qubes-OS seems to me as a solution of "patching".
>
>OpenBSD on the other hand is a completely different story.
>
>Rather than running something like Qubes-OS, which IMHO provides a fake
>feeling of security, with it's different "qubes", I would think of
>another situation that's much better.
>
>I either set up 3 different computers, or one computer where I can
>physically change the hard drive and I then have 3 different hard
>drives.
>
>On one box I setup OpenBSD and the most secure-minded browser I can
>find (do such a thing even exist?). On this particular setup I *ONLY*
>do my home banking. Absolutely nothing else.
>
>On the second box I also setup OpenBSD and the most secure-minded email
>client I can find and I do all my email there. I possibly also setup an
>office application for writing letters, etc. I don't use a browser on
>this setup, if someone sends an email with a link, I write the link
>down for latter usage.
>
>And on the third box I also setup OpenBSD with a browser and possible
>other applications like a video player, and this box I use for all the
>other casual stuff, the links from emails, etc. I possibly even run
>this from a non-writeable CD or SD card.
>
>It will be an inconvenience to shift between the drives, but no more
>than using Qubes-OS.
>
>IMHO the setup with the different OpenBSD installations provides a
>much more security alternative than running Qubes-OS.
>
>Am I completely of track here?
>
>Kind regards,
>
>Kim

-- 
Take Care Sincerely flipchan layerprox dev

Re: Qubes-OS is "fake" security

[Jiri B]

On Fri, May 12, 2017 at 03:41:05AM +0200, Kim Blackwood wrote:
> [...]
> Qubes-OS seems to me as a solution of "patching".

IMO this is real point in this thread - virtualization as
a security meansure against buggy software doesn't make any
change to that software. Virtualization or containers are not
any security solution, real solution is to analyze design of
existing applications and really abandon ones which are crap
in security point of view, even if they have fancy features.

This is hard work to be done, OpenBSD devs are great guys because
they devote their personal energy to this "invisible" effort.
Just look at privsep changes implemented after Heartbleed issue.

Virtualization and containers make sense but what we all need is
to support people - if we cannot send diffs - who are brave enough
to make radical cuts in existing open-source eco system, either
while publicly denouncing existing buggy applications and telling
people loudly to stop using them, or sending radical diffs to make
those apps start moving to more secure design. (If this would reveal
as being impossible, then moving to the former stand.)

Let's thank all OpenBSD devs and ports' maintainers for their great
work.

j.

Re: Qubes-OS is "fake" security

[bytevolcano]

Virtualization has its uses though, despite the hype. It is good for
testing different system configurations before deployment, and is also
a good way to save on physical resources for configuring multiple
low-usage services that may require different OS or system config, such
that it is not possible to host these services on the same OS.

Whilst there may be some security benefits to whatever isolation is
provided by virtual machines, the real advantage here is the savings on
physical resources.

On Sat, 13 May 2017 00:12:35 +0300
valerij zaporogeci  wrote:

> "just a bunch of masturbating monkeys."
> this is the best definition of Hardware Virtualization hype.
> 
> 2017-05-12 22:20 GMT+03:00, Daniel Ouellet :
> > May I suggest you go read the FAQ before you spread misinformation.
> > Qubes doesn't use KVM, it's built on Xen, and calling it just a GUI
> > is like calling OpenBSD just a bunch of masturbating monkeys.
> >  
> >> On May 12, 2017, at 2:37 PM, flipchan  wrote:
> >>
> >> Qubes os is just linux with a gui for some kvm vms(it sux)
> >>  
> >>> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD
> >>>  wrote:
> >>>
> >>> Both OpenBSD and Qubes OS don't guarantee
> >>> perfect security.
> >>> Qubes OS has a different take on security
> >>> than OpenBSD. Both have different
> >>> advantages and disadvantages.
> >>> Physical separation is more expensive
> >>> and you need to transport more devices
> >>> from place to place.
> >>> Qubes OS lets you run mainstream OSes.
> >>> OpenBSD is a OS and is a great tool to
> >>> get to know Unix-like OSes. It is also
> >>> a great environment to practise programming
> >>> in C language. See "Developing Software
> >>> in a Hostile Environment". There is a
> >>> "The J for junk option", pledge(2).  
> >>
> >> --
> >> Take Care Sincerely flipchan layerprox dev  
> >
> >  
> 

