Subj : Re: Computer operating system of choice?
To   : boraxman
From : Greenlfc
Date : Tue Feb 08 2022 06:07:48

On 08 Feb 2022, boraxman said the following...
 
 bo> something different.  I briefly looked at Qubes, and it seems
 bo> interesting, though I don't think I fully grok it yet.

It takes a minute, and it helps if you're an experienced enterprise sysadmin (although *certainly* isn't required).  The key thing is separation of duties (or, arguably, personalities).  By isolating your personas into individual Qubes (VMs) you reduce the damage if one of them is compromised (say by an escape from firefox).  

The networking component is another rabbit hole.  Your Qubes are protected by a dedicated networking Qube which handles firewalling, routing, etc.  If your machine is locked and someone plugs in a USB device, it's dead-ended at the USB qube until you login and attach it where you want it to go.

You *are* still somewhat vulnerable to IME attacks, but there's some mitigations in there.  IME is the devil.

GreenLFC               º e> greenleaderfanclub@protonmail.com
Infosec / Ham / Retro  º masto> greenleaderfanclub@distrotoot
Avoids Politics on BBS º gem> gemini.greenleader.xyz

--- Mystic BBS v1.12 A47 2021/12/24 (Raspberry Pi/32)
 * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

.