More practical security for Qubes (and more realistic threat model)

Where we could leverage the Qubes infrastructure, would be to setup a host IDS from outside of the VM to be audited. That is, audited VM offline, mount its volumes in IDS VM – at least for a first step, running an IDS test targeting a running VM would be cool but more complicated.


i hope this will fast and not something we need to wait for qubes 5.0 (probably 6 year or more :slightly_smiling_face:)

No, I meant what I said - normal users.
Yes, it helps if support is available when needed - I have said before
that giving someone Qubes without preparation, and without providing
support, does no favors, to them or to Qubes.
I’ve also said before that I don’t find the users on the forum a representative
sample. :slight_smile:

I absolutely agree that it’s important to be able to use Qubes without
it getting in the way.

I’m not sure what you are “strongly disagreeing” with? My experience
against your experience? With my view (based on experience) that users
can use Qubes without expert understanding?

In any case we have wandered far from the subject in this thread, and
if we are simply going to trade opinions and experience, it doesn’t seem

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
1 Like

to do most common stuff? lot of stuff are difficult to do or understand for new people and i had issue with qubes every week (yes, but i never ask anyone for help)

Please do not drag me into a flame war over this but it does need to be at least hinted at here.

In response to

“unless you have a USB keyboard” means any non-laptop configuration

is not entirely well-informed/accurate (trying not to offend but it simply may not be possible).

I build from scratch & am familiar with enough motherboards (even new, recent vintage) to know. True it is extra difficult to discover them but… Rare yes, unavailable no.

Sadly the same cannot be said for proprietary builds like 99.9% of laptops that have no PS/2 jacks and no plan to change either.

This message will self-destruct before the forces of darkness can assault me, much.

That last one. Normal users around me have trouble realizing what risk they incur when downloading random games from the net. In other parts of the world, students, which should be “above” the “normal user” level don’t even have a concept of files and folders.

1 Like

yes - although your view of “common” may vary from mine.
I mean, browse the web, read email, stream shows, play music, write
documents, use a printer, connect phone, store pictures.

Well there you are - exactly not what I said.
Qubes needs support but (in my experience) for most users the level of
support isn’t that different from using Linux or Windows.
And for most users I never talk about templates, AppVMs, or Qubes

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

this is just my thinking, not related to what you sad

No wonder they get confused with all that leaky/mixed abstraction layers. First, they are introduced to some services that try to hide the inner machinery like files and folders behind data object-driven UX, and then turns out there are still “files and folders” underneath they should learn about! All modern information management UX is a sad joke. But let’s not get distracted.


i hope this will fast

Here is how this works:

  1. You and others in the community figure out what you want
  2. You implement it and discuss it on the developer mailing list
  3. Once it works as intended you make a pull request and go through and extensive review

Alternatively you (crowd-)fund the budget to hire someone to do it.

Because the existing team has milestones and tasks many years into the future (R4.1 is just the first step in the direction of more isolated hardware).

Bottom-line: if you want something to exist, you need to will it into existence like @unman or @tasket have done frequently. Find others to help. Make it a community thing!


From my perspective qubes is already end game, and i dont need anything again, rather than wondering how defending remote attack was, i just separate my life. Like having 10 laptops (vm) in 1 laptop, and I was using qubes as identity, qubes a is anon, qubes b is my true id, qubes c is fake id and etc.

But it doesn’t mean stopping me from learning kind of attacks, hardening vm, etc. Using qubes mean i can help more people with wider topics, I believe that everyone in here is not need to take responsibility to help users, but for me, it’s kind of challange to improve myself.

I’ve mostly helped users that’s not my problem and not in my knowledge, but that’s all is really improve my skills and my knowledge.

That meme is still true :wink:

it will always true until qubes has about 75 always active developer, i guess

This is true and really sad, such an important buy very limited people are working on it

Since you mentioned logging you might be interested in this:

Sounds like you may be researching log analysis tools soon. If so, please mention any solutions you find to that thread so we can add it to the guide and everyone can benefit from them.

I’ll also be interested to see what you come up with for a Host IDS and several of the other things you propose.

1 Like

where should I look to enable Dom0 prompt me for approval of sudo bash in a qube ? Quick googling didn’t help.

I’m using Qubes again on one of my desktops. So I also interested in helping the project. Gonna apply for testing team. At least 4.1 is in testing mode now. :slight_smile:


Enabling dom0 prompt for root: Passwordless root access in qubes | Qubes OS


The resulting behavior is something like “vmName asked for sudo root, allow? yes No” or default deny and allow only in some VMs that are present in policy file with ‘vmname dom0 allow’ string?
I’ve nothing in allow policy & got ‘denied’ popups in dom0, but not the prompt with ‘yes/no’. I failed in configuration or this is what it expected to be?
@arkenoi ?

the correct configuration is “ask” policy, and the dom0 responder just silently allows everything. a simple hack to avoid making a custom dialog on dom0 side.