If you think the templates should have internet access, you should re-read the information about Qubes again. You fundamentally are missing how Qubes works and what it does.
The templates are like “Original Operating System ISO” but it’s a special version for Qubes. You download templates for Qubes. They should never have internet access.
sys-firewall and sys-net are not templates, so when you allow internet access, it doesn’t affect the templates which are different things
VERY BAD!!!
Okay so my QubesOS vocabulary is obviously lacking greatly
I mean the qubes, the VMs, the tiny little computers within the computer on top of XEN — they will have internet access
So when I enabled say sys-USB it didn’t change the template it only changed that qube VM? So the same would be for sys-Firewall and sys-net … ?
Is it called these?
• Xen is Dom0?
• Templates are templates?
• the windows launched from those templates are then what, “VMs” or are they called “qubes”?
It’s wrong.
There are videos on YouTube that probably explain the basic concepts and an invidious instance you can use?
We aren’t that different:
I also dislike reading documentation but it’s important to do so you understand the basics.
Read the documentation anyway? Smart people who made Qubes or are connected to the project made the documentation so new users can understand.
A window is launched from a VM based on a template. dom0 is not Xen. Saying a template is a template is tautological… 1=1, 2=2, etc
I am not trying to discourage you. Qubes is incredible and it’s hard. Just read through the documentation a little bit more so you don’t do something like accidentally open a cool new file called that is actually a backdoor hack in a template?
You also need to learn how to verify SHA256 signatures if you want to correctly use this to prevent being hacked or only install from repositories (not including snap in that for obvious reasons).
There are articles and videos on YouTube on how to compare SHA256 signatures. You need to learn how to download things in templates and use them in VMs. So much of this is covered in the documentation.
I am asking here if a vocab list exists or if all is currently mixed-in
I agree
I am not here to learn right now
I am here for survival and therefore do not have the luxury of taking the time to learn. I will learn later if that makes you feel better knowing I will eventually but this is not my current priority
I wouldn’t be here, no offense, if I didn’t have to. I knew of QubesOS existence for a decade now (its a decade old I believe finally); never once had a reason to touch it let alone learn it until now. I knew of it, which luckily gave me better choices in my current situation
So there are different parts of each VM. The part that comes from the templates and gets reloaded each time and the user files.
For sys-firewall and sys-net, they are like their own little computers. If someone wants to hack you, they may need to hack those first. Because you don’t really do anything in those VMs, it’s hard to hack those, especially because they reload the original OS each time, preventing someone from doing something like getting into the OS, escalating privileges, and finding a way to remotely control your computer.
You do other things in other VMs.
Let’s say you want to browse the Internet. You open up a Tor in it’s own VM, it’s own computer, based on a template.
You then open a webpage containing malicious javascript designed to hack you and it’s a zero day exploit and Tor doesn’t protect against it.
The evil hackers have now compromised this VM. Then you close the VM. They haven’t compromised dom0 or the other VMs or templates. You delete this VM because you think it’s compromised. You create a new VM.
Sometimes people will use disposable VMs for things like Tor because they are more likely to encounter a malicious javascript exploit while on the Internet. As soon as you close it, the entire computer is destroyed. (Although it could be recovered if you haven’t applied the Ram-based qubes guide, which is advanced.)
Let’s say you find a new file. It’s a cool new program and you want to try it out. You put it in a VM and it turns out when you run it that it’s a trojan. Only that VM is compromised unless it’s an incredibly good trojan.
Qubes protects you against non-specific threats in which you aren’t targeted personally. If someone is targeting you personally, they can probably hack you if they are smart enough if they know 0day exploits in Debian or Fedora. There are also possible firmware level exploits. It’s still better to use Qubes.
I am aware of that
I always look for GUI tool warez first before actually doing it especially if I can also avoid CLI (command line)
Have you ever considered though, that the documentation may still be confusing for newbies? Hence my quoting of said documentation upon further clarification of my original question above that started this post thread lol
Each VM in Qubes is it’s own virtual computer that is based on a template which is like a special type of ISO that allows a fast install of the entire operating system. The templates can only be updated in ways that make them harder but not impossible to be hacked. You never connect a template directly to the Internet because you then bypass this special way to update the template. There are also special ways to install software in templates that allow you access to the software in the VMs. You don’t need to understand all the vocabulary. It takes a few months to understand the basics and it’s normal unless you are a computer scientist. I am also not a computer scientist. You’ll do fine.
Good to know
Yes, I am being CyberStalked and targeted by the hacker who is CyberStalking me … he may or may not know how to exploit QubesOS. He certainly does know how to hack Debian distros and BSD distros I know that which is why I am trying to understand what I can do about it and why I am asking really “dumb questions”. I would rather look completely stupid than have him own my new QubesOS build, as I don’t have the money after he stole it all to be replacing equipment again.
So you can open up something like your debian template and type sudo apt install gtkhash or in Fedora sudo dnf install gtkhash and then you can have that tool in your template.
yes, sorry if I seemed critical.
Do you have a link to the resources that has these instructions? As I will be doing this soon. I want to have a iso of KickSecure as one of my templates to clone for multiple VMs
That’s lovely and all, I just need to get back online with hardened security so I can make $ before I starve and become homeless from defaulting and not paying property tax after being robbed by this hacker … as said I will learn later but not now. Sorry not sorry if that offends you or anyone, but the real world will use Qubes as a solution sometimes not as a flex academic exercise of hypotheticals. I am under a real world threat and here because QubesOS likely solves most of it
In that situation, you may want to use minimal templates for you sys-net and firewall VMs. minimal templates are harder to hack because there is a smaller attack surface. That’s an advanced topic so learn fast?
You can also use operating systems that never save anything (unlike Qubes) if you are concerned about that.
You should stop using home internet if the person has your IP and get a new MiFi that is not in your name if possible. Cellular networks usually rotate the IPs Make sure you do not have a fixed IP. It’s better if everything goes through sys-whonix then.
Normal websites linked to you will be hard to access through sys-whonix so you may want to try to get static IPs and connect them to whonix to access those sites. This is harder to do and it’s not really in the documentation.
If you have a hacked phone, they may be trying to access your network through that. Make sure you don’t have weak points connected to your network. Don’t use default passwords. If you know Debian and BSD then you probably know all that.
Wait I’m confused by this
So I make a VM of say Debian
Then from that little Debian computer I install?
I thought, actually I don’t know yet as I haven’t yey hooked it to the internet, I imagined I would have to open Terminal as my user name which means I would be in Dom0? Then have it installed?
How would I install from a VM to a Template? What? I am so confused now
np
You may want to use Tails while you are learning Qubes?
Tails takes almost no time to learn, everything goes through Tor. You can probably learn Qubes faster than I did. I’m not that good at all of this. I am just someone here in this forum. Most of the people here are smarter than I am.
You have to install the applications in the template. Then you refresh the VM to see the applications from the template.
You only install from the Template.
Again, Tails could be better for you until you understand Qubes entirely.