Why the system is more favorable to malicious attackers and not users

It is way more easier to hack someone using tools without knowing much but harder to implement security for your systems, you almost need a f*ing degree in network security and still there will be something left to secure. The hacker eco system is so well developed that someone with basic knowledge and right tools can hack you. Where as to protect you have to know the system down to hardware. Why is it that someone cannot just browse internet in peace. And why the heck do i always hear that it is just not possible to tell that your system has been compromised lol. only hackers can tell if the system has been compromised? The whole system is more supportive of hackers than victims

There are so many fronts that you have to secure just for simple browsing. And there is still looming threat that you have been hacked but you dont know.

Just to implement few changes in qubes you should be well versed in linux systems or cli, how then will such secure system gain widespread use. When using it is pain in the… No wonder people stick to more unsecure systems like windows. What is this obession with command line, I dont get it. Why cant it be made simple for average user to use a secure systems. Why are systems inherently flawed and has so many vulnerabilities.

Barrier to hacking a system is low, where as barrier to secure is so high that most stopped caring.

1 Like

Majority of the threats been there for ages but still there hasnt been any effective solution. All you can do is to rely on third party softwares for which you pay and still they are not enough to protect you!!! VPNS, Anitviruses and what not but still not secure, cant even tell if your system is safe.

It’s easy to use Qubes without the command line: it has been for years.

Everything you say is nonsense, and shows you have not understood how
Qubes provides security.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
1 Like

There have been a lot of discussions on these topics:

This is not easy to hack Qubes OS at all:

Qubes founder said this:

The inconvenient and somehow embarrassing truth for us – the malware experts – is that there does not exist any reliable method to determine if a given system is not compromised. True, there is a number of conditions that can warn us that the system is compromised, but there is no limit on the number of checks that a system must pass in order to be deemed “clean”.

Fortunately, you can always recover to a non-compromised state in the following way (and it’s not that complicated):

Indeed I am using Qubes without a command line (although I can use it when I want). However, certain things are not yet implemented in the GUI, e.g. volume revert. This is work in progress and, @sosqubesinstal, you can always help it.

[edited by @fsflover]. Getting to run a simple firewall is a task in itself

Please do not insult Qubes developers or any other Qubes users. This is against the forum rules. I edited your post.

1 Like

qqqqqqqqqqqqqqq

I agree that @unman was unnecessarily rude in his post. It does not give you the right to follow the same path. I would leave the action to @deeplow concerning @unman’s post.

1 Like

Nothing against the founder or Qubes team. Infact they are doing a good job, only hope seems is qubes @unman @fsflover And I apologies if any of my responses been inappropriate

I dont agree, and I stand by my judgement.

@unman Let me then give you some arguments for my view.

I already gave an example above how command line is unavoidable in certain circumstances. Do you need more examples? Have a look here. Also, even installing software can only be done via command line.

Qubes is of course the most secure operating system available. However, using it requires much more effort then using any other system, if you want to benefit from it at all. You have to compartmentalize your workflows, keep track where you open what, constantly run and stop VMs (which is very slow), suffer from the lack of hibernation and GPU acceleration.

You should download things in a dedicated qube and copy them via inter-qube secure copy mechanism, which doesn’t (rightfully) allow to choose the directory. It leads to a clutter in my QubesIncoming directories. Configuring Bluetooth is a pain with command line; configuring VPNs is a pain with command line, according to numerous posts here.

See also: Major UX Pain Points.

The above is not a complain about the work of Qubes developers but an unavoidable reality of an extremely complex project with an extremely small team.

Feel free to say that I also do not understand how Qubes provides security.

1 Like

This rant isn’t about QubesOS. It’s about the IT industry in general. At least that’s how I understood it.

That’s why I like to use pen and paper. And I like books.

We could talk about making books more secure, i.e. no sharp paper edges. And books shouldn’t be to heavy, because then you could be hurt if the book slips on your foot. Paper needs to be disposable. A shredder can shred paper, but you need a really expensive shredder to shred your paper to unrecoverable dust. After all it’s all about entropy.

1 Like

Because it’s true (in the sense that there is no way to know for certain that a system has not been compromised).

No, they face the same problem as everyone else. Presumably, they have some systems of their own that they’d like to prevent being compromised (by others). They, like everyone else, cannot know for certain that their systems have not been compromised.

There are (at least) two general parts to this:

  1. The general advantage of attackers over defenders. Applies not just to computing but also to warfare and systems in general. Defenders must keep up strong defenses everywhere all the time in order to have successfully defended, whereas attackers need only breach one place one time in order to have successfully attacked. Doesn’t even require intent on the part of the “attacker.” Imagine a giant wall that’s keeping an ocean of water from flooding into a city. In order to do its job, the wall must be watertight everywhere, whereas the water need only find one crack.

  2. The foundational technology on which we rely, e.g., x86 architecture and the Internet, was originally designed to optimize for values other than security. When humanity is forced to try to “bolt on” security after the fact, it results in our present situation. If the foundational tech had been designed with security in mind, this wouldn’t be such a pervasive problem. But don’t blame our predecessors too harshly. Hindsight is 20/20. It was a different time. Having the vision to pioneer the Internet and modern computing is hard enough. You and I probably couldn’t have done it, and even if we had, we probably would’ve made the same mistakes (or worse). It’s easy to see the flaws now, but let’s also remember to be grateful that we have the tech that makes those flaws possible.

It’s a bit like saying, “When it’s so hard to eat healthy, no wonder people stick to fast food.” In a sense, it’s true. Many people do tend to do that. But that doesn’t justify it. That merely explains it. The things that are worthwhile are also hard sometimes. (Some might even say most of the time.)

6 Likes

I guess @sosqubesinstal meant that only hackers who broke into your system know that it’s compromised. It’s probably true.

That means we need more guides, how to do it graphically :slight_smile:

I can write some in free time but all that can be done graphically. Like connecting my phone via blueman

bluetooth

or configuring a qube to host only an instance of NetworkManager for VPN, having firewall whitelist point only to the VPN address.

I’ll set myself up a reminder to write proper guides and test things out. Thanks!

2 Likes

I wasn’t aware I had taken issue with “your view”

I said that it is easy to use Qubes without the command line.
Yes, there are cases where the command line is necessary - for most
users those cases are not needed.
E.g. It’s possible to set up VPN without command line.
You might as well say that you need to edit the registry to use Windows.

It’s true that using Qubes takes more getting used to, but there are
many ways in which that pain can be mitigated. Some of them have been
discussed here.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

Because of the worst words ever used in IT: IF and WHY.
When you try When and How instead, you’ll see the difference.

Not much than with any other new thing. Whoever tried virtualbox-alikes, will not need time to adapt.

You mean, most users don’t need to install software?

A post was split to a new topic: Bluetooth and VPN Guides