Re: Qubes-OS is "fake" security

[valerij zaporogeci]

"just a bunch of masturbating monkeys."
this is the best definition of Hardware Virtualization hype.

2017-05-12 22:20 GMT+03:00, Daniel Ouellet :
> May I suggest you go read the FAQ before you spread misinformation. Qubes
> doesn't use KVM, it's built on Xen, and calling it just a GUI is like
> calling OpenBSD just a bunch of masturbating monkeys.
>
>> On May 12, 2017, at 2:37 PM, flipchan  wrote:
>>
>> Qubes os is just linux with a gui for some kvm vms(it sux)
>>
>>> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD
>>>  wrote:
>>>
>>> Both OpenBSD and Qubes OS don't guarantee
>>> perfect security.
>>> Qubes OS has a different take on security
>>> than OpenBSD. Both have different
>>> advantages and disadvantages.
>>> Physical separation is more expensive
>>> and you need to transport more devices
>>> from place to place.
>>> Qubes OS lets you run mainstream OSes.
>>> OpenBSD is a OS and is a great tool to
>>> get to know Unix-like OSes. It is also
>>> a great environment to practise programming
>>> in C language. See "Developing Software
>>> in a Hostile Environment". There is a
>>> "The J for junk option", pledge(2).
>>
>> --
>> Take Care Sincerely flipchan layerprox dev
>
>

Re: Qubes-OS is "fake" security

[Daniel Ouellet]

May I suggest you go read the FAQ before you spread misinformation. Qubes 
doesn't use KVM, it's built on Xen, and calling it just a GUI is like calling 
OpenBSD just a bunch of masturbating monkeys.

> On May 12, 2017, at 2:37 PM, flipchan  wrote:
> 
> Qubes os is just linux with a gui for some kvm vms(it sux)
> 
>> On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD  
>> wrote:
>> 
>> Both OpenBSD and Qubes OS don't guarantee
>> perfect security.
>> Qubes OS has a different take on security
>> than OpenBSD. Both have different
>> advantages and disadvantages.
>> Physical separation is more expensive
>> and you need to transport more devices
>> from place to place.
>> Qubes OS lets you run mainstream OSes.
>> OpenBSD is a OS and is a great tool to
>> get to know Unix-like OSes. It is also
>> a great environment to practise programming
>> in C language. See "Developing Software
>> in a Hostile Environment". There is a
>> "The J for junk option", pledge(2).
> 
> -- 
> Take Care Sincerely flipchan layerprox dev

Re: Qubes-OS is "fake" security

[flipchan]

Qubes os is just linux with a gui for some kvm vms(it sux)

On May 12, 2017 5:57:11 PM GMT+02:00, I love OpenBSD  
wrote:
>
>Both OpenBSD and Qubes OS don't guarantee
>perfect security.
>Qubes OS has a different take on security
>than OpenBSD. Both have different
>advantages and disadvantages.
>Physical separation is more expensive
>and you need to transport more devices
>from place to place.
>Qubes OS lets you run mainstream OSes.
>OpenBSD is a OS and is a great tool to
>get to know Unix-like OSes. It is also
>a great environment to practise programming
>in C language. See "Developing Software
>in a Hostile Environment". There is a
>"The J for junk option", pledge(2).

