I really wish macOS implemented something like @QubesOS' netvm(s) at some point...
/cc @radian @XenoKovahhttps://twitter.com/SemmleInc/status/1057351261123739648 …
-
Show this thread
-
Replying to @rootkovska @QubesOS and
would that actually help? wouldn't a netvm still be able to trigger this kind of attack surface in connected VMs?
1 reply 0 retweets 0 likes -
Even if -- I'd rather have my netvm exploiting a bunch of connected VMs, while still preserving those which are non-connected, or connected to other netvms (not to mention dom0/GUI), than having my whose system being pwnd/crashed. Don't you agree?
1 reply 0 retweets 2 likes -
Replying to @rootkovska @QubesOS and
well - yeah, but that's only really useful if the user actually separates their data into multiple VMs already
1 reply 0 retweets 0 likes -
I agree it's tricky to make full use of netvms, while preserving seamless UX.
1 reply 0 retweets 0 likes -
Replying to @rootkovska @tehjh and
But then again, if you're Apple you don't need to run full VMs -- rather you could containerize just parts of the stacks into VT containers, so no replication of attack vectors downstream.
1 reply 2 retweets 4 likes
i.e. in the "VM" connected to your "netvm" you don't need to replicate the whole low-level networking stack which you have in your world-facing "netvm" (like 802.11, lower parts of TCP/IP).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.