Hi, I am very new to Qubes and I recently heard for security and anonymity using Qubes with Whonix is your best bet. However I only want to use Qubes/Whonix for web surfing and would still like to use Windows for gaming and doing normal activities, like watching YouTube, doing school work, etc. So my question is, can I use 2 ssds instead of 2 computers? For example, can I install Qubes + Whonix on an empty SSD, while another SSD has windows 10 installed? (The Windows SSD will be my main, while qubes will just be for more secure web surfing) Or should I use a separate computer one for windows and the other for Qubes? I have a beefy gaming pc and a crappy old laptop that I doubt can run qubes. Are 2 computers necessary? If they arenāt necessary, is there some cons of just using one computer? Thank you!!
(sorry if this is a repeat question or was answered elsewhere I tried to look for it but couldnāt find one, or perhaps I didnāt look well enough again sorry)
I currently have the 2 ssd setup you just described. It works just fine, but there are a couple security considerations to take into note. If your windows OS becomes compromised, it is theoretically possible for the unencrypted /boot section of your qubes ssd to become modified. If a very sophisticated malware were to be able to mimic the bootloader it could potentially learn your qubes password and/or compromise your qubes system.
That being said, something like that happening is would be rather rare and would need to be specifically tailored to accomplish this task and in reality, for ānormalā users, it probably isnāt too much of a concern. This attack vector can also be mitigated by having your boot/luks headers on a usb, encrypting /boot or just removing the qubes ssd while using windows.
Also, from my experience, setting up appVMs for youtube/web browsing or school work should be pretty easy. (a windows vm for gaming may be more challenging due to GPU passthrough complications and is the only reason I still have windows on my second ssd)
Iām not an expert and am still learning the ins and outs of qubes and if am understanding of the potential threats of this setup Iām definitely willing to learn more from someone more experienced.
You donāt need 2 computers.
If you want a more anonymous browser experience you can solely rely on Tor Browser.
Another option would be to run whonix as a virtual machine under windows (e.g. in Virtualbox). Therefore you can use other virtual machines to route your traffic through tor, too.
The last option i see is to switch completly to Qubes OS and run Windows in HVM. But to play games this comes with a security risk which is therefore not recommended. IIRC you need to assign a second/dedicated graphics card to your HVM.
Of course a second SSD with Qubes installed on works fine too!
Playing Games on Windows HVM is not such a security risk itself. Biggest problem here is setting everything up and stability of that setup. I read many topics about it, and peoples said that if it works with AMD GPUs rather stable that making it with NVIDIA is more complicated task (and here is the security risk of installing latest proprietary NVIDIA drivers on dom0 since to make passtrough possible). Also that setup requires separate monitor, mouse and keyboard.
You may need 2 computers depending on what it is that you intend to
do while surfing, and what your security profile is.
It doesnāt sound as if you need 2, but you need to consider the points
raised by @GMartin, your general competence in Linux, and what risk you
hope to guard against by using Qubes.
If you administer a major online black market on the darknet, where the
risk would be a life sentence if discovered, or worse, then buy another computer.
(You can afford it.)
If you want to try Qubes for fun, donāt.
Find where you lie on that line, and decide accordingly.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
[quote=āunman, post:7, topic:10818, full:trueā]
āIf you want to try Qubes for fun, donāt.ā
Honestly this is probably the best advice here. I wanted to use Qubes mainly cause im curious about the deep web. I donāt really intend to do anything besides surf and If I ended up seeing something very dark I didnāt want the fear of getting caught looming over me while I did so. So I may just need to rethink everything. Thank you for this!
My laptop design makes it incredibly easy to remove and swap SSDs entirely, especially after I lost the screws for the SSD cover. Some well placed masking tape holds it in place, but when i pull on the exposed tab leading to my SSD, the plate hinges away perfectly as the drive slides out.
Iām not actually running another OS, but if I did, depending on what it was or how I was using it, iād still be wary of the possibility of BIOS attacks.
Probably not anti-forensic or totally RAM safe. Shutdown and battery out in between just in case thereās something which can scrape ram from the session of machine A to machine B.