Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-23 Thread ME
The window appeared about a little bit lower than the middle of the screen.

onsdag den 23. december 2020 kl. 00.02.55 UTC+1 skrev awokd:

> ME:
> > When I inserted my USB storage device in my Qubes OS pc after login to
> > Qubes OS, their appeared a small transparent window (before I mounted the
> > USB device to a VM) where I only could see its frame.
> > 
> > I then wondered if it could be caused of a virus that was planted on the
> > USB storage device that I only have used to transfer files between two
> > Qubes OS pc's.
> > 
> > And if so, how can I get rid of the virus or rootkit on the Qubes OS pc ?
>
> If it was in the top right corner, it was a message from Qubes telling 
> you a device was connected. Sometimes the text doesn't always show up.
>
> -- 
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13d4d889-3260-4cde-9b95-28900ebece8en%40googlegroups.com.


Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-22 Thread 'awokd' via qubes-users

ME:

When I inserted my USB storage device in my Qubes OS pc after login to
Qubes OS, their appeared a small transparent window (before I mounted the
USB device to a VM) where I only could see its frame.

I then wondered if it could be caused of a virus that was planted on the
USB storage device that I only have used to transfer files between two
Qubes OS pc's.

And if so, how can I get rid of the virus or rootkit on the Qubes OS pc ?


If it was in the top right corner, it was a message from Qubes telling 
you a device was connected. Sometimes the text doesn't always show up.


--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9dbc1900-908e-1780-3de5-a1633895a8cb%40danwin1210.me.


Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-22 Thread ME
When I inserted my USB storage device in my Qubes OS pc after login to 
Qubes OS, their appeared a small transparent window (before I mounted the 
USB device to a VM) where I only could see its frame.

I then wondered if it could be caused of a virus that was planted on the 
USB storage device that I only have used to transfer files between two 
Qubes OS pc's.

And if so, how can I get rid of the virus or rootkit on the Qubes OS pc ?


mandag den 21. december 2020 kl. 01.05.02 UTC+1 skrev Ulrich Windl:

> On 12/20/20 10:27 AM, ME wrote:
> > Lets say I have a USB storage device which has a virus on it that will 
> > infect a Linux pc when it is inserted.
> > 
> > If I insert the USB storage device in my Qubes OS pc after login to 
> > Qubes OS, is it then possible for the virus to infect my pc immediately 
> > after I have plugged it in before or after attaching the device to a VM ?
>
> I think it depends on how the virus works. For example if it could cause 
> code execution by overflowing the SCSI vendor/model buffer (I'm not 
> saying that this is possible, BTW), it could cause execution even before 
> anything is mounted...
>
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to qubes-users...@googlegroups.com 
> > .
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com?utm_medium=email&utm_source=footer
> >.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cdd26f8-f1e1-4293-bd59-57abf8faf688n%40googlegroups.com.


Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-20 Thread Ulrich Windl

On 12/20/20 10:27 AM, ME wrote:
Lets say I have a USB storage device which has a virus on it that will 
infect a Linux pc when it is inserted.


If I insert the USB storage device in my Qubes OS pc after login to 
Qubes OS, is it then possible for the virus to infect my pc immediately 
after I have plugged it in before or after attaching the device to a VM ?


I think it depends on how the virus works. For example if it could cause 
code execution by overflowing the SCSI vendor/model buffer (I'm not 
saying that this is possible, BTW), it could cause execution even before 
anything is mounted...




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/365aebf3-1118-7ca0-e7c2-f70044537a74%40rz.uni-regensburg.de.


Re: [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-20 Thread unman
On Sun, Dec 20, 2020 at 01:27:59AM -0800, ME wrote:
> Lets say I have a USB storage device which has a virus on it that will 
> infect a Linux pc when it is inserted.
> 
> If I insert the USB storage device in my Qubes OS pc after login to Qubes 
> OS, is it then possible for the virus to infect my pc immediately after I 
> have plugged it in before or after attaching the device to a VM ?
> 

There are different sorts of malware.
A traditional form of virus or worm can sit on the USB, but will not be
activated until triggered - usually by opening the file or attempting to
run the application containing the virus. The answer here, obviously, is
"No."

Some attacks:
1. Specific USB attacks may emulate a keyboard and issue commands - this
may allow files to be exfiltrated or malware to be installed. This will
affect the sys-usb device *and perhaps dom0*. If you have sys-usb
automatically attach keyboard without prompt you wont notice this. 
2. A bad USB may also spoof a NIC - unlikely to be relevant in Qubes unless
you have combined sys-net/usb.
3. A bad USB may attack the controller, and then infect controller chips
of other USB devices connected to the computer. If possible, separate
controllers, and use them for specific purposes - e.g have one
controller attached to an "open" sys-usb and **only** use that for
untrusted devices. 
4. A modified USB may detect that the computer is starting up, and boot a
small virus which will infect the operating system prior to boot. Don't
boot your machine with USB devices attached.
5. Other stuff.

So the broad answer to your question is "Yes".
Depending on the type of attack, you can mitigate risk by using
disposable sys-usb qubes, limiting USB device types within sys-usb
using udev rules, separating controllers and so on.
If you think you are a real target, don't use USB - it takes seconds to
physically disable USB ports. Port lockers are also available, if you
*must* have a USB port.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20201220131715.GC28281%40thirdeyesecurity.org.


[qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

2020-12-20 Thread ME
Lets say I have a USB storage device which has a virus on it that will 
infect a Linux pc when it is inserted.

If I insert the USB storage device in my Qubes OS pc after login to Qubes 
OS, is it then possible for the virus to infect my pc immediately after I 
have plugged it in before or after attaching the device to a VM ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com.