I’d love a version of Qubes in which only the active window can see what you are typing on your keyboard. Hypothetically, if someone were to connect to one of the net qubes then they could monitor your keystrokes and potentially learn your passwords for different websites.
It already works like this.
2 Likes
It works like this in terms of qubes but not windows: The Linux Security Circus: On GUI isolation | The Invisible Things Blog
– which is good enough.
2 Likes
Correct. That’s the point of Qubes.
No, that’s completely false. If that were true, then what would be the point of having a separate net qube, or any separate qubes for that matter? There wouldn’t be any point. It’d just be a waste of resources, and we would all just go back to monolithic operating systems.
What you described is actually how almost every desktop operating system other than Qubes works, and solving this problem was one of the main motivations for creating Qubes in the first place:
Yes, but he specified “if someone were to connect to one of the net qubes,” which indicates he meant a different qube, not just a different window within the same qube.
4 Likes
I would like to see a “Qubes light” that comes from the opposite side in a way:
Fix/improve security for the blaring holes in everybody’s machines by complete lack of compartmentalization rather than worrying about super-hard-to-exploit things like firmware. Many of those are impossible to avoid - even according to Qubes’ own documentation are a compromise already. I would really like to use Qubes, but it’s practically impossible to install on any of my machines (“normal” Lenovo’s) even with detail Linux knowledge. Which is by design, I understand, but it would be nice to have a version which is more forgiving for the things we have to live with and allow me to run VM’s for firefox (private/public), email and so on - despite the fact that AMD might potentially expose some firmware exploit. We need to “trust” Microsoft, Intel, AMD - if we like it or not, but we don’t have to trust a million other random players - that would make a big difference.
1 Like
i installed 4.2 on a thinkpad T470 and upgrade it to 4.3rc1, it work like a charm and we can’t say it’s a war machine lol.
Before that i had a dell precision M6500 and 4.2 was working very well. Now i have an HP zbook G4 and idem, work like a big charm 
Precisely, the core principle of Qubes is to never trust—that’s what gives it its strength and makes it so secure. 
2 Likes
All those companies well known for collaborations with national projects and directives.
I wish to see QubesOS for mobile, smartphones already at point they have enough computing power for running virtualization of few VM’s.
But for security reasons we most carry at less 2 devices at time.
2 Likes
You would have to trust your smartphone.
https://www.bunniestudios.com/blog/2019/can-we-build-trustable-hardware/
However, it would significantly reduce the weight to carry around. 
1 Like
I would like a tool that can turn distro installation iso files into qubes templates. I’d like to go to distrowatch, pick a random distro, download the installation iso from their website, feed it into this tool, step through the installation program and then save a qubes templateVM that I can play around with.
5 Likes
Which is exactly my point: CPU with “management processor”, network card, and a plethora of other devices we have no choice but to trust as there are no open source alternatives. Even Firefox I have to trust as I have no way of personally reviewing all the code. Qubes community I have to trust, just like Ubuntu and whatever else.
Even Qubes has no choice but to trust AMD, Intel, Broadcom etc. not to include backdoors into their hardware/firmware products while they easily could. But some random website placing cookies and running java in my browser - which can see all files on my drive just like I can, which can access the display (screen sharing in zoom…) - those would be a first step to prevent. Especially consider this: If AMD really placed backdoors, keystroke sniffers or rootkits - this would be serious criminal offense and word (for example from a discruntled ex-employee) would get out sooner or later. But random websites, even well known ones, have repeatedly been known to take liberties with data protection and were subject to hacking themselves. Therefore, I (personally) rate the chance of an AMD/Intel/Broadcom rootkit very low (at least when you’re not Edward Snowden and have FBI and CIA in hot pursuit) - while browser and email known to “try something” basically constantly. It would be nice to be able to allow websites to place their stupid cookies and tracking crap without having to go through a list of “legitimate interest” every time I want to read some piece of news. Fine - go ahead, track my disposable VM!
What I mean with “need to trust” is not that we should - but that we have no choice.
On the installation part: If have tried for the last 10 years or so - every time I got a new machine (which is every 1-2 years because I literally wear them out) I first tried Qubes before falling back to Ubuntu. I never gave up easily, spent at least a day trying and trying again. Also this time - and got closer than ever before. I had a machine with even the network almost working - but every single thing was super slow, repeated black screens and a network almost working is a network not working - all the while something was working really hard - the laptop was too hot to touch and the fans were preparing for liftoff. Since i have to do actual work, I can’t spend all this time and energy - even though I really want to. I work in computer science myself and need a fast machine, as fast as possible (for a while I even had an actual watercooled workstation made into a carry-on case for demos). My point is that I think it should be possible to have the best of both worlds - by approaching the subject from the other side: As much security as reasonably possible under given real-life constraints.
Computer open source exist, but expensive 
Volunters people help to examine the code, something they can’t do it with close source.
Open‑source browsers and/or email clients have no incentive to “try something.”
forces sites to do it; it’s the law. You need to know who might be observing you and decide whether to accept (or reject) that monitoring.
Anyway, this conversation is not the subject off topic.
1 Like
Agreed, the subject was “what would you like to see in Qubes” - and that’s my answer, that’s what I like to see
If I can’t have that as that’s not the goal of Qubes - fair enough.
I would like Qubes to display a notification message if someone has hacked into one of my qubes.
Hear me out.
I am not a computer scientist and do not know the particulars of how such a feature would work. But I can make a proposal and people with more knowledge than me can then add to it.
Here is my proposal:
I would like a dom0 cron job that runs AIDE on each running VM once a minute and then displays a bright red notification if something has unexpectedly changed.
Unfortunately, such feature is not technically possible. Maybe with a team of people looking at anything suspicious from some Intrusion Detection System (IDS) running in the qubes would report, but this requires a team of security operators 
This does not guarantee anything, an attacker could alter AIDE command to return “everything is fine”.
Also, AIDE is not really helpful and would only report against some attack. Most common attacks will leverage the web browser, all these files are usually mutables (they are meant to change over time), so running AIDE on them would not help either
Running an antivirus would be much more effective, but on Linux the most used antivirus, ClamAV, is pretty bad due to the lack of investment.
3 Likes
I’m not an expert on AIDE. Based on my limited understanding, if the AIDE snapshots were stored in dom0 somewhere and the AIDE evaluation was done by dom0 and not by a daemon in the Qube, then an intruder would be detected? Is that correct?
Most common attacks will leverage the web browser,
How can I protect against this if I have to visit a website that bans the tor browser?
Use a web browser with hardening (like no javascript by default, no CSS, no fancy feature), run it in a disposable qube so any kind of malware would not persist between two sessions, dedicate disposable qubes instances for different websites, restrict the qube firewall network to port 443 only (udp and tcp nowadays).
Of course, this can not protect 100% against every threat, but it’s the best you can achieve to securely use a web browser, but it also depend against what you are trying to defend.
Absolute and guaranteed security is not achievable, you can mitigate risks, accept risks, reduce risks, but not remove the risks.
1 Like
This would be quite complicated. dom0 would need to access the qubes files without passing through the qubes, otherwise you would not be able to trust the retrieved files, this might also be an attack vector toward dom0. This mean, dom0 would have to access the raw disk and mount it somehow, which can create problems for a running filesystem, and might also be an attack vector toward dom0.
1 Like