What's the future of QubesOS Default Security Configuration?

General Discussion
1

Hello,

I’ve been using QubesOS for several years now and I wish to express my endless gratitude by saying that this is bay far the most convenient, useful and comprehensive OS I’ve ever saw. The ability to create new templates and VMs or clone the existing ones so easily is a true life saver in production. There are so many other useful features that I could really write about my gratitude for a very long, long time. :slight_smile:

What worries me the most is the default security configuration - profile shipped by the default with QubesOS ISO which provides an interesting surface for various exploits.

To illustrate this…

If we could even trust the general recommendations such as Protection Profile for General Purpose Operating Systems, then the default Firefox profile configuration simply fails in almost every aspect. All of this issues could be fixed but what about the typical QubesOS end-user that do not have the necessary skills to handle this?

If the PCI-DSS Control Baseline even means anything in the modern world of security, then the default Fedora profile configuration check fails at the most simple aspects. [please see the attached report ]

Screenshot 2023-01-12 at 17-47-08 xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_pci-dss OpenSCAP Evaluation Report
Screenshot 2023-01-12 at 17-47-08 xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_pci-dss OpenSCAP Evaluation Report1458×2949 291 KB

Looking further, if we do know that the VMExec service is a very dangerous option and that there are just few cases when it could be used safely, then why is it allowed by the default event in dispvm? And how do we expect for the non-admins to know all this or which steps they should take to fix this? If unlike Windows we wish to have a reasonably secure operating system, then why should the end user be the one responsible for adjusting the system with basic security standards?

To conclude, it’s very exhausting for the end user to address this issues on a day-to-day basis having in mind the upgrades and patching process. So the real question is: do we have a long term plan that would allow the end user to pre-select the security policy level over system usability or is the end user who is condemn to reduce the security risks on his own, modify and patch the entire system on day-to day basis?

Thanks in advance!

2

Why twice same topic?

5

Closing and unlisting this thread in favor of its cousin.

Please don’t post duplicate threads @gehekal580. People will reply if they see fit.