←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 5 comments | 19 Nov 17 16:06 UTC | HN request time: 0.81s | source
Show context
notfed ◴[19 Nov 17 20:42 UTC] No.15735828[source]
Note that while Qubes OS uses full-disk encryption, it runs on Xen, which does not support hibernate.

This means that, if you use this OS on a laptop, you'll be vulnerable to cold-boot attacks, even after you close your lid, unless you configure it to shutdown on lid close. (I.e., if a highly skilled adversary steals your laptop then, even if your laptop lid is closed, they will be able to read your RAM and therefore decrypt your entire hard drive.)

Despite the major security implications, it doesn't sound like a fix will be implemented any time soon. [1]

[1] https://github.com/QubesOS/qubes-issues/issues/2414

replies(2): >>15736066 #>>15736180 #
1. bearbearbear ◴[19 Nov 17 21:34 UTC] No.15736066[source]
If a highly skilled thief wants to break into my house they could jimmy the latch on the window and let themselves in.

I don't have any bars on my windows to prevent that.

You need to draw the line somewhere.

replies(2): >>15736166 #>>15738307 #
2. carlmr ◴[19 Nov 17 21:54 UTC] No.15736166[source]
Yeah, I'd say it depend on if you're a normal user or Edward Snowden. Do you have really sensitive data that could cost you your life? Then you have to worry about these edge cases. Are you a normal guy who wants to browse for porn safely, then this is already pretty good privacy.
replies(1): >>15738369 #
3. notfed ◴[20 Nov 17 07:03 UTC] No.15738307[source]
I agree that bars on my windows are a lot to ask for, and lack elegance and convenience.

My Linux OS can hibernate, and I've not found it to be noticeably inelegant or inconvenient. I suppose others' opinions may differ.

4. notfed ◴[20 Nov 17 07:21 UTC] No.15738369[source]
Do you consider your credit card number sensitive? Your username and passwords to all of your, bank accounts, social media accounts, and email accounts? Your personal photos? Your personal notes with personal information about your family? Your track record of your interests and hobbies?

I do. And, if I have a choice, I'd rather not have to wonder if this data is in the hands of a stranger after my laptop is stolen.

replies(1): >>15739518 #
5. carlmr ◴[20 Nov 17 12:50 UTC] No.15739518{3}[source]
It has to be stolen a) while it's on, and b) by someone who immediately knows what to do.

I'm quite sure if you look at your average thief and multiply these to chances together that's less than one in a million chance to happen. Assuming you're not some high profile person where the right person is out to get you and knows which OS you use, and knows how to steal from you.