Is there a way to run Windows 10 without sys-net and sys-firewall, i.e. over Dom0 with direct access to the Wifi device and usb devices? I tried to connect the wifi device to a Windows 10 Qube and failed to do so.
The purpose of this setup is to avoid Qubes OS from being detected (stealth mode kinda; no Linux machines sending signals). And running Windows 10 Qube based off a Windows 10 template delivers some security since the system refreshes on reboot and any viruses removed. This setup is suitable for some threat models.
I suppose that if you can install Windows 10 using HVM mode, then you can assign it network and usb devices, and even use it as a sys-net.
I thought that you were supposed to install Windows in HVM mode. At least that’s how the guides read. Of course if you want to run isolated (as I do) make sure to assign no network devices to it (it would conflict with sys-net if you did assign devices to it).
I thought that you were supposed to install Windows in HVM mode.
Correct. PVH or PV mode isn’t supported for Windows.
The purpose of this setup is to avoid Qubes OS from being detected
Can you explain your threat model further? As in, who you are hoping
to hide this from and what their capabilities are?
Windows 10 template delivers some security since the system refreshes on reboot and any viruses removed
Not necessarily. If you create a AppVM based on Windows, malware can still persist in the user
partition. Yes, you can create a Windows-based DispVM, but this could present usability problems
depending on your workflow.
with direct access to the Wifi device and usb devices?
Before you start reassigning devices, ensure your Windows template has the drivers
for your hardware installed in it. Make sure you don’t get it infected during the
setup process, as that would thwart all your work. Next, power off sys-usb, sys-net,
or whatever qubes you have assigned your network and usb controllers to. Then,
assign them to the Windows qube, following the documentation’s remarks on device handling.
That’s how I’d go about it, let us know if something goes wrong.
it would conflict with sys-net if you did assign devices to it
Only if you have a device assigned to more than one qube aaaand
try to have those qubes running simultaneously.
I have Windows installed and I assigned to it the wifi, but the wifi wasn’t recognized. It could be a driver issue, althouth it seemed it didn’t detect a wifi card to start with.
The objective is for an adversary not detect Qubes running based on the update check signals or any other signal coming out of the QUbes laptop. This could be useful in some circumstances where an adversary oversees the whole Internet network in a country and have advanced network analysis/inspection which most states do. This person would not be able to run TAILS either. They need to blend in. If someone needs extra security but doesn’t want to be identified as running Qubes, and workflow permitting, then a disposable Windows Qube running on top of Dom0 could be an answer.
I suspect this would be true 90 percent of the time (i.e., one network connection which goes through sys-net which will be running simultaneously with windoze unless you specifically stop it) …but yes, good on you for making that explicit!
I duck the issue by running windows offline–a very sensible thing to do when it’s windows 7. Until now, it never even occurred to me what would happen if I (on a one-network system) were to try to do otherwise.
Even if you run Windows with
sys-firewall as its network connection, external tools like Nessus will recognize your system as a Windows machine, not as Qubes. So at least unsophisticated adversaries may be fooled. But, of course, you should never assume your attacker to be so dumb as to be fooled easily.
If Windows will not cooperate with your wifi, a workaround is to use
a usb-to-wifi adapter. Assign a USB controller to the Windows qube, then attach
the adapter to the controller. Install drivers if needed.
You simply cannot hide the fact you’re using Qubes. Just run task manager and device manager, not to speak about other modules of computer management, inspect them and you’ll know what I mean.
@oijawyuh If safe to do so, could you elaborate more on the use case?
From all opposition, all the time? No.
But against basic traffic analysis, like in OP’s threat model, I think yes.
If you live in a country where the government has the ability to monitor all Internet traffic (most countries in the world?), and if using Qubes OS will alert the government, and if Qubes OS is detected by the government, then you wouldn’t want to use Qubes OS.
But if you can make use of Qubes OS to at least have a Windows machine that, if hacked, the hack won’t persist upon reboot, then you would have taken one step towards a more secure OS, while still blending in the traffic.
See what @tempmail posted on this thread. Given the way global passive adversaries like to do things, feigning Windows most likely won’t help you much. If “they” are interested in reinfecting you, the same “they” will probably land a drone on your roof and tempest-sniff your screen.