
Securing Browsers Through Isolation versus Mitigation - astdb
https://medium.com/@justin.schuh/securing-browsers-through-isolation-versus-mitigation-15f0baced2c2#.jkm6ylhp9
======
lokedhs
After having started to use Qubes OS[1], I've started to trust the idea of
mitigation less and less.

In Qubes, you tend to create lots of small VM's for each and every non-
standard thing you do. With a traditional distribution I would just "pacman
-S" or "apt-get install" whatever was needed to make whatever I was doing
work. When doing this for a while, mitigation techniques becomes pointless.
There are so many attach vectors that it's impossible to secure them all.

The solution has to be to compartmentalise the code so that exploit of one
container will not impact another. What Chrome is doing is a good step in this
direction, but the entire operating system has to be built to support this.
Qubes OS does a good job with what it got, but I think what is really needed
is a complete rethink as to how an operating system should work. Traditional
operating systems assume that everything you run on the system is secure, but
this fact simply isn't true anymore, but the systems still behave as if they
were.

[1] [https://www.qubes-os.org/](https://www.qubes-os.org/)

------
dguido
There was some additional detail about this post discussed on these two
Twitter threads:

[https://twitter.com/justinschuh/status/835264832001593344](https://twitter.com/justinschuh/status/835264832001593344)

[https://twitter.com/dwizzzleMSFT/status/835270427345731585](https://twitter.com/dwizzzleMSFT/status/835270427345731585)

