alt Hacker NewsCompartmentalization is only a part of the solution. Once you have that finished, you still need to deal with the actual vulnerabilities in guests, which will contain your secrets and be exposed to the internet, one way or another.
Compartmentalization is only a part of the solution. Once you have that finished, you still need to deal with the actual vulnerabilities in guests, which will contain your secrets and be exposed to the internet, one way or another.
Guests don't have to be exposed to the Internet [0] or even run full OSes [1].
[0] https://www.qubes-os.org/doc/how-to-organize-your-qubes/
[1] https://www.qubes-os.org/doc/templates/minimal/