Well that's the problem indeed, knowing if you are clean from firmware viruses in the first place. But i don't suspect i have firmware viruses and i have new pc. It takes a lot of time and money and no one would bother to infect specific user. I am no one. It could be used in attacks on multi peoples, or if already some firmware virus existed someone could use it i guess, i don't really know. Even probability is low. I am just acting responsibly about this. If i can use Qubes, than why not right. So if i use Qubes, using ROM optical disk in external mechanic. So i should be generally safe, (nothing is perfect), even if i got firmware viruses afterwards ? And do i even have to unplug hard disks than ? I can do that, if it is potential security risk, i don't bank that often. Although it is annoying to physically unplug them each time. But i understand you want to reduce attack surfaces. But if i boot from live CD, not sure if viruses on hard disks could do anything. And i won't be booting from Windows when live CD is in and it would be ROM and i'll use external CD mechanic.
On Tuesday, June 9, 2020 at 12:51:41 PM UTC+2, Mark Fernandes wrote: > > I recently did a personal study that covered at least some of these > issues. Ppl can also contribute to the study which is now public and in the > form of a wiki. > > On Monday, 8 June 2020 19:00:17 UTC+1, [email protected] wrote: >> >> ... I know firmware viruses are rare, but still better safe than sorry. I >> am looking for safe OS to do online banking from. If i use live usb of >> QUBES, does that protect me against all firmware viruses ? ... >> > > My opinion is that it probably doesn't when you suspect you may already > have firmware viruses. If you know you are clean (including that the USB > memory stick is also clean from firmware malware [because USB memory > sticks can also have firmware malware > <https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Digital_storage#General_security_risks_in_digital_storage>]), > > then you'll probably be safe if you only use Qubes. > > A live DVD of Qubes is likely more safe than a live USB memory stick of > Qubes—see here > <https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Digital_storage#Rewritable_media_vs_optical_ROM_discs> > . > > For users not literate with the technical aspects of computing, who want > to do online banking securely and safely, I would advise purchasing a brand > new Chromebook using random physical selection at a physical computer > store > <https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Broad_security_principles#User_randomly_selecting_unit_from_off_physical_shelves>. > > Chromebooks appear to be quite secure in comparison to many other kinds of > devices generally labelled as computers (I don't include smartphones in > this comparison, and I don't know so much about which smartphone one should > choose for online banking). > > If you are more technically minded, and want to do online banking, it > still might be the case that other "better" solutions are inappropriate for > you, in the sense that they are all "overkill" solutions. Banks often > refund monies stolen through fraud... However, if you are more technically > minded, it probably is a good idea to look through the aforementioned study > (the contents page can be accessed here > <https://en.wikibooks.org/wiki/End-user_Computer_Security/Preliminaries>). > > Some info on the security of BIOS/UEFI firmware (from the study ) is > documented here > <https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Software_based#Security_of_BIOS/UEFI_firmware> > . > > >> Also i can't disable all my disks in BIOS, could that be problem ? .... >> So my main OS can't compromise Qubes. ... >> > > Would recommend physical disconnection of unused disks when dual-booting. > As I think mentioned elsewhere in these mailing lists, you can do that by > just taking out the power cable of the respective disks. See here > <https://en.wikibooks.org/wiki/End-user_Computer_Security/Main_content/Software_based#Qubes_OS_4.0.3_side-by-side_with_other_operating_systems> > > for more information. > > > >> ... I wanted to dedicate my old pc for online banking, but Qubes doesn't >> work there. >> > > Might be a good idea to do such dedication. It can be good from a security > perspective because of the isolation of the device from other systems you > use. You could consider using the freely-available CloudReady OS > <http://www.neverware.com/freedownload>, which is something like > ChromeOS (used on Chromebooks) for non-Chromebook devices. I've > successfully installed CloudReady on an old Toshiba laptop. > > > Kind regards, > > > Mark Fernandes > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11a79e4a-a5ae-47f9-9ab8-c4c6b3389d8ao%40googlegroups.com.
