I do have a couple of years with Linux. I am using Mint now.
I am a noob with Qubes. I can understand its philosophy.
However I have no idea how to use it wisely.
So after installation what updates or other installations should I do?
Is there a step-by-step list somewhere of what to do after installation?
Reading through many of the posts just confuses me, they are too advanced.
Kudos to the developers.
You should put your threat model on a paper and then read for example this:
and from there follow the links on that page. The biggest security mistakes are made at the beginning, remember.
Critically think about what you are trying to achieve first before moving forward with any roadmap.
Hi @Torpedo
Most times I agree with everything @FranklyFlawless says, so you could do this:
âŚbut (the subversive viewpoint) you could just start by having a play around, to get your head around the whole concept of Qubes.
Play with disposables, surf some websites, and see all the cookies, everything it downloaded, and everything else just disappear, when you shutdown, or kill, the qube.
Try some âcopy/move to vmâ, to see how to save the stuff you want from those disposables.
Look at the other qubes already set up, if you did a default install. Take care not to shutdown sys-usb, if youâve got usb keyboard, but you can pretty much start and shutdown all the others. Work and Personal are âapp qubesâ where data and everything is persistent.
Run Qubes-manager - no need to change anything to start.
Check out how sys-firewall and sys-net chain together for regular networking of many other qubes⌠but not âvaultâ. See how the Whonix qubes work together for networking, if privacy and Tor is important to you.
Try cloning some qubes, create and remove some. Notice that a qube doesnât use much space. Why is that?
Remove networking from one, to make your own vault⌠with a different name of course.
Have a look in âSettingsâ for one of your qubes.
Thereâs a lot in there⌠you can break stuff with those settings, so do it now, before you put your valuable data or passwords in. Or at leasr start trying to understand how it all works. Why do some qubes have things in the right hand column under âDevicesâ, what are all the other tabs about?
And while youâre playing, have a think about what you want and need to do, and what data and activities you need to keep safe or private, or separate from each other. That is what will maybe turn into your âthreat modelâ, and then you can work out how to divide things up, and maybe have more of an idea what folk are talking about in all these posts.
Have fun, and break stuff now, while you still have that installation key, so you can just wipe it all and start again. It will all help when you come to do what @FranklyFlawless and @corporateblush suggest.
Weâve got some âbeginnerâs mistakesâ posts around here, I think. Quite a few folk say âI made 50 qubes and templates, and it was too manyâ. Some spend ages making complicated setups of networking. Some people need all that, but simple is good too.
And donât forget to check out qubes-backup, and restore. You know why!
âŚand last of all: donât be afraid to ask any questions here. Sometimes a thread gets a bit flamy, but itâs really quite friendly.
You can update using the Qubes Update too. You can install software in the templates just like you would do in Mint.
Is there a step-by-step list somewhere of what to do after installation?
No. Just create and use VMs depending on your needs.
Is there a step-by-step list somewhere of what to do after installation?
The âQubes gameâ is driven by the desire to make the applications you use more and more secure, and, optionally, more private or even anonymous to use. At least for me, âusingâ Qubes is a somewhat never ending journey. You always find some new funky thing to try out to make your setup even better. This is generally how IT security (and privacy / anonymity) works - its a process, not a solution.
You identify which applications you use and for what. Emails â thunderbird, Browser â surfing the web, banking, forums, bla⌠Gaming. And so on. Thne you compartmentalize those - the default installation gives you the most simple approach to this (private, work, untrusted, sys-usb, sys-net and sys-firewall).
So the first step would be to map out what apps you use and install those in those default VMs I would say, then migrate any existing data you have there. After this you are already quite much reasonably secure.
Then understand how backups work, and do backups.
After this you start tinkering with additional security, like for example setting up a VM for a VPN.
Then you look at sys-firewall and you may think âwell thats a bit heavyâ. So you can look at solutions like the mirage firewall.
Then you look at sys-net and may think âwell thats pretty network-managerâ, so you might look at solutions like sys-net with OpenBSD.
Then you might look at your private Qube and think âwell thunderbird just had a billion remote code exec CVEs published, that should probably not sit next to my private banking browserâ, and you move thunderbird into a custom âmailâ VM.
And then you continue this forever 