Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-26 Thread empleat100 
I think i am fine against this, i have something called sipo and i have to 
set up that manually in my online bank.

Dne pondělí 20. července 2020 13:34:12 UTC+2 unman napsal(a):
>
> On Sun, Jul 19, 2020 at 07:28:02AM -0700, tomas.s...@gmail.com 
>  wrote: 
> > Yeah but, in that article: they talk about checking number, not actual 
> > account number. I never heard of some checking number honestly. I have 
> > recurring payments and it doesn't work that way, i have no checking 
> number. 
> > I don't even know what that means in my language... 
> > 
> > On Thursday, July 16, 2020 at 10:10:24 PM UTC+2, awokd wrote: 
> > > 
> > > tomas.s...@gmail.com : 
> > > > Wait a minute... How checking account number, can represent security 
> > > risk? 
> > > 
> > > https://www.consumer.ftc.gov/articles/0196-automatic-debit-scams 
> > > 
>
> The convention here is not to top-post. 
> Please scroll to the bottom of the message before you start typing. Or 
> reply inline. 
> It only takes you seconds, makes it much easier to follow threads, and 
> cumulatively saves your fellow users hours. 
> Thanks. 
>
> In that article *in English* there is no reference to "checking number", 
> every reference is to "checking account" information or number,  so I 
> suspect something is lost in translation. 
> A checking account is a US name - we dont have them where I live, but we 
> have similar accounts, which allow for Direct Debits to be set up. 
>
> The point is that if someone has your account number and sort-code, they 
> *may* be able to set up a payment out of the account without your 
> knowledge or authority. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2682ffba-24b5-4334-baa5-a54c5383b4f3o%40googlegroups.com.

Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-20 Thread unman 
On Sun, Jul 19, 2020 at 07:28:02AM -0700, tomas.schutz...@gmail.com wrote:
> Yeah but, in that article: they talk about checking number, not actual 
> account number. I never heard of some checking number honestly. I have 
> recurring payments and it doesn't work that way, i have no checking number. 
> I don't even know what that means in my language...
> 
> On Thursday, July 16, 2020 at 10:10:24 PM UTC+2, awokd wrote:
> >
> > tomas.s...@gmail.com : 
> > > Wait a minute... How checking account number, can represent security 
> > risk? 
> >
> > https://www.consumer.ftc.gov/articles/0196-automatic-debit-scams 
> >

The convention here is not to top-post.
Please scroll to the bottom of the message before you start typing. Or
reply inline.
It only takes you seconds, makes it much easier to follow threads, and
cumulatively saves your fellow users hours.
Thanks.

In that article *in English* there is no reference to "checking number",
every reference is to "checking account" information or number,  so I
suspect something is lost in translation.
A checking account is a US name - we dont have them where I live, but we
have similar accounts, which allow for Direct Debits to be set up.

The point is that if someone has your account number and sort-code, they
*may* be able to set up a payment out of the account without your
knowledge or authority.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200720113408.GA9057%40thirdeyesecurity.org.

Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-19 Thread tomas . schutz707 
Yeah but, in that article: they talk about checking number, not actual 
account number. I never heard of some checking number honestly. I have 
recurring payments and it doesn't work that way, i have no checking number. 
I don't even know what that means in my language...

On Thursday, July 16, 2020 at 10:10:24 PM UTC+2, awokd wrote:
>
> tomas.s...@gmail.com : 
> > Wait a minute... How checking account number, can represent security 
> risk? 
>
> https://www.consumer.ftc.gov/articles/0196-automatic-debit-scams 
>
> -- 
> - don't top post 
> Mailing list etiquette: 
> - trim quoted reply to only relevant portions 
> - when possible, copy and paste text instead of screenshots 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9f905bd-f50c-4530-8f07-d0d4d7b66654o%40googlegroups.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-17 Thread tomas . schutz707 
Btw isn't there same problem with multi session dvd as with usb flashdisk? 
You can write there additional data. Unless you use read only CD mechanic, 
but i didn't see it anywhere...

