How good is the Qubes OS, and what makes it different from existing OSs?

hughye

I've been hearing chatter about Qubes OS, but to be honest I know almost nothing about it. Initially, I thought it was "just" another Linux distribution, but apparently it isn't, although it uses Linux drivers and runs Linux applications. The developers' apparent focus on security through virtualization is welcome and an interesting architecture choice, but I wonder how Qubes actually works as an OS, and if it is noticably different from other OSs in function. Is it worthy of giving a trial, or is it more of a novelty OS?

Topic: Software
Answer this Question

Answers

3 total
jimlynch
Vote Up (20)

Here's an interesting interview & background article about Qubes OS.

Qubes OS: An Operating System Designed For Security
http://www.tomshardware.com/reviews/qubes-os-joanna-rutkowska-windows,30...

"What would an operating system look like it if were redesigned with security in mind? Joanna Rutkowska thinks she has the answer with the development of Qubes OS. We sit down for an interview with Joanna to discuss the way Qubes OS augments security."

You might also want to read the Qubes OS FAQ:

http://qubes-os.org/FAQ.html

"Qubes implements Security by Isolation approach. To do this, Qubes utilizes virtualization technology, to be able to isolate various programs from each other, and even sandbox many system-level components, like networking or storage subsystem, so that their compromise don’t affect the integrity of the rest of the system.

Qubes lets the user define many security domains implemented as lightweight Virtual Machines (VMs), or “AppVMs”. E.g. user can have “personal”, “work”, “shopping”, “bank”, and “random” AppVMs and can use the applications from within those VMs just like if they were executing on the local machine, but at the same time they are well isolated from each other. Qubes supports secure copy-and-paste and file sharing between the AppVMs, of course."

AppDevGuy
Vote Up (17)

Qubes is not a pure Linux OS, and is more based on Xen than anything else.  What really makes it different is that it is an OS designed from day one to be extraordinarily secure.  It is the first OS that I know of that uses virtualization as its foundation, which is how it achieves its security.  It runs each component of the OS as if it was on a VM, so you have isolation of all those components.  It also allows you to create a separate VM for each application, so if you are online and pick up malware, that malware is sequestered and cannot cause a system wide infection.  I'm not sure how stable it is, last I checked Qubes was still in Beta, but it looks really interesting, and certainly worth a check out if you are especially concerned about security.   

fetrow
Vote Up (8)

After a couple days testing:

 

There are at least a few additional features worth mentioning: In addition to personal, work, banking, firewallvm, netvm, there is the amazingly helpful: Disposable.

 

You create disposablevm by invoking "disposableVM, web browser" in the K menu and there is a machine that will be destroyed when you quit the web browser (or whatever else you put in there). Very nice for checking out sites for risks. Every time, you get a fresh copy.

 

Also, considerable effort went into isolating the display and keyboard  from each other (to limit ability of machine X to read when you type in a password on machine Y for instance).

 

The dom0 (host to the VM's) is almost unreachable. You can do little more than update it, even from the console. This is a good thing!

 

By default the VM's are Fedora 17. I haven't tried to do any other OS's or even other Linux distros yet.

 

Please note that I wouldn't care to run this anything less than 4GB worth of hardware (and that is pushing it). I have tested it in 2GB and it is almost unuseable due to memory limitations and the need to run 2 support VM's each needing ~ 256MB. Firefox isn't happy under < 512MB machine.

 

Not at all sure any of the VM's can be a server but again, early days for me.

 

Very nifty as a secure Fedora workstation system in any case.

Ask a question

Join Now or Sign In to ask a question.
The team at Mitro Labs, the developer of a password manager, is joining Twitter, and its software is being released under a free and open source license, Mitro said Thursday.
Computer problems with the U.S. State Department's system for issuing passports and visas may have affected up to 200,000 people, it emerged Thursday, as the scale of the problem became clear for the first time.
Server sales could spike with the expiration of extended support for Microsoft's Windows Server 2003 OS in July next year, a Dell executive said.
Hewlett-Packard has changed its direction on OpenVMS, giving the operating system -- and users -- something of a reprieve.
Upstart NoSQL software vendor MongoDB has snagged a key engineer from the ranks of Oracle, the company's largest competitor in the database software market.
The U.S. Federal Trade Commission failed to adequately consider the consumer benefits of easy in-app purchases in its recent complaints accusing Apple and Amazon.com of allowing children to buy digital products without parental permission, according to some critics of the agency.
GitHub has been called the 'social network for programmers.' Here's how to get started on the popular site for sharing and hosting code (and other things).
SAP is struggling to convince some customers that a pricier support service it introduced several years ago provides additional value compared to the standard support option.
Here's a look at 5 products that manage video in the enterprise.
Despite becoming one of the most widely used programming languages on the Web, PHP didn't have a formal specification -- until now.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+