-- 
Take Care Sincerely flipchan layerprox dev

Re: Qubes-OS is "fake" security

[I love OpenBSD]

Both OpenBSD and Qubes OS don't guarantee
perfect security.
Qubes OS has a different take on security
than OpenBSD. Both have different
advantages and disadvantages.
Physical separation is more expensive
and you need to transport more devices
from place to place.
Qubes OS lets you run mainstream OSes.
OpenBSD is a OS and is a great tool to
get to know Unix-like OSes. It is also
a great environment to practise programming
in C language. See "Developing Software
in a Hostile Environment". There is a
"The J for junk option", pledge(2).

Re: Qubes-OS is "fake" security

[Florian Ermisch]

Sorry, out of herrings. Have a listen to this 
instead: 
"Risky Biz Soap Box: A microvirtualisation 
primer with Bromium co-founder Ian Pratt
(a.k.a. how to run Java plugin on IE8 and 
not die!)"
https://risky.biz/soapbox3/

Am 12. Mai 2017 03:41:05 MESZ schrieb Kim Blackwood 
:
>Hi,
>
>I am at novice level of security, studying and trying to understand
>some of the different aspects of running an OS and applications as
>securely as possible.
>
>I have been running OpenBSD for years and understand a little of what's
>being done to make it more secure, albeit not the technical details of
>programming as much as I am not a C programmer.
>
>A friend of mine, who is computer a scientist with speciality in
>security, suggested Qubes-OS as a secure "solution" to security
>problems related to OS's and applications on a personal computer.
>
>I read up about the project and tested it out, but I am not convinced
>that it is a good solution at all.
>
>I am writing to this list because I know that a lot of people on this
>list is very security-minded.
>
>I found the reading "An Empirical Study into the Security Exposure to
>Hosts of Hostile Virtualized Environments" very insightful.
>
>http://taviso.decsystem.org/virtsec.pdf
>
>First, I cannot really see the difference between an OS and a
>hypervisor. Both runs on the "bare metal" and both perform similar
>tasks. In the specific case with Qubes-OS, there isn't really a
>difference as it's "just" Fedora with Xen.
>
>Possibilities of exploiting the hypervisor isn't lower than
>possibilities of exploiting the OS. And specifically in the case of
>OpenBSD as the OS, that has been developed from the ground up with
>security in mind, the possibilities are much lower than a hypervisor
>that hasn't even been developed with security measures from the
>beginning.
>
>Second, the virtualization part as I see it, just ads another level of
>tons of code.
>
>If I am running Firefox on OpenBSD and Firefox gets exploited, the
>cracker finds himself on a very secure OS that's really hard to
>compromise.
>
>If I am running Firefox in some virtualization container on Qubes-OS
>and Firefox gets exploited, then the cracker finds himself inside a
>container that could possible contain lots of exploitable security
>holes that again runs on a hypervisor with possibly lots of security
>holes, stuff that hasn't been developed with security in mind and has
>perhaps never been audited.
>
>Qubes-OS seems to me as a solution of "patching".
>
>OpenBSD on the other hand is a completely different story.
>
>Rather than running something like Qubes-OS, which IMHO provides a fake
>feeling of security, with it's different "qubes", I would think of
>another situation that's much better.
>
>I either set up 3 different computers, or one computer where I can
>physically change the hard drive and I then have 3 different hard
>drives.
>
>On one box I setup OpenBSD and the most secure-minded browser I can
>find (do such a thing even exist?). On this particular setup I *ONLY*
>do my home banking. Absolutely nothing else.
>
>On the second box I also setup OpenBSD and the most secure-minded email
>client I can find and I do all my email there. I possibly also setup an
>office application for writing letters, etc. I don't use a browser on
>this setup, if someone sends an email with a link, I write the link
>down for latter usage.
>
>And on the third box I also setup OpenBSD with a browser and possible
>other applications like a video player, and this box I use for all the
>other casual stuff, the links from emails, etc. I possibly even run
>this from a non-writeable CD or SD card.
>
>It will be an inconvenience to shift between the drives, but no more
>than using Qubes-OS.
>
>IMHO the setup with the different OpenBSD installations provides a
>much more security alternative than running Qubes-OS.
>
>Am I completely of track here?
>
>Kind regards,
>
>Kim

Qubes-OS is "fake" security

[Kim Blackwood]

Hi,

I am at novice level of security, studying and trying to understand
some of the different aspects of running an OS and applications as
securely as possible.

