Why the system is more favorable to malicious attackers and not users

It’s easy to use Qubes without the command line: it has been for years.

Everything you say is nonsense, and shows you have not understood how
Qubes provides security.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
1 Like

There have been a lot of discussions on these topics:

This is not easy to hack Qubes OS at all:

Qubes founder said this:

The inconvenient and somehow embarrassing truth for us – the malware experts – is that there does not exist any reliable method to determine if a given system is not compromised. True, there is a number of conditions that can warn us that the system is compromised, but there is no limit on the number of checks that a system must pass in order to be deemed “clean”.

Fortunately, you can always recover to a non-compromised state in the following way (and it’s not that complicated):

Indeed I am using Qubes without a command line (although I can use it when I want). However, certain things are not yet implemented in the GUI, e.g. volume revert. This is work in progress and, @sosqubesinstal, you can always help it.

[edited by @fsflover]. Getting to run a simple firewall is a task in itself

Please do not insult Qubes developers or any other Qubes users. This is against the forum rules. I edited your post.

1 Like


I agree that @unman was unnecessarily rude in his post. It does not give you the right to follow the same path. I would leave the action to @deeplow concerning @unman’s post.

1 Like

Nothing against the founder or Qubes team. Infact they are doing a good job, only hope seems is qubes @unman @fsflover And I apologies if any of my responses been inappropriate

I dont agree, and I stand by my judgement.

@unman Let me then give you some arguments for my view.

I already gave an example above how command line is unavoidable in certain circumstances. Do you need more examples? Have a look here. Also, even installing software can only be done via command line.

Qubes is of course the most secure operating system available. However, using it requires much more effort then using any other system, if you want to benefit from it at all. You have to compartmentalize your workflows, keep track where you open what, constantly run and stop VMs (which is very slow), suffer from the lack of hibernation and GPU acceleration.

You should download things in a dedicated qube and copy them via inter-qube secure copy mechanism, which doesn’t (rightfully) allow to choose the directory. It leads to a clutter in my QubesIncoming directories. Configuring Bluetooth is a pain with command line; configuring VPNs is a pain with command line, according to numerous posts here.

See also: Major UX Pain Points.

The above is not a complain about the work of Qubes developers but an unavoidable reality of an extremely complex project with an extremely small team.

Feel free to say that I also do not understand how Qubes provides security.

1 Like

This rant isn’t about QubesOS. It’s about the IT industry in general. At least that’s how I understood it.

That’s why I like to use pen and paper. And I like books.

We could talk about making books more secure, i.e. no sharp paper edges. And books shouldn’t be to heavy, because then you could be hurt if the book slips on your foot. Paper needs to be disposable. A shredder can shred paper, but you need a really expensive shredder to shred your paper to unrecoverable dust. After all it’s all about entropy.

1 Like

Because it’s true (in the sense that there is no way to know for certain that a system has not been compromised).

No, they face the same problem as everyone else. Presumably, they have some systems of their own that they’d like to prevent being compromised (by others). They, like everyone else, cannot know for certain that their systems have not been compromised.

There are (at least) two general parts to this:

  1. The general advantage of attackers over defenders. Applies not just to computing but also to warfare and systems in general. Defenders must keep up strong defenses everywhere all the time in order to have successfully defended, whereas attackers need only breach one place one time in order to have successfully attacked. Doesn’t even require intent on the part of the “attacker.” Imagine a giant wall that’s keeping an ocean of water from flooding into a city. In order to do its job, the wall must be watertight everywhere, whereas the water need only find one crack.

  2. The foundational technology on which we rely, e.g., x86 architecture and the Internet, was originally designed to optimize for values other than security. When humanity is forced to try to “bolt on” security after the fact, it results in our present situation. If the foundational tech had been designed with security in mind, this wouldn’t be such a pervasive problem. But don’t blame our predecessors too harshly. Hindsight is 20/20. It was a different time. Having the vision to pioneer the Internet and modern computing is hard enough. You and I probably couldn’t have done it, and even if we had, we probably would’ve made the same mistakes (or worse). It’s easy to see the flaws now, but let’s also remember to be grateful that we have the tech that makes those flaws possible.

It’s a bit like saying, “When it’s so hard to eat healthy, no wonder people stick to fast food.” In a sense, it’s true. Many people do tend to do that. But that doesn’t justify it. That merely explains it. The things that are worthwhile are also hard sometimes. (Some might even say most of the time.)


I guess @sosqubesinstal meant that only hackers who broke into your system know that it’s compromised. It’s probably true.

That means we need more guides, how to do it graphically :slight_smile:

I can write some in free time but all that can be done graphically. Like connecting my phone via blueman


or configuring a qube to host only an instance of NetworkManager for VPN, having firewall whitelist point only to the VPN address.

I’ll set myself up a reminder to write proper guides and test things out. Thanks!


I wasn’t aware I had taken issue with “your view”

I said that it is easy to use Qubes without the command line.
Yes, there are cases where the command line is necessary - for most
users those cases are not needed.
E.g. It’s possible to set up VPN without command line.
You might as well say that you need to edit the registry to use Windows.

It’s true that using Qubes takes more getting used to, but there are
many ways in which that pain can be mitigated. Some of them have been
discussed here.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

Because of the worst words ever used in IT: IF and WHY.
When you try When and How instead, you’ll see the difference.

Not much than with any other new thing. Whoever tried virtualbox-alikes, will not need time to adapt.

You mean, most users don’t need to install software?

A post was split to a new topic: Bluetooth and VPN Guides

No, in my experience most users do not need to install software.

In Debian (at least) GUI software installers are fully functional, as
you should know. (So one command line instance in dom0 to install synaptic.)
Fedora was just horribly broken - I assume it still is.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

actually, what @sosqubesinstal said, really deeply express my frustration.
although after reading replies, i also think that those are make sense & true.

in my journey, struggling for security, that we can read here.
after Heads Qubes laptop & Graphene OS, even air-gaped laptop, cannot protect my privacy,
somehow this reality i experience, give me a strong assumption,

that maybe actually, all devices in the world have been compromised,
or maybe, there is a hidden backdoor component in all devices, ready to be used anytime,

it is either, the attacker let us sleep peacefully, with a sweet lie,
that we are secure, which is actually not,
or the attacker let us know the bitter truth,
that we have been backdoor-ed / compromised.

either sweet lie or bitter truth,
none of the option are good.

but the reality that confuse me is,
the fact that most activity stay secure,
regardless the fact that we are using unsecured system, ie:

  • how come people simply make online payment / transaction,
    or login into bank account, or using online banking in mobile apps,
    or input their credit card number into online form,
    regardless the fact that we are using unsecured system,
    (which in my case, give me strong feeling that they can live stream my devices)
  • how writer like JK Rowling, or other director, song writer, journalist, researcher,
    using unsecured laptop, to type a long story / research, but nobody steal their work,
    regardless the fact that we are using unsecured system
  • etc