On Tuesday, June 9, 2020 at 5:18:10 PM UTC+2, Catacombs wrote:
>
>
>
> On Tuesday, June 9, 2020 at 9:39:26 AM UTC-5, Catacombs wrote:
>>
>>
>>
>> On Monday, June 8, 2020 at 1:00:17 PM UTC-5, tomas.s...@gmail.com wrote:
>>>
>>> I understand, that Qubes compartmentalizes OS and parts of OS don't have 
>>> access to other parts of the OS. So even if you had virus in your firmware 
>>> of a network card, it wouldn't matter. I know firmware viruses are rare, 
>>> but still better safe than sorry. I am looking for safe OS to do online 
>>> banking from. If i use live usb of QUBES, does that protect me against all 
>>> firmware viruses ? I wonder. Even there is like 0.2% chance of being 
>>> infected with it. Also i can't disable all my disks in BIOS, could that be 
>>> problem ? I mean if i use live-usb and don't boot my main OS, when usb is 
>>> plugged in. So my main OS can't compromise Qubes. And even if disks were 
>>> enabled and i boot up Qubes from live usb, i am not sure if it could get 
>>> infected, because these viruses has to be loaded somehow right ? But if 
>>> they are passively on the disk and you launch 2nd OS from live-usb, not 
>>> sure if it could get infected like this. I wanted to dedicate my old pc for 
>>> online banking, but Qubes doesn't work there.
>>>
>>
>> You might rather look at those webpages which talk about "Threat Model."  
>> Who you might be contending with.   There is, of course, the possibility 
>> that what you are referring to is the fact Intel main processors have 
>> modems which might allow Intel to change the firmware code without your 
>> knowing it.  I have been told, by someone who is much more knowledgeable 
>> about these things, that there are no instances of Intel ever having done 
>> that.   There are some possible problems with USB Keyboards.  
>>
>> You might ask your bank.  I suspect in any case, what you might be more 
>> interested in is reading about VPN's.   Some more expensive that others.  
>> As someone said, don't trust a free VPN, they have to make their money 
>> somewhere, still I use the free version of ProtonVPN.  
>>
>> Hardware that is produced with the goal of no Firmware intrusion includes 
>> - https://puri.sm/  the qubes certified hardware,  
>> https://www.qubes-os.org/doc/certified-hardware/,  notice the Hardware 
>> Compatibility List,  https://www.qubes-os.org/hcl/
>>
>> I guess that is off the subject.  
>>
>> If you use a VPN-  My bank checks the IP of the address the login comes 
>> from.  If the VPN server is say in New York, a thousand miles away, it will 
>> not let me login.  Bank reasons I should have told them I was traveling.  
>> You might find difficulty using Tor, or Whonix to login to your bank.  
>>
>
> I should mention, using a credit card can insulate you from risk.  The big 
> risk of using a bank account is allowing someone to have the checking 
> account number itself, the one on the bottom of all your checks.  
>
> Puppy Linux has a number of Live versions which actually do not have a 
> root, but whose security in the case of a bank account is derived from 
> loading a new fresh version of OS at each re-boot.  If one completely power 
> downs the computer after each bank session, and does not save the partition 
> each time, then.  No way can software get in around you.  Installing a VPN 
> to use with one of the distros of Puppy Linux can be problematic though.   
> Puppy Linux has a friendly forum.  I think you might start with Easy OS, 
> create a multi-save DVD.  Boot then do your banking, power down.   
>
> Not perfect.  If you are a geek type, then use Qubes.  No doubt Qubes is 
> superior in several ways. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f336a42-3770-404e-8431-b126fbee9017o%40googlegroups.com.

Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-16 Thread 'awokd' via qubes-users 
tomas.schutz...@gmail.com:
> Wait a minute... How checking account number, can represent security risk? 

https://www.consumer.ftc.gov/articles/0196-automatic-debit-scams

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/45f37846-04e8-b96e-74c7-42c9a4b3a73f%40danwin1210.me.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-16 Thread tomas . schutz707 
Wait a minute... How checking account number, can represent security risk? 
 
