As I’ve been regenerating templates (going minimal) it strikes me that unless you go out of your way to make it otherwise, every VM ends up with a disposable VM ready to call up whenever someone sends you a dodgy e-mail attachment or link.
Is there a reason this is done on every qube, even templates? I can think of one; obviously if it’s set for the template, and someone makes an AppVM, the AppVM “inherits” it from the settings on the template.
But is that the only reason? I suspect so but I thought I’d ask the question. And it seems to me not every AppVM needs a default dvm either. Certainly I can’t see why sys-net, sys-firewall, sys-usb, sys-audio, and so forth need a disposable (even less so for their templates).
Am I missing something, or does it make sense for me to set it to “none” except in a few cases (email and browser AppVMs being obvious “you really need this” cases). [An argument can be made that a disposable browser doesn’t need a dvm for bad links or downloads…but even a disposable might have some information an adversary would find useful, even if only a short browsing history.] On the other hand something like Vault shouldn’t need it at all.
So is it just “inertia” (setting it everywhere makes sure it’s there where truly needed) or am I missing an actual global need in any VM for default DVMs?