I agree with most of what you said. But I won't consider Mac a secure os. Yes it may be more secure than a vanilla Linux distro but with few minutes you can make a vanilla Linux and Mac os equally secure.
But then the problem is if someone is able to gain access maybe chaining 2-3 Zero days. They will get access to everything. But in qubes with hardened templates they will have access to single qube. And if you were being care full only a disposable qube.
The power of Qubes is in its ability to compartmentalize everything. You still need to harden all templates use minimal template for vault VM. I've more than 30 separate appVM. And still use disp VM with most of the time.
I agree with most of what you said. But I won't consider Mac a secure os. Yes it may be more secure than a vanilla Linux distro but with few minutes you can make a vanilla Linux and Mac os equally secure.
But then the problem is if someone is able to gain access maybe chaining 2-3 Zero days. They will get access to everything. But in qubes with hardened templates they will have access to single qube. And if you were being care full only a disposable qube.
The power of Qubes is in its ability to compartmentalize everything. You still need to harden all templates use minimal template for vault VM. I've more than 30 separate appVM. And still use disp VM with most of the time.