Window 7 Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 13 September 2010

On Thin Clients Security

Posted on 07:35 by Unknown
I'm constantly being asked about it, and so I thought I would write a handy blog post, so I could just referrer to it in the future, when yet anther person asks me if I think the use of Thin Clients is a game-changer to desktop security...

It is not! Thin Clients do not improve your desktop security in any way, and that's because:

  1. You still run a regular full-blown OS, such as Widows and all the regular applications, such as those buggy PDF readers, Web browsers, etc - it's just you run them all on some corporate server, rather on your laptop. The fact that you run the OS on the corporate server, doesn't make it any less prone to compromises, compared to if you run it locally on your laptop.


  2. A compromise of your laptop, even if it's just a dump terminal, is still fatal! This is because if your laptop's kernel (or MBR, or BIOS, or some PCI device's firmware, or GPU) is compromised, the attacker can intercept/steal/spoof all the data that you work on remotely, because it is still your laptop that processes the input (keystrokes, mouse events) and output (pixels). So, an Evil Maid attack on your laptop when you use it as a Thin Client, would be just as devastating, as it is otherwise (and don't fool yourselves that crypto tokens can help)

We really need secure end-user systems, even if we just want to use them as dump terminals only! There is really no way we could skip this step (and e.g. focus only on infrastructure, or services security).
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in general, os security | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Windows 7 seamless GUI integration coming to Qubes OS!
    Finally, after months of hard work, seamless mode for Windows 7 AppVMs is coming to Qubes OS! The new Windows Support Tools will be releas...
  • Converting untrusted PDFs into trusted ones: The Qubes Way
    Arguably one of the biggest challenges for desktop security is how to handle those overly complex PDFs, DOCs, and similar files, that are ...
  • The MS-DOS Security Model
    Back in the '80s, there was an operating system called MS-DOS . This ancient OS, some readers might not even remember it today, had a ve...
  • The three approaches to computer security
    If we looked at the computer systems and how they try to provide security, I think we could categorize those attempts into three broad categ...
  • Running Vista Every Day!
    More then a month ago I have installed Vista RTM on my primary laptop (x86 machine) and have been running it since that time almost every da...
  • Attacking Xen: DomU vs. Dom0 consideration
    As it usually happens, there is some confusion regarding the attacks presented in our Xen 0wning Trilogy. Some people think they are possibl...
  • Thoughts on Intel's upcoming Software Guard Extensions (Part 2)
    In the first part of this article published a few weeks ago, I have discussed the basics of Intel SGX technology, and also disc...
  • Qubes 2 Beta 2 has been released!
    Qubes R2 Beta 2 with KDE 4.9 environment (click for more screenshots) We're progressing fast and today I would like to anno...
  • Disposable VMs
    While we're still busy with some last few tickets left for Qubes Alpha 2 milestone, Rafal has already started working on a new feature ...
  • SVV Source Code Made Public!
    I decided to publish the full source code of my System Virginity Verifier. The license grants you to do anything with the code, including us...

Categories

  • attack
  • backdoors
  • bad guys attacking joanna
  • BIOS
  • bitlocker
  • challanges
  • chipset
  • cloud
  • company news
  • conferences
  • disk encryption
  • exploit
  • fighting for a better world
  • formal verification
  • general
  • hypervisor rootkits
  • nested virtualization
  • os security
  • personal
  • philosophical
  • qubes
  • rootkits
  • saving-the-world-afterhours
  • secure architecture
  • smm
  • tpm
  • trusted computing
  • trusted execution technology
  • usb
  • virtualization based rootkits
  • xen hacking
  • xen heap exploiting

Blog Archive

  • ►  2013 (7)
    • ►  November (1)
    • ►  September (1)
    • ►  August (1)
    • ►  June (1)
    • ►  March (1)
    • ►  February (2)
  • ►  2012 (8)
    • ►  December (1)
    • ►  September (2)
    • ►  July (1)
    • ►  June (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2011 (17)
    • ►  December (2)
    • ►  September (3)
    • ►  August (1)
    • ►  June (2)
    • ►  May (4)
    • ►  April (3)
    • ►  March (2)
  • ▼  2010 (15)
    • ►  December (1)
    • ►  October (1)
    • ▼  September (4)
      • ITL is hiring!
      • On Thin Clients Security
      • (Un)Trusting your GUI Subsystem
      • Qubes, Qubes Pro, and the Future...
    • ►  August (2)
    • ►  July (1)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  January (1)
  • ►  2009 (21)
    • ►  December (1)
    • ►  October (1)
    • ►  September (2)
    • ►  August (2)
    • ►  July (2)
    • ►  June (3)
    • ►  May (1)
    • ►  March (4)
    • ►  February (2)
    • ►  January (3)
  • ►  2008 (15)
    • ►  September (3)
    • ►  August (4)
    • ►  July (2)
    • ►  May (1)
    • ►  April (4)
    • ►  March (1)
  • ►  2007 (15)
    • ►  October (2)
    • ►  August (2)
    • ►  June (1)
    • ►  May (1)
    • ►  April (2)
    • ►  March (2)
    • ►  February (3)
    • ►  January (2)
  • ►  2006 (8)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (2)
Powered by Blogger.

About Me

Unknown
View my complete profile