I have been running OpenBSD for years and understand a little of what's
being done to make it more secure, albeit not the technical details of
programming as much as I am not a C programmer.

A friend of mine, who is computer a scientist with speciality in
security, suggested Qubes-OS as a secure "solution" to security
problems related to OS's and applications on a personal computer.

I read up about the project and tested it out, but I am not convinced
that it is a good solution at all.

I am writing to this list because I know that a lot of people on this
list is very security-minded.

I found the reading "An Empirical Study into the Security Exposure to
Hosts of Hostile Virtualized Environments" very insightful.

http://taviso.decsystem.org/virtsec.pdf

First, I cannot really see the difference between an OS and a
hypervisor. Both runs on the "bare metal" and both perform similar
tasks. In the specific case with Qubes-OS, there isn't really a
difference as it's "just" Fedora with Xen.

Possibilities of exploiting the hypervisor isn't lower than
possibilities of exploiting the OS. And specifically in the case of
OpenBSD as the OS, that has been developed from the ground up with
security in mind, the possibilities are much lower than a hypervisor
that hasn't even been developed with security measures from the
beginning.

Second, the virtualization part as I see it, just ads another level of
tons of code.

If I am running Firefox on OpenBSD and Firefox gets exploited, the
cracker finds himself on a very secure OS that's really hard to
compromise.

If I am running Firefox in some virtualization container on Qubes-OS
and Firefox gets exploited, then the cracker finds himself inside a
container that could possible contain lots of exploitable security
holes that again runs on a hypervisor with possibly lots of security
holes, stuff that hasn't been developed with security in mind and has
perhaps never been audited.

Qubes-OS seems to me as a solution of "patching".

OpenBSD on the other hand is a completely different story.

Rather than running something like Qubes-OS, which IMHO provides a fake
feeling of security, with it's different "qubes", I would think of
another situation that's much better.

I either set up 3 different computers, or one computer where I can
physically change the hard drive and I then have 3 different hard
drives.

On one box I setup OpenBSD and the most secure-minded browser I can
find (do such a thing even exist?). On this particular setup I *ONLY*
do my home banking. Absolutely nothing else.

On the second box I also setup OpenBSD and the most secure-minded email
client I can find and I do all my email there. I possibly also setup an
office application for writing letters, etc. I don't use a browser on
this setup, if someone sends an email with a link, I write the link
down for latter usage.

And on the third box I also setup OpenBSD with a browser and possible
other applications like a video player, and this box I use for all the
other casual stuff, the links from emails, etc. I possibly even run
this from a non-writeable CD or SD card.

It will be an inconvenience to shift between the drives, but no more
than using Qubes-OS.

IMHO the setup with the different OpenBSD installations provides a
much more security alternative than running Qubes-OS.

Am I completely of track here?

Kind regards,

Kim

Re: Qubes-OS is "fake" security

[Daniel Jakots]

On Fri, 12 May 2017 03:41:05 +0200, Kim Blackwood
<bluechildcry...@yandex.com> wrote:

> Hi,

From: Martin Hanson <greencopperm...@yandex.com>
To: misc <misc@openbsd.org>
Subject: Why would I need a container like Docker?!
Date: Wed, 10 May 2017 05:53:07 +0200
X-Mailer: Yamail [ http://yandex.ru ] 5.0


From: Kim Blackwood <bluechildcry...@yandex.com>
To: misc@openbsd.org
Subject: Qubes-OS is "fake" security
Date: Fri, 12 May 2017 03:41:05 +0200
X-Mailer: Yamail [ http://yandex.ru ] 5.0


Is it the holidays or something?