>>1443https://en.wikipedia.org/wiki/Qubes_OSLinux-based OSes and others) Userland Fedora, Debian, Whonix, Microsoft Windows
The main install is Fedora
), runs on Systemd
, the Whonix gateway and workstation run on Debian on Systemd. And they recommend also running MS Windows. Is the Xen Hypervisor really able to create perfect isolation? Can hardware based methods get around that and grab everything from memory if you're using modern Intel CPU and chip-set with AMT and ME management engine?
I don't trust Red Hat
, I don't trust Debian
, and I certainly don't trust MS Windows
for privacy based applications, although they're rock solid for non privacy based platforms. If you're using a full fledged desktop environment like KDE or Gnome, you probably already have malware installed on your setup. I think this is security theater. Isolation is a good idea, but why not just get two machines , one for the gatway running on OpenRC on gentoo, or Hyperbola, running tor that you compile from source, with 6 hops, and the other machine with a minimal desktop (fvwm, twm etc), fire-walled and locked down forwarding only what you want (specific applications on specific ports) and blocking all others, like links
or even tor-browser
through the gateway machine proxying on port 9050 through tor. Rather than trusting virtual machines
which are un-audited and bound to have bugs, and backdoors, and zero-day exploits.
Cool idea, worth checking out, but not the end of the thread....not even close. x86,x86-64 are not where you want to be for security, or privacy, and minimal means less software, only what is necessary for the job at hand. Good recommendation to check out, but it has some problematic features. I use the isolation method that I described proxying through a tor proxy on a second machine with a minimal install with 4-10 packages after base installed and fire-walled with modified endwall.sh
, 6 hop modded tor, compiled from source. Cubes has some good ideas (isolation), but I wouldn't trust my life on it, and I have serious reservations about Red Hat
, MS Windows
, and un-audited virtual machines and hypervisors. Isolation and compartmentalization are good ideas though and should be practiced. For instance make an air-gaped machine as your No internet zone, and you can be certain that it has no internet connectivity or access, not just take some programmer's from Invisible Things Lab
word for it...