←back to thread

176 points TheFreim | 2 comments | | HN request time: 0.602s | source
Show context
legrande ◴[] No.36685913[source]
What kind of threat model requires someone to use Qubes? I know Snowden uses it and there's even a testimonial of him on the Qubes site recommending it. Is this for people on 'lists' or are high value targets because they visited the wrong site or said something the authorities didn't like and their machines are now being targeted?
replies(6): >>36685957 #>>36685977 #>>36686014 #>>36686031 #>>36686103 #>>36686127 #
Syonyk ◴[] No.36686127[source]
> What kind of threat model requires someone to use Qubes?

"Not trusting modern software to be correct nor secure" is sufficient.

I do almost all my web browsing in disposable VMs with no access to interesting things like my password manager, email, SSH keys, etc. I also run JITless (disable Javascript JIT engine), because those are a common attack point on browsers.

If you compromise my browser from a random site, you get nothing of interest. Even if you pop the kernel. You still have to get through Xen to get to anything I consider of value.

replies(2): >>36687359 #>>36687759 #
snvzz ◴[] No.36687759[source]
>You still have to get through Xen to get to anything I consider of value.

It's not unthinkable, as Xen is huge, at hundreds of kLoCs. But there's an effort[0] to make a Qubes that uses seL4 in place of Xen.

0. https://trustworthy.systems/projects/TS/makatea

replies(1): >>36692243 #
fsflover ◴[] No.36692243[source]
Most of Xen's vulnerabilities do not affect Qubes OS: https://www.qubes-os.org/security/xsa/.
replies(1): >>36693005 #
1. snvzz ◴[] No.36693005[source]
Most vulnerabilities of anything do not affect all its users.

But it's bad enough if any do. (some do affect Qubes)

It is an architectural problem.

SeL4 is a good replacement, with excellent performance and strong formal proofs.

replies(1): >>36693089 #
2. fsflover ◴[] No.36693089[source]
SeL4 is great an all, but no one of those Xen vulnerabilities has led to an escape since forever, have they?