APPVM & compromised connection

Is it safe to use a AppVM if you’re connected to a compromised network. I recently learned that updates are done securely using signatures, however does the sys-firewall protect you from a compromised network?

I want to be able to log into services & accounts without issues. I’ll be using this config:,
Appvm > sys-vpn >sys-firewall

Protection from what?

It’s no safer…for that appvm during that session…than anywhere else.

I think you might not understand the whole picture.

Where Qubes offers a benefit is not necessarily armor-coating the VMs (though it does provide some tools to do that), but rather it treats hacking as inevitiable, but works things so that the damage is limited to that AppVM, and is even likely reversible by shutting the AppVM down and restarting it, because any changes made to the AppVM outside of your user account go away when you shut the AppVM down. (If, on the other hand, the hack is to your user files (e.g., some configuration file for an app you’re running), they’re damaged until you replace them.)

This is one reason why many of us longer-time users get to the point where we have one application per AppVM. That way our document editor (usually LibreOffice) doesn’t get trashed if our E-Mailer gets hacked, and vice versa, because they’re in separate VMs. Even better is if you can arrange to run things in DVMs, because that way even a malicious change to a user configuration file won’t survive a shutdown or restart of the AppVM. (I’m about halfway to that point myself; I can probably delete another three or four AppVMs in the next week.)

Depends on what you mean.

If you are using sys-vpn to connect to another trusted network from a compromised network, then you should be fine. It should also be safe to use sys-vpn to connect to the internet, if the vpn is trusted.

QUBES will not protect you from a compromised network. If your network is compromised, then every app you run with internet could potentially be compromised. There’s no way around a compromised network.

@Iask This is not true. Qubes protects you even in a compromized network, because dom0 and Templates have no network and all updates are only installed if they are signed with the correct key.

AppVMs can also be protected, but not from every threat. @IAMPARANOID please tell us which threat you want to defend from and we can try to reply whether there is a protection or any special action is required to improve the security against that. For example, if you open your trusted email via https protocol on a compromised network, the corresponding AppVM should not get compromised.

1 Like