Qubes: Antivirus?

can you elaborate, please. i saw in many website, they sad you can disable amd psp in bios. however i expect it will only disable “the part that when disabled it will don’t create noticeable different”
a

Thanks, makes sense. However:

what would happen if you using bad dns and the website go to the malicious one that look exactly similar

Any way to exclude that? Would the link be exactly the same as well?

because you are comparing like that, tails is better

Security-wise? Why?

  • You can’t run several at once.

Right, but it isn’t recommended either to run several Qubes at once, so I see no difference here.

  • It’s difficult to transfer data between them.

You could just take another USB stick for that.

The rest makes sense, thanks!

All clear. I don’t understand the following answer, though:

Is there any electricity running through your USB stick? You’ll know the answer to your question based on this.

I’ve heard you need to install another BIOS to be able to disable it, is that right? Because mostly, it’s not available to be disabled by default.

Also, do you think it has any serious upsides disabling it? It might increase your fingerprint more than necessary (correct me if I’m wrong).

BIOS does not contribute to your (online) fingerprint. See here and here what does.

Proprietary software tells you that it is disabled. Do you trust that?

3 Likes

Proprietary software tells you that it is disabled. Do you trust that?

Well then, regarding to what you said before, it can only have upsides I guess.

yes, completely same, no different at all even when using “unicode inspector” and that same link could go to real website in different computer

what i comparing here is anti-forensic

that for amd only and you should don’t trust that

who know? not me

  • Computers run on electricity (at least, they do at the time of writing this post)
  • When you plug in a USB device, your computer is so generous that it will share this electricity with the USB device, powering it.
  • This electricity allows your computer to interact with the USB device.
  • Without electricity flowing through your USB stick, you can’t read/write anything on it.

Can anyone interact with files on a USB stick when the USB stick is in your pocket, not plugged in?
No… :expressionless:

I’m sure you understood this. You’ve probably just never had to think about it this way before…

I should think it would be easier and more secure to just create backups of your templates. That way, if anything goes wrong in any of your VMs, you just delete the compromised qube and spin up a clone.

AV isn’t even recommended for mainstream distros. As I understand it, one of the reasons Linux doesn’t make heavy use of AV is that all AV software, by necessity, requires root access to do its thing; which means if the AV is ever compromised, the malware has unrestricted root access as well. Thus the AV is an unecessary point of failure and the Linux philosophy is deny root access to any and all installed applications by default.

That being said, you do you if that’s what you want to do. Under no circumstances, however, would I ever install AV on dom0. That’s a f***over waiting to happen.

If you’re PC itself is already infected, antivirus isn’t going to help you. You need a new computer (imx).

from security side, correct
but from privacy side, where you place the backup also matter

not all av do that
but if the av need permission, it will have even more permission than root, it can preventing root user to do something

how good are you in tech? you in most of the time just need to reinstall that computer

How does it matter? The Qubes backups are encrypted and even the names of qubes are not in plain text. What would an attacker gain by looking at those files? (unless you don’t trust the encryption technology)

Even though you are technically right, this is not so simple at all. When you connect your USB, you cannot be sure that your computer isn’t owned. It’s not relevant what happens when take it out. See BadUSB.

Yes, you should install Coreboot (or other open-source alternative) in order to trust your BIOS more and possibly to disable Intel ME. You cannot do this on modern AMD.

Oh, for sure. Absolutely. You plug it in, it basically becomes a part of your machine until you unplug it…

I meant when it isn’t plugged in, nobody can really interact with it. :sweat_smile:

You cannot do this on modern AMD

Yes, but you can disable the PSP. I’m not sure if it has upsides and can be trusted, though.

Yes, sure. But my question was if there is risk if I am offline, not when it’s plugged out.

There is always a risk, no matter what.

If i was to write some malware that was specifically designed just for you, with the intention of getting your files on your USB stick, and my recon showed that you do sometimes take your computer offline; then I would factor that into my malware.

For example, I would make it copy the entire contents of any block device matching the description I defined (your USB stick). I would then get it to encrypt those files using my server’s public key (so you couldn’t recognise them), and either store them in your RAM, or somewhere obscure on your boot device.

Then, when it detected a network interface, it would send over those files to me.

Just to be thorough, in case the network interface only had LAN access, I would then instruct the malware to propagate itself onto all network devices, with copies of the encrypted files, in the hope that one of them would eventually make its way to an internet connection, and then send it to me.

(This was less about accuracy about what malware can actually do, and more about trying to get you into the habit of realizing that there is ALWAYS a risk)

reason that amd hardware can disable psp is:

Shortly after SA-00086 was patched, vendors for AMD processor mainboards started shipping BIOS updates that allow disabling the AMD Platform Security Processor

All the more reason to avoid it.

Same thing

Do you recommend disabling it?
And what BIOS update do I need to do so? Haven’t found any more precise information about that.

depend on how you trust that
you should disable that because it with disable psp at “some level” in “some motherboard” and “some cpu model” although not everything (still better than nothing)

don’t think me using amd cpu (apu)
that picture is cut from a research paper