Comment by codethief

2 days ago

Memory isolation doesn't really help, though. If you have a malicious process running under the same user account as your password manager, it's still game over since that process could e.g.

- capture keyboard input - capture your screen - silently install browser extensions to capture your credentials - modify your shell config, .desktop files, $PATH, … to have you e.g. call a backdoored version of your password manager, or put a modified version of sudo on your $PATH that logs your password (=> root access => full memory access) - …

10 comments

codethief

johnisgood 2 days ago

You can use Qubes OS for true VM-level isolation, or use hardware security keys where possible, or run sensitive applications in dedicated VMs.

I think that in general it is game over the moment you have malicious processes running. I use firejail for most applications, which I believe is the bare minimum, or bubblewrap.

codethief 1 day ago
Yeah. Personally, I'm crossing my fingers for SpectrumOS[0] to make things a bit easier. As the developer notes on her website[1]:
<qyliss> I have embarked on the ultimate yak shave <qyliss> it started with "I wish I could securely store passwords on my computer" <qyliss> And now I am at the "I have funding to build my own operating system" level
[0]: https://spectrum-os.org/
[1]: https://alyssa.is/about/
- johnisgood 1 day ago
  
  What else can you tell me about Spectrum OS? Is it actively maintained? Is it usable? How does it compare to Qubes OS?
  Also what do you think about Subgraph OS[1]? Although I think it is not maintained anymore, or is it?
  [1] https://subgraph.com/img/sgos.png (old image which I remembered it by) (https://web.archive.org/web/20241206072718/https://subgraph....)
  
  1 reply →

codethief 1 day ago

Ugghh, once again I forgot that HN removes line breaks unless you use double line breaks or indent by 2 spaces, and now it's too late to edit my comment.

@dang People keep running into this. (See e.g. this comment[0] from a few days ago.) It also makes it rather awkward to write lists IMO. What's the reason for removing line breaks and could this be changed?

[0]: https://news.ycombinator.com/item?id=44946386

charcircuit 2 days ago

For modern operating systems capturing keyboard input is locked down to avoid keyloggers. Capturing your screen requires explicit user permission to do so, popping up a dialog. Apps are isolated so another app can't interfere and install a browser extention or modify shell configs, etc.

wltr 1 day ago

And modern operating systems are being … ? macOS, I assume?
LtWorf 1 day ago
Can you name one of these modern operating systems?
- charcircuit 1 day ago
  
  iOS is a modern operating system.
  
  1 reply →