I need to install discord, but I do not want to have it in the same qube that I use for communication and email. I considered cloning the template and installing it in there, but I am not sure. What I am wondering is is there any harm in installing software like discord on the same template that you use for more secure qubes? I don’t trust it (discord, other spyware), but it might be a lack of knowledge.
1 Like
you can use it from a web browser, so you do not have to install it in a template, would it be enough for your needs?
2 Likes
oh hah I didn’t even know you could do that, thank you very much
1 Like
I can’t speak for Discord specifically. However, some installers can/will have services auto-start in the background (aka “Updates Service”). Obviously, if you want to dig in and try to determine all changes the “spyware” like software makes, you can. This would be a futile effort considering they are designed to be tough to remove.
Unless you have resource constraints, I would recommend installing suspicious software in a new template and making a new AppVM from that.
1 Like
Thank you!
1 Like
Hi, I would create an isolated qube just for “unstrusted” apps or Discord, so you can be more secure. Also you would prevent any targeted attacks can compromise more sensitives qubes as your email.
1 Like
The only real issue in the template is the installer, because the application itself does not run in the template. There is no network access by default, and no user data. The app does not even know who you are or your login id.
If you are really paranoid about the installer you can just install the strace utility and actually watch which files the installer touches during the installation. First clone the template before installing so that you can roll back if necessary. Make sure you tell strace to follow all forks so that all scripts and binaries are monitored, then watch for where things are placed and what files are actually modified.
The runtime environment is actually more important at that point. The app will have access to whatever data you have in that VM. By cloning the runtime VM and launching that app the first time under strace you can then watch to see what it actually does. Once you feel comfortable with what it accesses and sockets that it opens and listens to then you might then start using the real runtime environment and remove the temporary VM’s. This should give you a little better understanding of what the app is doing and whether it can be trusted. Never trust, but verify whenever possible.
This is also one reason I always wanted the option of the SELinux extensions to be installed in the base installation. When set in the non-enforcing mode it could give immediate feedback when an application touches something outside what it is defined/allowed to do if you just had a small qubes service reading the log stream in real-time and picking out the avc error to forward back through a qubes io channel. Any clickbait malware that does anything on the system could then trigger an immediate popup avc error that could indicate that something on the system has gone rogue. The user then could then inspect that avc error to determine if the system has been compromised before any damage has been done or data exfiltrated to an external site. A single click could then create and apply a new rule to keep that specific error from happening again once its determined harmless.
It should not be very hard to set up a very lean sys-log or sys-avc VM to listen to any avc errors and give this very valuable real-time situational awareness. All that would be needed would be selinux definitions that permit the normal access and everything else running or touching system files would be monitored by default as long as they are running this service. These application definitions could then be shared by security conscious community users to help make everyone safe from dynamic malware at runtime. Its the most powerful type of malware protection in that is a default-deny paradigm but it would not actually break the system, but rather notify the user of the problem.
1 Like
There’s the crux of it. If it’s hard, busy users won’t do it. If it’s easy, busy devs won’t have the time to. Now if I can find my nickle jar…
1 Like