It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
I tried installing Qubes but it didn't work. I think it requires TPM which your laptop probably has but I don't think my computer has it, so I'm guessing that's why it didn't work.
originally posted by: machineintelligence
The more permanent and persistent OS Snowden mentions is the Qubes OS which requires a permanent installation on a capable and compatible device...
If you have some experiences using these OS distros please contribute your experiences.
Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too?
No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).
If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).
If the attacker can physically access the computer hardware (and you use it after such an access), he can, for example, attach a malicious component to it (such as a hardware keystroke logger) that will capture the password, the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer again).
The only thing that TPM is almost guaranteed to provide is a false sense of security (even the name itself, "Trusted Platform Module", is misleading and creates a false sense of security). As for real security, TPM is actually redundant (and implementing redundant features is usually a way to create so-called bloatware).
Qubes has established itself as arguably the most popular security-centric distro. It works on the principle of Security by Isolation and makes intelligent use of virtualization to ensure that malicious software doesn’t infect other parts of the installation. Qubes uniquely isolates several essential elements of the operating system inside different virtual machines, called qubes. An individual instance of an app is restricted within its own qube. Thanks to this arrangement you can run Firefox in one qube to visit untrusted websites and another instance of the browser in a different qube to transact online. A malware ridden website in the untrusted qube will not affect the banking session. Thanks to its radically different approach, Qubes does have a learning curve. However it isn’t abrupt enough to prevent you from using the distro like a normal Linux installation. Qubes is based on Fedora and uses the Xfce desktop environment. But instead of a list of apps, its application menu lists several qubes such as work, personal, untrusted, each of which rolls the individual apps inside them.