Are non-perfect defenses that defeat off-the-shelf malware  a worthwhile development goal?
- Let’s assume there are off-the-shelf viruses, trojan horses  which work against major Linux distribution(s).
- Then assume some feature of Whonix / Kicksecure would prevent that exact exploit chain .
- Assume that modified malware using a more obscure exploit chain would still be successful.
Is it worth it?
I think yes, it’s worth it. Even though non-perfect, as end result less users will have their data leaked, and be thankful for that.
For example by using GitHub - tasket/Qubes-VM-hardening: Fend off malware at Qubes VM startup / Dev/VirusForget - Kicksecure it may be possible that viruses are non-persistent after reboot or even better, their exploit chain may get interrupted. I.e. it could be that a working exploit wouldn’t result in malware active in memory since it’s installation script is failing due to immutable dotfiles or so.
Malware authors might ultimately work around Qubes-VM-hardening / VirusForget. They might find other application data folders to exploit such as perhaps XFCE settings folder. However, until they get there it could be a few years and if they get their, perhaps the remaining holes can be closed step by step. Without going the first step, we can’t really push for seeing research on that.
Another example is enforce kernel module software signature verification [module signing] / disallow kernel module loading by default. An exploit chain that is trying to load a malicious module might fail. That may or may not be easy to debug for some malware authors.
On the other hand it could be called snakeoil.
I am wondering if it’s not worth to give up preemptively due to someone saying snakeoil.
At the moment it looks like the security of mobile devices such as many Android (and perhaps iPhone) devices is better than the security of Linux desktop computer distributions. Mobile device vendors secure against a different thing. They want to make sure users are running their software. And not custom after market firmware. One can call their defenses snake oil all day. However, fact remains there are tons of devices with locked bootloaders with users who would wish to run an after market firmware but care not capable to do so.
With Linux desktop computer distributions, Whonix / Kicksecure, we could get the same security. But we wouldn’t secure against the user from doing custom modifications. We’d use the same techniques that mobile vendors use for purposes of to protect against malware. Techniques such as verification of the boot chain and all executable and so forth at boot time, untrusted root, boot optional without root access, strong linux user account separation.
 Targeted Malware vs Off-The-Shelf Malware
 Malware is a non-ideal term.