The answer is yes under the circumstances @427F11FD0FAA4B080123 described.
By taking advantage of Qubes’ features you minimize that risk significantly. Some measures include:
- web browsing only on disposable VMs
- open PDF in disposable VM
- edit word and presentations in disposable VM.
Essentially anything that avoids running programs directly on your (non-disposable) AppVM is a good mitigation. You can think of AppVMs as the hub which you only use to see the file explorer and open files in dispVMs.
Of course, here we are never talking about malware that can punch though the XEN (the virtual machine manager), which is harder to pull off.
Why does this happen?
Note this is a not very technical explanation and clearly sacrifices technical accuracy for clarity.
For AppVMs your /home/ is persistent but programs are inherited from it’s templateVM.
Although it mitigates against traditional malware that tries to persist in the programs, it’s not entirely accurate to say that it can’t persist across reboots on the /home/ folder.
One particular example is the program /rw/config/rc.local which is persistent across reboots, and is executed every time your machine boots.
I believe the following work by @tasket includes some mitigations against this, but I think it’s a bit advanced and the above mentioned mitigations should be already a step in the right direction.