Hacker News new | past | comments | ask | show | jobs | submit login

I've never heard of Qubes doing significant in-distro kernel hardening, so if they think Linux does Qubes would too.



This is not so simple. Qubes implements security through isolation. Dom0 has not Internet access, so you can only have a backdoor in VMs. Some VMs also have no Internet access, so they're safe. Others are reset every reboot. In addition, all VMs can rely on different Linux distributions (Arch, Debian, Fedora etc.). I think Qubes provides a good defense against such attacks.

Upd:

> I've never heard of Qubes doing significant in-distro kernel hardening

https://github.com/QubesOS/qubes-issues/issues/4233

https://github.com/QubesOS/qubes-issues/issues/2748

https://github.com/QubesOS/qubes-issues/issues/2045


Better defense of course, but reminds me this [0] quote.

[0] https://news.ycombinator.com/item?id=7585031


Qubes OS v4+ does not use typical software virtualization methods. VT-d hardware virtualization it uses was broken only once, and it was done by the Qubes founder: https://en.wikipedia.org/wiki/Blue_Pill_(software)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: