leo493:
It’s stated in Qubes Windows Tools (QWT) | Qubes OS
While Windows qubes are, in Qubes, generally not regarded as being very trustworthy, a possible compromise of the Xen drivers used in Qubes Windows Tools might create a risk for Xen or dom0 and thus be dangerous for Qubes itself. This risk may be small or even non-existent, as stated in QSB-091.
And it’s stated in the QSB-091: qubes-secpack/QSBs/qsb-091-2023.txt at master · QubesOS/qubes-secpack · GitHub
Dom0 is not affected, even though the qubes-windows-tools package is
First says that dom0 may be compromised, and seconds says no. Does the first says that dom0 may be compromised becuase Xen bugs exist anyway? Does installing QWT add to that probability (i.e. increases the chances of fatal Xen bugs)?
When reading the documentation on main site , it says:
Due to the security problems described in QSB-091 , installation of Qubes Windows Tools is currently blocked. … While Windows qubes are, in Qubes, generally not regarded as being very trustworthy, a possible compromise of the Xen drivers used in Qubes Windows Tools might create a risk for Xen or dom0 and thus be dangerous for Qubes itself.
However when I go to QSB-091 and read from there, it says:
If the Xen Project’s Windows PV Drivers …
leo493:
The Windows 7 standalone will never have NetVM. So, doesn’t that mean the maximum that can be done in it, if it got compromised, is that it deletes in itself? and nothing worse can happen? If yes, and fatal Xen bugs don’t get increased when QWT is installed, then I think I’ll install QWT. Because what exist in the Windows 7 standalone is backed up anyway.
If it’s a malware that can’t break the virtualization, it’s in offline qube and you won’t copy the files from this qube to other more trusted or networking qubes then it can only mess with the data inside this qube.