On Tuesday, June 9, 2020 at 5:18:10 PM UTC+2, Catacombs wrote:
>
>
>
> On Tuesday, June 9, 2020 at 9:39:26 AM UTC-5, Catacombs wrote:
>>
>>
>>
>> On Monday, June 8, 2020 at 1:00:17 PM UTC-5, tomas.s...@gmail.com wrote:
>>>
>>> I understand, that Qubes compartmentalizes OS and parts of OS don't have 
>>> access to other parts of the OS. So even if you had virus in your firmware 
>>> of a network card, it wouldn't matter. I know firmware viruses are rare, 
>>> but still better safe than sorry. I am looking for safe OS to do online 
>>> banking from. If i use live usb of QUBES, does that protect me against all 
>>> firmware viruses ? I wonder. Even there is like 0.2% chance of being 
>>> infected with it. Also i can't disable all my disks in BIOS, could that be 
>>> problem ? I mean if i use live-usb and don't boot my main OS, when usb is 
>>> plugged in. So my main OS can't compromise Qubes. And even if disks were 
>>> enabled and i boot up Qubes from live usb, i am not sure if it could get 
>>> infected, because these viruses has to be loaded somehow right ? But if 
>>> they are passively on the disk and you launch 2nd OS from live-usb, not 
>>> sure if it could get infected like this. I wanted to dedicate my old pc for 
>>> online banking, but Qubes doesn't work there.
>>>
>>
>> You might rather look at those webpages which talk about "Threat Model."  
>> Who you might be contending with.   There is, of course, the possibility 
>> that what you are referring to is the fact Intel main processors have 
>> modems which might allow Intel to change the firmware code without your 
>> knowing it.  I have been told, by someone who is much more knowledgeable 
>> about these things, that there are no instances of Intel ever having done 
>> that.   There are some possible problems with USB Keyboards.  
>>
>> You might ask your bank.  I suspect in any case, what you might be more 
>> interested in is reading about VPN's.   Some more expensive that others.  
>> As someone said, don't trust a free VPN, they have to make their money 
>> somewhere, still I use the free version of ProtonVPN.  
>>
>> Hardware that is produced with the goal of no Firmware intrusion includes 
>> - https://puri.sm/  the qubes certified hardware,  
>> https://www.qubes-os.org/doc/certified-hardware/,  notice the Hardware 
>> Compatibility List,  https://www.qubes-os.org/hcl/
>>
>> I guess that is off the subject.  
>>
>> If you use a VPN-  My bank checks the IP of the address the login comes 
>> from.  If the VPN server is say in New York, a thousand miles away, it will 
>> not let me login.  Bank reasons I should have told them I was traveling.  
>> You might find difficulty using Tor, or Whonix to login to your bank.  
>>
>
> I should mention, using a credit card can insulate you from risk.  The big 
> risk of using a bank account is allowing someone to have the checking 
> account number itself, the one on the bottom of all your checks.  
>
> Puppy Linux has a number of Live versions which actually do not have a 
> root, but whose security in the case of a bank account is derived from 
> loading a new fresh version of OS at each re-boot.  If one completely power 
> downs the computer after each bank session, and does not save the partition 
> each time, then.  No way can software get in around you.  Installing a VPN 
> to use with one of the distros of Puppy Linux can be problematic though.   
> Puppy Linux has a friendly forum.  I think you might start with Easy OS, 
> create a multi-save DVD.  Boot then do your banking, power down.   
>
> Not perfect.  If you are a geek type, then use Qubes.  No doubt Qubes is 
> superior in several ways. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be1703b9-384b-421b-b8ce-9f82ad2c3b41o%40googlegroups.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-16 Thread tomas . schutz707 
Wait a minute? I never heard of it, that stole account number could 
represent a security risk. What they gonna do with it, to hack your account?

On Tuesday, June 9, 2020 at 5:18:10 PM UTC+2, Catacombs wrote:
>
>
>
> On Tuesday, June 9, 2020 at 9:39:26 AM UTC-5, Catacombs wrote:
>>
>>
>>
>> On Monday, June 8, 2020 at 1:00:17 PM UTC-5, tomas.s...@gmail.com wrote:
>>>
>>> I understand, that Qubes compartmentalizes OS and parts of OS don't have 
>>> access to other parts of the OS. So even if you had virus in your firmware 
>>> of a network card, it wouldn't matter. I know firmware viruses are rare, 
>>> but still better safe than sorry. I am looking for safe OS to do online 
>>> banking from. If i use live usb of QUBES, does that protect me against all 
>>> firmware viruses ? I wonder. Even there is like 0.2% chance of being 
>>> infected with it. Also i can't disable all my disks in BIOS, could that be 
>>> problem ? I mean if i use live-usb and don't boot my main OS, when usb is 
>>> plugged in. So my main OS can't compromise Qubes. And even if disks were 
>>> enabled and i boot up Qubes from live usb, i am not sure if it could get 
>>> infected, because these viruses has to be loaded somehow right ? But if 
>>> they are passively on the disk and you launch 2nd OS from live-usb, not 
>>> sure if it could get infected like this. I wanted to dedicate my old pc for 
>>> online banking, but Qubes doesn't work there.
>>>
>>
>> You might rather look at those webpages which talk about "Threat Model."  
>> Who you might be contending with.   There is, of course, the possibility 
>> that what you are referring to is the fact Intel main processors have 
>> modems which might allow Intel to change the firmware code without your 
>> knowing it.  I have been told, by someone who is much more knowledgeable 
>> about these things, that there are no instances of Intel ever having done 
>> that.   There are some possible problems with USB Keyboards.  
>>
>> You might ask your bank.  I suspect in any case, what you might be more 
>> interested in is reading about VPN's.   Some more expensive that others.  
>> As someone said, don't trust a free VPN, they have to make their money 
>> somewhere, still I use the free version of ProtonVPN.  
>>
>> Hardware that is produced with the goal of no Firmware intrusion includes 
>> - https://puri.sm/  the qubes certified hardware,  
>> https://www.qubes-os.org/doc/certified-hardware/,  notice the Hardware 
>> Compatibility List,  https://www.qubes-os.org/hcl/
>>
>> I guess that is off the subject.  
>>
>> If you use a VPN-  My bank checks the IP of the address the login comes 
>> from.  If the VPN server is say in New York, a thousand miles away, it will 
>> not let me login.  Bank reasons I should have told them I was traveling.  
>> You might find difficulty using Tor, or Whonix to login to your bank.  
>>
>
> I should mention, using a credit card can insulate you from risk.  The big 
> risk of using a bank account is allowing someone to have the checking 
> account number itself, the one on the bottom of all your checks.  
>
> Puppy Linux has a number of Live versions which actually do not have a 
> root, but whose security in the case of a bank account is derived from 
> loading a new fresh version of OS at each re-boot.  If one completely power 
> downs the computer after each bank session, and does not save the partition 
> each time, then.  No way can software get in around you.  Installing a VPN 
> to use with one of the distros of Puppy Linux can be problematic though.   
> Puppy Linux has a friendly forum.  I think you might start with Easy OS, 
> create a multi-save DVD.  Boot then do your banking, power down.   
>
> Not perfect.  If you are a geek type, then use Qubes.  No doubt Qubes is 
> superior in several ways. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f46c2b4-c679-409a-b3af-fc2a18a0d9edo%40googlegroups.com.

Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-14 Thread 'awokd' via qubes-users 
tomas.schutz...@gmail.com:
> I am still looking into this, it is a lot of to think of. Do you know any 
> sites where is threat modeling for average user? I was trying dozens of 
> phrases... and i didn't find any threat model website. Everything only for 
> companies and developers, which were completely useless, i even banned 
> these words in my search...
> 
"Threat model" is a generic security term. See
https://www.macobserver.com/tips/how-to/security-build-threat-model/ for
a short example of how to develop one. Very basically, identify what you
want to protect, and against who/what. Then you can identify means to
defend it.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1d80bef-3c53-c54c-35f2-ad1862c4ad61%40danwin1210.me.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-12 Thread tomas . schutz707 
I am still looking into this, it is a lot of to think of. Do you know any 
sites where is threat modeling for average user? I was trying dozens of 
phrases... and i didn't find any threat model website. Everything only for 
companies and developers, which were completely useless, i even banned 
these words in my search...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54700e35-2a83-4972-9ade-36b4d39abcd0o%40googlegroups.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-02 Thread Mark Fernandes 
On Thursday, 2 July 2020 17:51:35 UTC+1, tomas.s...@gmail.com wrote:
>
> Problem with cd is: every time update for browser comes out, you would 
> have to burn qubes on new cd. I don't know if it is okay to run old browser 
> to access bank. How often you should upgrade your browser.
>

 
I should imagine you could likely just download the latest browser 
'on-the-fly' after Qubes starts-up. I suppose it depends on your internet 
connection. You can create a virtual disk in RAM for each Qubes session; 
such data is wiped when the computer is power cycled, so malware threats 
are generally low.

Alternatively, you might be able to create a multi-session DVD, so that 
whenever you have a new Qubes or new browser, you just add it to the 
current DVD (rather than throwing it out and starting afresh).

Would have thought using an old browser wouldn't pose that much of a 
security risk, but it's probably best to get advice from others on this. 
You will also probably find that other Qubes users have specifically 
experienced these issues; I've not encountered such issues (am a Qubes 
newbie). 


Kind regards,


Mark Fernandes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd91402e-5e30-4c02-b57f-8fc97118f58do%40googlegroups.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-07-02 Thread tomas . schutz707 
Problem with cd is: every time update for browser comes out, you would have 
to burn qubes on new cd. I don't know if it is okay to run old browser to 
access bank. How often you should upgrade your browser.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/040dce83-6691-44c0-8522-9a02bdcde134o%40googlegroups.com.

Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-12 Thread tomas . schutz707 


On Friday, June 12, 2020 at 10:10:25 PM UTC+2, Steve Coleman wrote:
>
>
> That being said, it is extremely difficult to reflash your BIOS when 
> running a general OS in the normal user context, and even more difficult 
> when running a virtualized system such as Qubes. So, if you can prevent the 
> machine from booting from any external devices then you have just raised 
> the bar for that adversary. 
>

Wait what about internal devices ? Like disk. I can't disable NVME in BIOS 
unfortunately. Couldn't bios be reflashed from disk, before bootup ? So you 
say even Qubes doesn't protect against firmware viruses, if they are 
already there. As i am running main Windows and wanted to use Qubes from 
rom cd in external mechanic. So if i had already firmware virus, even 
that's very unlikely. Qubes wouldn't protect me in such scenario. Correct ?

