[tor-talk] [tor-dev] Porting Tor Browser to the BSDs
Yuri
yuri at rawbw.com
Fri Apr 17 05:55:15 UTC 2015
On 04/14/2015 15:38, WhonixQubes wrote:
> -- Harder: Whonix with VirtualBox, KVM, etc isolation for Tor
>
> --- Hardest: Whonix with Qubes isolation for Tor
I only don't understand why you are you so sure that the system with the
hypervisor involved is more secure. Just because something relies on the
"bare metal" doesn't mean that it is inherently more secure. I will give
you two examples of compromised hardware:
* Certain three letter agency managed to subvert some BIOS manufacturers
to https://pbs.twimg.com/media/Bd7LUMYCMAAJcqJ.jpg to inject malicious
code into the kernel during the last stage of BIOS boot. In such case
system boots up in already compromised state, and this is virtually
impossible to detect. This can quite easily include Qubes.
* Intel manufactures many (or all) their network cards with something
called Active Management Technology included:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology Such
cards are able to connect to some remote locations even without the
running OS. And I am sure that even with the OS running they probably
can also initiate connections and send some data out. Nobody but Intel
knows what such cards really do.
Virtual machines already provide very high security, practically
infeasible to exploit. Qubes provides an improvement on top of
"practically infeasible". So this is the hair splitting situation, with
very marginal risk difference, and other factors like the possibility of
the compromised hardware might easily be the higher risk compared to
this difference.
Yuri
More information about the tor-talk
mailing list