← Back to context

Comment by JCattheATM

3 days ago

> It is secure after resetting the Disposable VM.

What a nonsense answer. That's like saying a bank vault is secure after being rebuilt from being broken into. Meaningless.

It's not 100% secure while using it.

> It's impossible to make it better

Far from it. A formally verified codebase and better protections than DAC would be a start.

> I don't even understand what your actual problem is.

You made a BS claim and have an allergy to admitting you were wrong.

6 comments

JCattheATM

Reply
fsflover  3 days ago

> That's like saying a bank vault is secure after being rebuilt from being broken into. Meaningless.

Did you even read my reply? All data are safe unlike in your (unrelated) example. Give me your actual threat model. 100% security never existed and never will. Security through correctness never worked and never will. Compartmentalization is the only viable approach.

  • JCattheATM  3 days ago

    > All data are safe

    This simply isn't the case. Any data in the VM is vulnerable if the VM has a vulnerability allowing exfiltration.

    > Give me your actual threat model.

    A vulnerability in the VM allowing exfiltration.

    > 100% security never existed and never will.

    Then why did you suggest Qubes as a 100% secure OS?

    Are you now admitting you were wrong to do so?

    > Security through correctness never worked and never will.

    Security clearly isn't your area of expertise. Security through correctness is indeed a solution to many/most threats.

    > Compartmentalization is the only viable approach.

    Hardly. It can help, but at most it's a workaround.

    • fsflover  3 days ago

      >> Give me your actual threat model.

      > A vulnerability in the VM allowing exfiltration.

      Thanks, now we can talk technically without accusations.

      > Any data in the VM is vulnerable if the VM has a vulnerability allowing exfiltration.

      Qubes OS has a possibility to open any file in a dedicated, offline, disposable VM, for reading or for editing [0]. The original VM will not get compromised because it never touches the file. The disposable VM will not allow exfiltration, since it has no network (with the correct configuration).

      There is a reason why this OS is chosen for SecureDrop Workstation [1].

      > Then why did you suggest Qubes as a 100% secure OS?

      There is nothing 100% in this world. Qubes is as close to 100% secure as possible. People often use imprecise expressions for things they wish existed. This is what I expected from your comment.

      > Security clearly isn't your area of expertise. Security through correctness is indeed a solution to many/most threats.

      Indeed, it is not my area. However it is the area of well-known security professionals whose opinion I trust [2].

      [0] https://doc.qubes-os.org/en/latest/user/how-to-guides/how-to...

      [1] https://workstation.securedrop.org/en/stable/

      [2] https://blog.invisiblethings.org/2008/09/02/three-approaches...

      3 replies →