
Ask HN: What you think about QubesOS and linux security? - c8g
https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=13190597<p>you might have noticed this. i thought i should not use gui (desktop). then someone mentioned it.<p>are you think it is more secured and reliable?
======
SXX
Modern Linux desktop is extremely insecure and lack of any kind of isolation
so any process that have access to X can do anything no matter what security
measures you applied. With Wayland it's possible to isolate desktop
applications, but there still unsolved problems like audio.

And with concepts like Qubes main flaw remain the user just like with network
privacy in TOR / I2P. There is very few people around who can actually follow
draconian rules systems like that enforce. And once you start to use one app
insecurely you lose all advantages really.

It's just hard to let's say use different browsers for different things and
from time to time you'll use wrong one. Then problem is that most of
applications around isn't really designed to be used in separate VMs and
things like file management get messy. So at some point you'll just give up
trying to keep it secure.

So I think actually secure OS is very far in future.

------
jstewartmobile
Here's what Theo de Raadt had to say about virtualization for security:

" _x86 virtualization is about basically placing another nearly full kernel,
full of new bugs, on top of a nasty x86 architecture which barely has correct
page protection. Then running your operating system on the other side of this
brand new pile of shit._ "

" _You are absolutely deluded, if not stupid, if you think that a worldwide
collection of software engineers who can 't write operating systems or
applications without security holes, can then turn around and suddenly write
virtualization layers without security holes._"

------
rahrahrah
I'd also be interest in hearing from experts about this. The concept seems
very elegant, but plenty of elegant things are flawed...

