Qubes OS: A reasonably secure operating system
Qubes OS is a security-focused, open-source operating system using the Xen hypervisor for isolation. It supports multiple OS, has notable endorsements, and includes recent updates for enhanced security and privacy.
Read original article
Qubes OS is a security-focused operating system that utilizes the Xen hypervisor to provide strong isolation between different tasks and applications. It allows users to run multiple operating systems simultaneously, offering flexibility in choosing Linux distributions or Windows applications. Qubes OS has received endorsements from notable figures, including Edward Snowden and organizations like the Freedom of the Press Foundation, highlighting its effectiveness in managing sensitive workloads and enhancing user control over software. Recent updates include the release of Fedora 41 templates and various security announcements, indicating ongoing development and commitment to user safety. The integration of Whonix within Qubes OS facilitates anonymous internet usage through the Tor network, further enhancing privacy. The project is open-source and encourages community involvement, providing resources for users to contribute and seek assistance.
- Qubes OS uses Xen hypervisor for strong security and isolation.
- It supports multiple operating systems, enhancing user flexibility.
- Endorsed by prominent figures and organizations for its security features.
- Recent updates include new templates and security announcements.
- The project is open-source, promoting community engagement and support.
Related
Qubes OS 4.2.2 has been released
Qubes OS 4.2.2 consolidates security patches, bug fixes, and updates. It enhances file-copying between qubes, reverts a restrictive change, and offers installation options. Users are advised to back up before updating.
Why one would use Qubes OS? (2023)
Qubes OS is a security-focused operating system that uses virtualization for application compartmentalization, ideal for users needing data separation, but has high resource demands and a steep learning curve.
Converting untrusted PDFs into trusted ones: The Qubes Way (2013)
Qubes OS provides a method to convert untrusted PDFs into trusted ones using Disposable VMs, creating a "Simple Representation" in RGB format, though it limits text search and editing capabilities.
PQConnect – Automated Post-Quantum End-to-End Tunnels from DJB, Lange, ohters.
PQConnect is a new Internet security layer that protects against quantum attacks, offering automatic end-to-end encryption, installation guidance, and support from international funding bodies, with a dedicated chat for user feedback.
Superior Internet Privacy with Whonix
Whonix is a privacy-focused operating system that routes internet traffic through Tor, ensuring user anonymity. It features no activity logging, advanced security measures, and is open-source, enhancing user privacy.
14 commentsI think it would be good to make it possible to deactivate certain security features such as strict graphics isolation so that users can adjust their settings to their risk acceptance level. It would also be interesting to be able to optionally replace Xen with lighter isolation mechanisms, even if the user would compromise on security here too.
I understand the usual story is that the goal is security benefits, and the compartmentalization (or rather the implied inconvenience) is the price for that. But for me the compartmentalization turned out to be a benefit on it's own, and actually convenient.
I find it extremely convenient to have multiple isolated / virtual workspaces for different stuff, even if you assume attackers / malice do not exist. Having separate VMs is not the same as having separate folders. I also love the VM templates, which allow me to do all kinds of experiments (e.g. install packages in the app VM, which disappear after restart). Or run VMs with a mix of distros/versions/... Yes, I could do some of that with plain VMs, but Qubes integrates that in a way that I find very convenient. The commands for copying stuff between VMs are muscle memory at this point.
Yes, there are limitations, like the lack of GPU acceleration. But movies in 1080p play just fine without it, and I'm not a gamer, so I don't mind much. I can't play with CUDA etc. on these QubesOS machines, and scrolling web pages with large images is laggy, but I find this to be an acceptable price.
I went through multiple laptops / workstations over the years, and the situation improved a lot I think. Initially I had to solve quite a few issues with installer, some hardware not working (or requiring setting something special), or poor battery life on the laptops. But after a while that mostly either went away, especially once I switched to laptops with official Linux support (Dell Precision were good, I'm on Thinkpad P1 G7 now). The battery life is pretty decent too (especially once I disabled HT in BIOS).
Is it perfect for everyone? No, certainly not. But it sure is great for me, and I hope they keep working on it.
Maybe we need immutable OS + an audit layer on anything that could allow exploits to persist (bashrc and the likes).
Other women who's computing enthusiasm I enjoyed was Jessie Frazelle's writing and speaking about running everything in Docker on her laptop and Sacha Chua's love for Emacs.
Can I run old versions of stuff like MS-DOS or Windows 3.1 under it? Or my beloved Windows 2000? Windows 2000 with Office 2000 pro (with the patches to read the new office 2007 formats) would be awesome. I miss outliner mode in Word 2000.
Basically every criticism you hear is about correct-- principally worse graphics performance and battery life. But the performance issues for me were less bad than I expected, and the seamlessness of its usability was much much higher than I expected.
Like copy and paste, moving files between VMs, plugging usb devices into VMs, networking, etc. all pretty much just work. It's pretty impressive if you have any idea of the machinery under the hood needed to make that work.
And now I don't feel anywhere near as nervous that whatever vendor program I need to use to configure a device or browser zero day is going to compromise my system. I can read documents from adverse threat actor sources in a netless VM and feel reasonably confident that it can't phone home or steal my data, etc.
Obviously it doesn't replace real air gap security, but it's the closest thing you can get to a network of airgapped or firewalled per-application computers which you can fit into a laptop bag.
I also like that I can use software that really only works right on fedora/redhat along side software that really only works right on debian. (Or windows, for that matter, but it's not as seamless). I like that I can substantially upgrade my operating system while running--- like I went from fedora40 to 41 just by installing the template, and switching over appvms one at a time. If anything goes wrong it's trivial to roll back, and I can have some app vms that work fine on the new stuff while others are held back if there is a compatibility issue. I like that applications that go nuts and try to use all my memory only screw up the VM that they're in instead of my whole system.
