Thanks!
I have not used Qubes but I have used xcp-ng (newest xen) in a production environment. I do know that the nsa has recommended for gov agencies to not use vms for the most secure systems as the vm guests can potentially attack each other's memory. I'll look into Qubes to see how it protects the guests from each other.
I believe the argument goes that Xen hypervisor bare-betal virtualization is a much smaller attack surface than a hypervisor hosted by an operating system reliant upon constant administrative patching and hardening.
reply