From 25548db0103640da51e500d1cac078a64fcd3852 Mon Sep 17 00:00:00 2001 From: Ganwtrs Date: Thu, 4 Dec 2025 22:03:44 -0800 Subject: [PATCH] Remove MDAG mention Signed-off-by: Ganwtrs --- content/posts/knowledge/Threat Modeling.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/knowledge/Threat Modeling.md b/content/posts/knowledge/Threat Modeling.md index 5dac31d..cc93d9c 100644 --- a/content/posts/knowledge/Threat Modeling.md +++ b/content/posts/knowledge/Threat Modeling.md @@ -78,7 +78,7 @@ Mobile operating systems are generally safer than desktop operating systems when Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing properties to Android, and macOS has full system permission control and opt-in (for developers) sandboxing for applications, however these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make heavy use of virtual machines or containers, such as Qubes OS. -Web browsers, email clients, and office applications all typically run untrusted code sent to you from third-parties. Running multiple virtual machines to separate applications like these from your host system as well as each other is one technique you can use to avoid an exploit in these applications from compromising the rest of your system. Technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this seamlessly, for example. +Web browsers, email clients, and office applications all typically run untrusted code sent to you from third-parties. Running multiple virtual machines to separate applications like these from your host system as well as each other is one technique you can use to avoid an exploit in these applications from compromising the rest of your system. Qubes OS provides a convenient and seamless method to do this. If you are concerned about physical attacks you should use an operating system with a secure verified boot implementation, such as Android, iOS, ChromeOS, or macOS. You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Secure Element](https://developers.google.com/android/security/android-ready-se) for rate limiting attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems do not encrypt data separately per-user.