It’s not about USB attacks, but about persistence of a qube compromised by USB attack.
I understand but data in a disposable qube is equally vulnerable to data in a non-disposable one. So, even if (for some peculiar reason) one backs up the disposable data, it can still be compromised just as much. Also, if a USB device is malicious, it will most probably be persistently malicious, i.e. next time a disposable is connected to it, the situation with the qube and the data on it is the same. IOW the only protected part of the qube remains the operating system of the qube which seems of limited importance if the malware persists.
What USB attack?
One which modifies/transmits data in an unpredictable and unexpected ways, or represents itself as a different device (BadUSB) with its after effects (including the possibility to type ‘su -’ and flash the firmware of the host with an infected or dysfunctional version). I still can’t find docs explaining how exactly Qubes OS can prevent such an attack, once a device is attached to a qube.
From your external backup USB drive?
From the USB interface through which it connects.
If so, why would you backup to it at all?
Because, as I explained, the computer I am running Qubes OS on has limited connectivity options. If you have any better idea how to backup a mini PC with only USB and Ethernet ports, I would be glad to know about it.
What (qubes) exactly do you want to backup and where is that 50-200MB? In all qubes? What is, for example those 50-200MB?
qubes storing my own work - documents, images, scripts, personal data, etc. I still have not configured everything but perhaps a good set up may be:
- personal data: offline (no network) qube with minimum amount of software
- work files: other offline qube(s) with software necessary for processing those work files
The idea is not to expose data to anything which is not necessary.