This system is quite a challenge tbh, but I made it working tho I have some questions regarding how it works… hope you can clarify some things for me and pleeeease, don’t be shorten on words, as I don’t understand the whole lot of things related to each and every question in here.
So I’m reeeeally confused regarding the sys-net thing, I don’t really understand like why it has open access like that and why does the proxy use sys-net directly and not the sys-firewall, I mean I read the docs and all, but doesn’t this makes it more risky to update like that?
Also it’s not clear to me on why is it “Qubes method”(or whatevet) is to assume that the individual VM is already compromised… like how, why… I mean, if my VM is compromised then why would I need Qubes from the first place… like it’s gameover…
There’s that thing Split PGP… It says that the another VM will be responsible not only to hold but also to decrypt/encrypt the message? So… like I open the message in the Split PGP VM at the end or does it goes back to the original VM and then I open it? If it’s the latest, then it’s gameover same as with question 2, if it’s the first case, then all my PGP keys can be exploited… no?
I can’t stand that xfce look… switched to KDE but I have these ugly window colors like red, green… I don’t wanna install anything in the root domain, how do I get rid of them and use default plasma theme, there’s like only some plastik theme and the default with colored windows?
the proxy is in sys-firewall, did you find a documentation text saying otherwise?
Opening a file by mistake or being tricked can happen, in that case you would notice it and you know exactly what was exposed. I think the wording isn’t really good, I’d more say that with Qubes OS, when you will be victim of a malware / attack, you know exactly what is at risk in each qube. While all other traditional OS have everything under a single user account.
it’s on purpose, I think it was discussed a month or two ago, it’s not possible to disable it AFAIK, it’s by design to not mix qubes windows
So there are 2 interrelated things that Qubes facilitates which stem from the assumption that any VM could be compromised at any time:
In particular, it contains damage by separating things. If a piece of malware is able to infect a VM that you use to watch movies, it will not be able to steal data from a VM that you use for work or the VM that you use to connect to your bank. So it’s game over for that VM, but it’s not game over for your entire digital life.
It allows you to manage risks by deciding how much risk you are willing to accept based on the context you are acting in. You might decide that running a random program which claims to be a fun game is acceptable in a VM that you only use for browsing random sites, but not in the VM that you keep your password database in. Different contexts can tolerate different levels of risk, allowing you to take greater risks that are more likely to occur by limiting the damage that can be caused if they do occur.
For a more grounded example, consider that there have been incidents in the past where people have found ways to spread malware through ad networks (that is, someone purchased ad space and uploaded a malicious file as the ad, not that the ad network itself intentionally attacked people, this article from AVG discusses it further). This means that there is some risk associated with visiting a news website that serves ads. This risk is not so great that it makes sense for people to stop visiting news websites all together, but it is a risk. By keeping a separate VM that you use to visit news website from the one that you use to visit your bank’s website, it is easier to accept the risk of ad-based malware, and if the risk does occur then the damage will be contained.
you must use the scripts. I don’t think there’s another way.
I use qubes-color-add and qubes-color-del. You just have to add gtk-update-icon-cache at the end of the scripts, put it in /usr/local/bin folder, and run the command in Dom0…
I had /usr/share/icons/hicolor it’s ok for changing color of existing qubes and new qubes BUT it’s doesn’t work for Standalone.
I tried by creating, by changing colors. creating new qubes, disconnecting/rebooting.