Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?
one7tw...@gmail.com wrote on 10/7/18 9:50 PM: What are those files for: 1) private-cow.img 2) private-cow.img.old Your understanding of the other files looks right. Not sure about those last two either- can you rollback changes to an AppVM? If I want to scan my AppVMs it should be enough to scan the private.* images, correct? (Assuming that I scan the template separatly). That would cover all components of your AppVMs! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4c88bd2-13c6-38d1-7b35-69d23639991e%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?
Hello, On Thursday, 4 October 2018 20:30:37 UTC+2, airele...@tutanota.com wrote: > An implementation of a similar idea across several VMs is: > [...] > VM3: DisposableVM based on the above, which is offline, that does the actual > scanning. To scan a VM, use qvm-block to attach a VM's private volume to > the disposable VM.[1] Can you give me a hint how I can mount a private disk of an existing AppVM (APPVM1) to another AppVM (APPVM2) If I look into /var/lib/qubes/appvms/APPVM1 I see the following files: pricate-cow.img private-cow.img.old private.img root-cow.img volatile.img I have looked at the Qubes documentation... https://www.qubes-os.org/doc/template-implementation/ ... but haven't fully understand what each files is doing. root.img -> real template filesystem (from template = read only) root-cow.img -> differences between the device as seen by AppVM and the current root.img (as far as I understand those "differences" only exist when the AppVM is running, as no changes are stored after the AppVm has been shutdown private.img -> persistent storage (mounted in /rw) used for /home, /usr/local volatile.img: -> temporary storage, which is discarded after an AppVM restart What are those files for: 1) private-cow.img 2) private-cow.img.old If I want to scan my AppVMs it should be enough to scan the private.* images, correct? (Assuming that I scan the template separatly). - Piit -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c45f1b83-9ccf-443b-a52b-e21aba442763%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?
> > An implementation of a similar idea across several VMs is: > > > > VM1: any TemplateVM with clamav installed. > > > > > > VM2: AppVM based on above, which is network-connected so it can download new > virus definitions. /var/lib/clamav contains the virus definitions so make it > a bind-dir. > > > > > > VM3: DisposableVM based on the above, which is offline, that does the actual > scanning. To scan a VM, use qvm-block to attach a VM's private volume to the > disposable VM.[1] > > > > The actual updating and scanning can be streamlined using shell scripts run > from dom0. > > > I think the nice properties of this setup are: > * distro-packaged, open source antivirus> * antivirus lives outside the VM > you are scanning > * since the antivirus processes a lot of untrusted input, scans are done from > a disposable VM3, so if it is compromised in the course of a scan, only that > session is compromised> * since the antivirus may process a lot of sensitive > information, VM3 is also offline, making it harder for compromised antivirus > to exfiltrate anything. > [1]To make a DisposableVM have different NetVM than its template, you can use > for VM3 the static DisposableVM created by `qvm-create --class DisposableVM > --template VM2 ...`, it can have the specific NetVM setting of None, > different from their template. > Other nice properties: * by mounting a snapshot of the private volume, you have the option to scan while the target VM is running * by mounting a snapshot, you can ensure no modification of the target volume, which some people might like from a forensics point of view. > > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LO-L6ng--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?
> Going beyond that, antivirus is an option. One way to run it is from a dispVM > to which you attach various private volumes (one at a time) for scanning. > An implementation of a similar idea across several VMs is: VM1: any TemplateVM with clamav installed. VM2: AppVM based on above, which is network-connected so it can download new virus definitions. /var/lib/clamav contains the virus definitions so make it a bind-dir. VM3: DisposableVM based on the above, which is offline, that does the actual scanning. To scan a VM, use qvm-block to attach a VM's private volume to the disposable VM.[1] The actual updating and scanning can be streamlined using shell scripts run from dom0. I think the nice properties of this setup are: * distro-packaged, open source antivirus* antivirus lives outside the VM you are scanning * since the antivirus processes a lot of untrusted input, scans are done from a disposable VM3, so if it is compromised in the course of a scan, only that session is compromised* since the antivirus may process a lot of sensitive information, VM3 is also offline, making it harder for compromised antivirus to exfiltrate anything. [1]To make a DisposableVM have different NetVM than its template, you can use for VM3 the static DisposableVM created by `qvm-create --class DisposableVM --template VM2 ...`, it can have the specific NetVM setting of None, different from their template. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LO-HhSr--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?
so.. have anyone really tried ANY anti virus with qubes OS? indeed even for ubuntu, the one that free, keep update, official, is sophos anti virus for linux. others like comodo etc dunt update. please, thanks On Thursday, October 4, 2018 at 11:49:27 AM UTC+8, Chris Laprise wrote: > On 10/03/2018 11:09 PM, ccchan...@gmail.com wrote: > > hi~ > > > > i got enough CPU and RAM and SSD, > > > > I want an extra layer of protection in addition to qubes 's protection. > > > > what can I do? > > > > I used to use ubuntu with sophos free anti virus for linux. > > > > What can I install on a qubes OS? > > > > thanks > > Before going down the detection route, keep in mind that by default > Qubes VMs have little if any _internal_ protection from malware. So it > makes sense to restore normal defenses first... > > https://github.com/tasket/Qubes-VM-hardening/ > > Qubes-VM-hardening goes a bit beyond re-enabling sudo authentication in > that it will also do a minimum level of protection and sanitizing by > default. This protects VMs in ways that could also benefit regular Linux > systems. > > Going beyond that, antivirus is an option. One way to run it is from a > dispVM to which you attach various private volumes (one at a time) for > scanning. Another way is to use Qubes-VM-hardening as a way to launch > the AV scanner at normal appVM startup, at the instant before the > private volume is brought online. > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3451816-4c41-4794-b150-e6a094383d98%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?
On 10/03/2018 11:09 PM, ccchan...@gmail.com wrote: hi~ i got enough CPU and RAM and SSD, I want an extra layer of protection in addition to qubes 's protection. what can I do? I used to use ubuntu with sophos free anti virus for linux. What can I install on a qubes OS? thanks Before going down the detection route, keep in mind that by default Qubes VMs have little if any _internal_ protection from malware. So it makes sense to restore normal defenses first... https://github.com/tasket/Qubes-VM-hardening/ Qubes-VM-hardening goes a bit beyond re-enabling sudo authentication in that it will also do a minimum level of protection and sanitizing by default. This protects VMs in ways that could also benefit regular Linux systems. Going beyond that, antivirus is an option. One way to run it is from a dispVM to which you attach various private volumes (one at a time) for scanning. Another way is to use Qubes-VM-hardening as a way to launch the AV scanner at normal appVM startup, at the instant before the private volume is brought online. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1d74045-4a8f-0537-d51e-1c43f82a4ca0%40posteo.net. For more options, visit https://groups.google.com/d/optout.