Than probably best idea would be to use my old computer, disconnect disks 
and use one of the Linuxes people above suggested just for online banking. 
And use dedicated mouse and keyboard for that and external cd rom.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ee3776b-f616-41fe-ba4c-8813012f017ao%40googlegroups.com.

Re: [qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-12 Thread Steve Coleman 
On Fri, Jun 12, 2020 at 2:35 PM  wrote:

> Well that's the problem indeed, knowing if you are clean from firmware
> viruses in the first place. But i don't suspect i have firmware viruses and
> i have new pc. It takes a lot of time and money and no one would bother to
> infect specific user. I am no one. It could be used in attacks on multi
> peoples, or if already some firmware virus existed someone could use it i
> guess, i don't really know. Even probability is low. I am just acting
> responsibly about this. If i can use Qubes, than why not right. So if i use
> Qubes, using ROM optical disk in external mechanic. So i should be
> generally safe, (nothing is perfect), even if i got firmware viruses
> afterwards ? I can't unplug disks and disable all of them in BIOS, i am
> using NVME and it is blocked by GPU vertical mount and it was insane to
> plug it in the first place and doing that each time, it is not feasible. So
> if i boot from live CD, not sure if viruses on hard disks could do
> anything. And i won't be booting from Windows when live CD is in and it
> would be ROM and i'll use external CD mechanic.
>
> Also i don't know what i was saying previously, but i can't dedicate old
> pc for banking at least with Qubes, it doesn't work there. So i would be
> using it on my main PC. But if i used other Linux on my old pc and
> dedicated it only for online banking, that should be safe right ? Even if i
> had it long time, so i could have potentially some firmware viruses, that
> could impact security in future. Even if i had them and they didn't do
> anything so far. I don't know.
>

There is not much one can do to protect against firmware viruses other than
to try and prevent situations where someone can reflash your BIOS in the
first place. Since the BIOS is initialized even before the software/OS
gains control the malware code would already be resident in memory before
the DVD booted that read-only media. The DVD drive can not even operate
until the system initializes the BIOS that understands how the DVD drive
even works, so if someone was able to reflash the eeprom then game-over
even before the OS is even loaded. Any software loaded after the malicious
code is in memory is of course subject to what that code wants to do with
your system in the first place.

That being said, it is extremely difficult to reflash your BIOS when
running a general OS in the normal user context, and even more difficult
when running a virtualized system such as Qubes. So, if you can prevent the
machine from booting from any external devices then you have just raised
the bar for that adversary.  If you can prevent them from gaining physical
access to the computer internals, as to attach a JTAG device, then that
raises the bar even higher. Chances are the adversary would need physical
access to the machine to pull this off, which means that any three letter
agency or forign government would have to want you really really bad before
they put someone to task to rig your physical machine like that. yes it's
possible, but there are easier ways to do what they want than reflashing
BIOS so this scenario is unlikely unless you are one very important person.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ5FDni_eF-YtLtxNHMWh-o08-EaLNd3mLJsfhz_1u6roMJnPQ%40mail.gmail.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-12 Thread tomas . schutz707 
Well that's the problem indeed, knowing if you are clean from firmware 
viruses in the first place. But i don't suspect i have firmware viruses and 
i have new pc. It takes a lot of time and money and no one would bother to 
infect specific user. I am no one. It could be used in attacks on multi 
peoples, or if already some firmware virus existed someone could use it i 
guess, i don't really know. Even probability is low. I am just acting 
responsibly about this. If i can use Qubes, than why not right. So if i use 
Qubes, using ROM optical disk in external mechanic. So i should be 
generally safe, (nothing is perfect), even if i got firmware viruses 
afterwards ? I can't unplug disks and disable all of them in BIOS, i am 
using NVME and it is blocked by GPU vertical mount and it was insane to 
plug it in the first place and doing that each time, it is not feasible. So 
if i boot from live CD, not sure if viruses on hard disks could do 
anything. And i won't be booting from Windows when live CD is in and it 
would be ROM and i'll use external CD mechanic. 

Also i don't know what i was saying previously, but i can't dedicate old pc 
for banking at least with Qubes, it doesn't work there. So i would be using 
it on my main PC. But if i used other Linux on my old pc and dedicated it 
only for online banking, that should be safe right ? Even if i had it long 
time, so i could have potentially some firmware viruses, that could impact 
security in future. Even if i had them and they didn't do anything so far. 
I don't know. 

