←back to thread

Qubes OS 4.0 has been released

(www.qubes-os.org)
143 points andrewdavidwong | 7 comments | 28 Mar 18 17:37 UTC | HN request time: 0.662s | source | bottom
1. wpdev_63 ◴[28 Mar 18 23:44 UTC] No.16703164[source]
Please keep in mind when using Qube OS is that it does NOT protect you if your hardware is compromised. The NSA and other clandestine agencies have an easy backdoor to your computer even when running this.
replies(2): >>16703531 #>>16705972 #
2. lawnchair_larry ◴[29 Mar 18 00:38 UTC] No.16703531[source]
No they don’t.
replies(1): >>16704756 #
3. benevol ◴[29 Mar 18 05:40 UTC] No.16704756[source]
Sure they do, just not really Qubes OS specific ones though.
replies(1): >>16713144 #
4. jstanley ◴[29 Mar 18 10:47 UTC] No.16705972[source]
I never understood objections like this.

With a standard Linux system you have vulnerabilities X,Y,Z. With Qubes you have vulnerability X, so let's comment on Qubes and try to discourage people from using it because vulnerability X still exists? It's still better than the alternative!

replies(1): >>16706617 #
5. colejohnson66 ◴[29 Mar 18 13:03 UTC] No.16706617[source]
I didn’t read that as discouraging people from using Qubes, but rather as a reminder than Qubes, like every OS, can’t protect you if your hardware is compromised.
replies(1): >>16714867 #
6. lawnchair_larry ◴[30 Mar 18 02:16 UTC] No.16713144{3}[source]
Do you have an example?
7. irundebian ◴[30 Mar 18 09:47 UTC] No.16714867{3}[source]
That's a trivial conclusion and not related to Qubes OS. Every operating system somehow relies on hardware protection features.

If the ring architecture of processor can be circumvented, the protection of privileged code (kernel) is harmed. If you can circumvent the MMU's memory protection, the protection of privileged code is harmed. And if side channel attacks like Spectre and Meltdown are circumventing protecting features, the protection of sensitive data is harmed.

Every systems which has claims on security relies on explicit (that would be better) or implicit assumptions. And every operating systems I know of, at least implicitly assumes that the hardware isn't compromised.