Is it still unsafe/unsupported to use Qubes Windows Tools?
Windows PV drivers potentially compromised
I remember trying to setup my Windows VM while installing QWT a drive was mounted to windows with a readme file pointing to this URL or similar one addressing this issue.
QWT is fineā¦ Always has beenā¦ No issues with it here, but then again I only used the stable version and didnāt upgrade to the unstable version that made the guests slower.
I still have 12 different versions of QWT here if you want some. I mean I use them, and I have no issues.
Most people are concerned with security, not performance. The old drivers could have vulnerabilities, whether from known issues or unknown 0-days, and the 4.1.69 version has āpotentially compromised drivers.ā For my threat model, I donāt care about the risks and can confirm thereās no performance hit. However, to address the OPās question, there havenāt been any updates, and I wouldnāt expect any soon. You can still force the installation of the latest tools using āsudo qubes-dom0-update qubes-windows-tools-4.1.69ā on Qubes 4.2, as outlined in the QWT documentation.
Any software that communicates from the client to host will nearly always have vulnerabilities of some sort.
You canāt protect against EVERYTHING without not having the connection.
I have the tools from version 2 to 4.* for QWT. So I just have the ISOās available to me at all times.
My systems are secure to the best of my abilities. Having the QWT installed just has one more thing that needs to be defended against.
But even if someone does perform an action from the guest to Domain-0, what would they be connecting as? As in, what user? Would they be connected to the Domain-0 as root or the user that I am logged in as?
Windows is inherently insecure, so unless you secure it, you already have enough holes in the system to give MicroSoft access to the host most likely.
Doesnāt matter what I run, I secure Windows. I block MS from accessing it, I have a firewall installed on it, I have Anti-Malware installed with full heuristic scanning for threats. I really donāt trust Window that much.
I do daily scans of my systems using multiple tools to clean them up to find malware as well as clean the drives up so the images are smaller.
My systems have no issue using QWT, whether Iām playing Star Citizen, SCUM, Tarkov, Quake, Doom, Stalker(COC,CS,RTP), Stalker 2 or anything elseā¦ Nothing connects in a bad way to Domain-0. There are games that have supposedly ākernel levelā anti-cheat in them, and I donāt even let those things run or talk to the internet or even access any of the system.
All in all, QWT was fine for general use. If you were installing viruses and other malware and worms in the system, then that is just stupid to do on any system that isnāt completely isolated. (in other words on itās own hardware and internet connection and network)
As you know, jsut set it from 255.255.255.255 to 255.0.0.0 and you can scan everything.
The other thing you have to remember, if you have hardware that is made in china or any of itās controlling countries, or even in the USA, then the hardware itself is an infection and has holes and back-doors in it that are built in to bypass most things and access the hardware directly.
One slight correction, there is a qwt update that enables seamless mode for windows 10/11. It has integration with qubes buolder v2 as well. There is just no packaged releases yet, so you need to build it yourself.
This is the related github issue: qubes-windows-tools: Support for Windows 10/11 Ā· Issue #1861 Ā· QubesOS/qubes-issues Ā· GitHub
Sorry for disappearing for a long time after starting the topic, but I am very busy as a college student.
I have a question. What is meant by āseamless modeā?
Seamless mode is where the individual application windows have the coloured border, and appear individually on the desktop. It is currently an option for windows 7 and is the only option for the linux qubes.
AFAIK you can run a linux qube in its own windows without seamless mode
I know thatās how it works for standalones from isoās, but didnāt know it was possible with the template based ones without a lot of work.
I have a question here because I am puzzled by the āImpactā section in the referred document, would an attack exploiting this vulnerabilities only affect the Windows VM? is it not that this kind of vulnerabilities compromise the system in such low level that the attacker can take over the whole PC?
Can you please upload/refer to the stable version you are talking about? in case I made my mind up and decided to install QWT also as there will be some readers of this discussion in the future who may need it
There is a point that I did not get what should I change from 255.255.255.255 to 255.0.0.0 and for what reason?
The Netmask.
Iāll upload the QWT to the net for access.