On Tuesday, June 9, 2020 at 12:51:41 PM UTC+2, Mark Fernandes wrote:
>
> I recently did a personal study that covered at least some of these 
> issues. Ppl can also contribute to the study which is now public and in the 
> form of a wiki.
>
> On Monday, 8 June 2020 19:00:17 UTC+1, tomas.s...@gmail.com wrote:
>>
>> ... I know firmware viruses are rare, but still better safe than sorry. I 
>> am looking for safe OS to do online banking from. If i use live usb of 
>> QUBES, does that protect me against all firmware viruses ? ... 
>>
>
> My opinion is that it probably doesn't when you suspect you may already 
> have firmware viruses. If you know you are clean (including that the USB 
> memory stick is also clean from firmware malware [because USB memory 
> sticks can also have firmware malware 
> ]),
>  
> then you'll probably be safe if you only use Qubes.
>
> A live DVD of Qubes is likely more safe than a live USB memory stick of 
> Qubes—see here 
> 
> .
>
> For users not literate with the technical aspects of computing, who want 
> to do online banking securely and safely, I would advise purchasing a brand 
> new Chromebook using random physical selection at a physical computer 
> store 
> .
>  
> Chromebooks appear to be quite secure in comparison to many other kinds of 
> devices generally labelled as computers (I don't include smartphones in 
> this comparison, and I don't know so much about which smartphone one should 
> choose for online banking).
>
> If you are more technically minded, and want to do online banking, it 
> still might be the case that other "better" solutions are inappropriate for 
> you, in the sense that they are all "overkill" solutions. Banks often 
> refund monies stolen through fraud... However, if you are more technically 
> minded, it probably is a good idea to look through the aforementioned study 
> (the contents page can be accessed here 
> ).
>
> Some info on the security of BIOS/UEFI firmware (from the study ) is 
> documented here 
> 
> .
>  
>
>> Also i can't disable all my disks in BIOS, could that be problem ?  
>> So my main OS can't compromise Qubes. ... 
>>
>
> Would recommend physical disconnection of unused disks when dual-booting. 
> As I think mentioned elsewhere in these mailing lists, you can do that by 
> just taking out the power cable of the respective disks. See here 
> 
>  
> for more information.
>
>  
>
>> ... I wanted to dedicate my old pc for online banking, but Qubes doesn't 
>> work there.
>>
>
> Might be a good idea to do such dedication. It can be good from a security 
> perspective because of the isolation of the device from other systems you 
> use. You could consider using the freely-available

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-12 Thread tomas . schutz707 
Well that's the problem indeed, knowing if you are clean from firmware 
viruses in the first place. But i don't suspect i have firmware viruses and 
i have new pc. It takes a lot of time and money and no one would bother to 
infect specific user. I am no one. It could be used in attacks on multi 
peoples, or if already some firmware virus existed someone could use it i 
guess, i don't really know. Even probability is low. I am just acting 
responsibly about this. If i can use Qubes, than why not right. So if i use 
Qubes, using ROM optical disk in external mechanic. So i should be 
generally safe, (nothing is perfect), even if i got firmware viruses 
afterwards ? And do i even have to unplug hard disks than ? I can do that, 
if it is potential security risk, i don't bank that often. Although it is 
annoying to physically unplug them each time. But i understand you want to 
reduce attack surfaces. But if i boot from live CD, not sure if viruses on 
hard disks could do anything. And i won't be booting from Windows when live 
CD is in and it would be ROM and i'll use external CD mechanic. 

On Tuesday, June 9, 2020 at 12:51:41 PM UTC+2, Mark Fernandes wrote:
>
> I recently did a personal study that covered at least some of these 
> issues. Ppl can also contribute to the study which is now public and in the 
> form of a wiki.
>
> On Monday, 8 June 2020 19:00:17 UTC+1, tomas.s...@gmail.com wrote:
>>
>> ... I know firmware viruses are rare, but still better safe than sorry. I 
>> am looking for safe OS to do online banking from. If i use live usb of 
>> QUBES, does that protect me against all firmware viruses ? ... 
>>
>
> My opinion is that it probably doesn't when you suspect you may already 
> have firmware viruses. If you know you are clean (including that the USB 
> memory stick is also clean from firmware malware [because USB memory 
> sticks can also have firmware malware 
> ]),
>  
> then you'll probably be safe if you only use Qubes.
>
> A live DVD of Qubes is likely more safe than a live USB memory stick of 
> Qubes—see here 
> 
> .
>
> For users not literate with the technical aspects of computing, who want 
> to do online banking securely and safely, I would advise purchasing a brand 
> new Chromebook using random physical selection at a physical computer 
> store 
> .
>  
> Chromebooks appear to be quite secure in comparison to many other kinds of 
> devices generally labelled as computers (I don't include smartphones in 
> this comparison, and I don't know so much about which smartphone one should 
> choose for online banking).
>
> If you are more technically minded, and want to do online banking, it 
> still might be the case that other "better" solutions are inappropriate for 
> you, in the sense that they are all "overkill" solutions. Banks often 
> refund monies stolen through fraud... However, if you are more technically 
> minded, it probably is a good idea to look through the aforementioned study 
> (the contents page can be accessed here 
> ).
>
> Some info on the security of BIOS/UEFI firmware (from the study ) is 
> documented here 
> 
> .
>  
>
>> Also i can't disable all my disks in BIOS, could that be problem ?  
>> So my main OS can't compromise Qubes. ... 
>>
>
> Would recommend physical disconnection of unused disks when dual-booting. 
> As I think mentioned elsewhere in these mailing lists, you can do that by 
> just taking out the power cable of the respective disks. See here 
> 
>  
> for more information.
>
>  
>
>> ... I wanted to dedicate my old pc for online banking, but Qubes doesn't 
>> work there.
>>
>
> Might be a good idea to do such dedication. It can be good from a security 
> perspective because of the isolation of the device from other systems you 
> use. You could consider using the freely-available CloudReady OS 
> ,  which is something like 
> ChromeOS (used on Chromebooks) for non-Chromebook devices. I've 
> successfully installed CloudReady on an old Toshiba laptop.
>
>
> Kind regards,
>
>
> Mark Fernandes
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-09 Thread Catacombs 


On Tuesday, June 9, 2020 at 9:39:26 AM UTC-5, Catacombs wrote:
>
>
>
> On Monday, June 8, 2020 at 1:00:17 PM UTC-5, tomas.s...@gmail.com wrote:
>>
>> I understand, that Qubes compartmentalizes OS and parts of OS don't have 
>> access to other parts of the OS. So even if you had virus in your firmware 
>> of a network card, it wouldn't matter. I know firmware viruses are rare, 
>> but still better safe than sorry. I am looking for safe OS to do online 
>> banking from. If i use live usb of QUBES, does that protect me against all 
>> firmware viruses ? I wonder. Even there is like 0.2% chance of being 
>> infected with it. Also i can't disable all my disks in BIOS, could that be 
>> problem ? I mean if i use live-usb and don't boot my main OS, when usb is 
>> plugged in. So my main OS can't compromise Qubes. And even if disks were 
>> enabled and i boot up Qubes from live usb, i am not sure if it could get 
>> infected, because these viruses has to be loaded somehow right ? But if 
>> they are passively on the disk and you launch 2nd OS from live-usb, not 
>> sure if it could get infected like this. I wanted to dedicate my old pc for 
>> online banking, but Qubes doesn't work there.
>>
>
> You might rather look at those webpages which talk about "Threat Model."  
> Who you might be contending with.   There is, of course, the possibility 
> that what you are referring to is the fact Intel main processors have 
> modems which might allow Intel to change the firmware code without your 
> knowing it.  I have been told, by someone who is much more knowledgeable 
> about these things, that there are no instances of Intel ever having done 
> that.   There are some possible problems with USB Keyboards.  
>
> You might ask your bank.  I suspect in any case, what you might be more 
> interested in is reading about VPN's.   Some more expensive that others.  
> As someone said, don't trust a free VPN, they have to make their money 
> somewhere, still I use the free version of ProtonVPN.  
>
> Hardware that is produced with the goal of no Firmware intrusion includes 
> - https://puri.sm/  the qubes certified hardware,  
> https://www.qubes-os.org/doc/certified-hardware/,  notice the Hardware 
> Compatibility List,  https://www.qubes-os.org/hcl/
>
> I guess that is off the subject.  
>
> If you use a VPN-  My bank checks the IP of the address the login comes 
> from.  If the VPN server is say in New York, a thousand miles away, it will 
> not let me login.  Bank reasons I should have told them I was traveling.  
> You might find difficulty using Tor, or Whonix to login to your bank.  
>

I should mention, using a credit card can insulate you from risk.  The big 
risk of using a bank account is allowing someone to have the checking 
account number itself, the one on the bottom of all your checks.  

Puppy Linux has a number of Live versions which actually do not have a 
root, but whose security in the case of a bank account is derived from 
loading a new fresh version of OS at each re-boot.  If one completely power 
downs the computer after each bank session, and does not save the partition 
each time, then.  No way can software get in around you.  Installing a VPN 
to use with one of the distros of Puppy Linux can be problematic though.   
Puppy Linux has a friendly forum.  I think you might start with Easy OS, 
create a multi-save DVD.  Boot then do your banking, power down.   

