Comment by diacritical

Is there anything more secure than Qubes, assuming enough hardware resources? I'm asking about existing solutions, not theoretical ones. Given its track record so far, I'm betting not, but I'd love to be proven wrong. Adding sandboxing within a VM or hardening it should add more security, but overall I think this is the right approach for anyone who can afford a decent computer.

The attack surface of Xen, the current hypervisor of Qubes, is smaller compared to browsers and OSes that have 0days pathed several times a year. Even most Xen vulns don't affect Qubes.

I just can't imagine putting my whole digital life in one "normal" OS and hoping that the OS or browser security will keep me safe. I'm mentioning the browser because a lot what used to be in the OS is now in the browser, so it's functionally like another OS.

From a usability point of view it's also useful as I can have different environments. Not only different tools in each VM which means I can pretty much forget about dependency issues, but also different data in each VM. If I wanted, I could run any agent or malware on a VM and the exposure would only be whatever data I chose to put in that VM.

Of course, if you're not passing data between certain VMs, you could use different computers for an even better security.