Not perfect.  If you are a geek type, then use Qubes.  No doubt Qubes is 
superior in several ways. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ca355e8-7fc2-4fe8-bb77-ddb507ff60e3o%40googlegroups.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-09 Thread Catacombs 


On Monday, June 8, 2020 at 1:00:17 PM UTC-5, tomas.s...@gmail.com wrote:
>
> I understand, that Qubes compartmentalizes OS and parts of OS don't have 
> access to other parts of the OS. So even if you had virus in your firmware 
> of a network card, it wouldn't matter. I know firmware viruses are rare, 
> but still better safe than sorry. I am looking for safe OS to do online 
> banking from. If i use live usb of QUBES, does that protect me against all 
> firmware viruses ? I wonder. Even there is like 0.2% chance of being 
> infected with it. Also i can't disable all my disks in BIOS, could that be 
> problem ? I mean if i use live-usb and don't boot my main OS, when usb is 
> plugged in. So my main OS can't compromise Qubes. And even if disks were 
> enabled and i boot up Qubes from live usb, i am not sure if it could get 
> infected, because these viruses has to be loaded somehow right ? But if 
> they are passively on the disk and you launch 2nd OS from live-usb, not 
> sure if it could get infected like this. I wanted to dedicate my old pc for 
> online banking, but Qubes doesn't work there.
>

You might rather look at those webpages which talk about "Threat Model."  
Who you might be contending with.   There is, of course, the possibility 
that what you are referring to is the fact Intel main processors have 
modems which might allow Intel to change the firmware code without your 
knowing it.  I have been told, by someone who is much more knowledgeable 
about these things, that there are no instances of Intel ever having done 
that.   There are some possible problems with USB Keyboards.  

You might ask your bank.  I suspect in any case, what you might be more 
interested in is reading about VPN's.   Some more expensive that others.  
As someone said, don't trust a free VPN, they have to make their money 
somewhere, still I use the free version of ProtonVPN.  

Hardware that is produced with the goal of no Firmware intrusion includes - 
https://puri.sm/  the qubes certified hardware,  
https://www.qubes-os.org/doc/certified-hardware/,  notice the Hardware 
Compatibility List,  https://www.qubes-os.org/hcl/

I guess that is off the subject.  

If you use a VPN-  My bank checks the IP of the address the login comes 
from.  If the VPN server is say in New York, a thousand miles away, it will 
not let me login.  Bank reasons I should have told them I was traveling.  
You might find difficulty using Tor, or Whonix to login to your bank.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9119a006-e9e5-4540-b6d3-3c572e383b11o%40googlegroups.com.

[qubes-users] Re: Does qubes protect against all firmware viruses ?

2020-06-09 Thread Mark Fernandes 
I recently did a personal study that covered at least some of these issues. 
Ppl can also contribute to the study which is now public and in the form of 
a wiki.

On Monday, 8 June 2020 19:00:17 UTC+1, tomas.s...@gmail.com wrote:
>
> ... I know firmware viruses are rare, but still better safe than sorry. I 
> am looking for safe OS to do online banking from. If i use live usb of 
> QUBES, does that protect me against all firmware viruses ? ... 
>

My opinion is that it probably doesn't when you suspect you may already 
have firmware viruses. If you know you are clean (including that the USB 
memory stick is also clean from firmware malware [because USB memory sticks 
can also have firmware malware 
]),
 
then you'll probably be safe if you only use Qubes.

A live DVD of Qubes is likely more safe than a live USB memory stick of 
Qubes—see here 

.

For users not literate with the technical aspects of computing, who want to 
do online banking securely and safely, I would advise purchasing a brand 
new Chromebook using random physical selection at a physical computer store 
.
 
Chromebooks appear to be quite secure in comparison to many other kinds of 
devices generally labelled as computers (I don't include smartphones in 
this comparison, and I don't know so much about which smartphone one should 
choose for online banking).

If you are more technically minded, and want to do online banking, it still 
might be the case that other "better" solutions are inappropriate for you, 
in the sense that they are all "overkill" solutions. Banks often refund 
monies stolen through fraud... However, if you are more technically minded, 
it probably is a good idea to look through the aforementioned study (the 
contents page can be accessed here 
).

Some info on the security of BIOS/UEFI firmware (from the study ) is 
documented here 

.
 

> Also i can't disable all my disks in BIOS, could that be problem ?  So 
> my main OS can't compromise Qubes. ... 
>

Would recommend physical disconnection of unused disks when dual-booting. 
As I think mentioned elsewhere in these mailing lists, you can do that by 
just taking out the power cable of the respective disks. See here 

 
for more information.

 

> ... I wanted to dedicate my old pc for online banking, but Qubes doesn't 
> work there.
>

Might be a good idea to do such dedication. It can be good from a security 
perspective because of the isolation of the device from other systems you 
use. You could consider using the freely-available CloudReady OS 
,  which is something like ChromeOS 
(used on Chromebooks) for non-Chromebook devices. I've successfully 
installed CloudReady on an old Toshiba laptop.


Kind regards,


Mark Fernandes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cff504f6-1b0b-4798-85f9-5fb42ab6e4a3o%40googlegroups.com.