It's so nice that when I want to get something working I can spin up a vm and scribble all over it until I get it working. Binary patch my libc, whatever. Then once I've solved it, I can apply the final clean solution to a persistent template. Any random experimentation just goes away when I close the appvm. Need some program just for a single thing? install it in the appvm rather than the template and it naturally is gone later. I can be intentional about changes being either ephemeral or persistent, and never have to worry that the removal of something temporary was incomplete.
Of course YMMV, -- if you're someone who is mostly doing text and low performance graphics and can run it on a fast computer then its costs will be small. If you'd find a ten year old computer perfectly usable chances are that qubes on a modern computer won't seem slow or poor battery lifed to you. Particularly if you have other computers for games, 3d gfx, full screen video, etc. If you are someone who has been subjected to targeted hacking attempts the increased peace of mind will be substantial.
Converting untrusted PDFs into trusted ones: The Qubes Way (2013) - https://news.ycombinator.com/item?id=42401904 - Dec 2024 (45 comments)
Why one would use Qubes OS? (2023) - https://news.ycombinator.com/item?id=42200987 - Nov 2024 (16 comments)
Counter argument against QubesOS more secure by being a type 1 hypervisor - https://news.ycombinator.com/item?id=41401318 - Aug 2024 (1 comment)
Qubes OS 4.2.2 has been released - https://news.ycombinator.com/item?id=40959109 - July 2024 (5 comments)
Working with Qubes OS at the Guardian - https://news.ycombinator.com/item?id=39949882 - April 2024 (74 comments)
Qubes OS 4.2.1 has been released - https://news.ycombinator.com/item?id=39833245 - March 2024 (11 comments)
A modest update to Qubes OS - https://news.ycombinator.com/item?id=39490264 - Feb 2024 (31 comments)
Qubes OS 4.2.0 has been released - https://news.ycombinator.com/item?id=38690597 - Dec 2023 (21 comments)
QubesOS – A reasonably secure operating system - https://news.ycombinator.com/item?id=36684946 - July 2023 (135 comments)
Qubes OS 4.2-rc1 is available for testing - https://news.ycombinator.com/item?id=36178205 - June 2023 (3 comments)
New user guide: How to organize your qubes - https://news.ycombinator.com/item?id=33396604 - Oct 2022 (15 comments)
Opsec considerations when using WiFi - https://news.ycombinator.com/item?id=32148920 - July 2022 (2 comments)
What Is Qubes OS? - https://news.ycombinator.com/item?id=32036899 - July 2022 (82 comments)
Automated OS testing on physical laptops - https://news.ycombinator.com/item?id=31281107 - May 2022 (4 comments)
Qubes OS: A reasonably secure operating system - https://news.ycombinator.com/item?id=30776103 - March 2022 (97 comments)
Qubes OS 4.1.0 has been released - https://news.ycombinator.com/item?id=30215210 - Feb 2022 (1 comment)
Ask HN: Qubes OS or just separate VMs for separating work and private files? - https://news.ycombinator.com/item?id=29537961 - Dec 2021 (6 comments)
Qubes OS 4.1-rc1 has been released - https://news.ycombinator.com/item?id=28856957 - Oct 2021 (5 comments)
Qubes OS 4.0 has been released - https://news.ycombinator.com/item?id=16699900 - March 2018 (39 comments)
Qubes OS: A reasonably secure operating system - https://news.ycombinator.com/item?id=15734416 - Nov 2017 (144 comments)
Reasonably Secure Computing in the Decentralized World - https://news.ycombinator.com/item?id=15566563 - Oct 2017 (44 comments)
Toward a Reasonably Secure Laptop - https://news.ycombinator.com/item?id=14743238 - July 2017 (100 comments)
“Paranoid Mode” Compromise Recovery on Qubes OS - https://news.ycombinator.com/item?id=14218504 - April 2017 (14 comments)
Qubes OS Begins Commercialization and Community Funding Efforts - https://news.ycombinator.com/item?id=13069615 - Nov 2016 (24 comments)
Qubes OS 3.2 has been released - https://news.ycombinator.com/item?id=12604417 - Sept 2016 (30 comments)
Security challenges for the Qubes build process - https://news.ycombinator.com/item?id=11801093 - May 2016 (17 comments)
Qubes OS 3.1 has been released - https://news.ycombinator.com/item?id=11260857 - March 2016 (44 comments)
Converting untrusted PDFs into trusted ones: The Qubes Way (2013) - https://news.ycombinator.com/item?id=10538888 - Nov 2015 (5 comments)
Intel x86 considered harmful – survey of attacks against x86 over last 10 years - https://news.ycombinator.com/item?id=10458318 - Oct 2015 (169 comments)
Qubes – Secure Desktop OS Using Security by Compartmentalization - https://news.ycombinator.com/item?id=8428453 - Oct 2014 (49 comments)
Introducing Qubes 1.0 ("a stable and reasonably secure desktop OS") - https://news.ycombinator.com/item?id=4472403 - Sept 2012 (59 comments)
Qubes: an open source OS with strong security for desktop computing - https://news.ycombinator.com/item?id=2645170 - June 2011 (16 comments)
Review: Qubes OS Beta 1 — a new and refreshing approach to system security - https://news.ycombinator.com/item?id=2504274 - May 2011 (1 comment)
The Linux Security Circus: On GUI isolation - https://news.ycombinator.com/item?id=2477667 - April 2011 (47 comments)
Qubes Beta 1 has been released (strong desktop security OS) - https://news.ycombinator.com/item?id=2439096 - April 2011 (3 comments)
Qubes Architecture - actual security-oriented OS - https://news.ycombinator.com/item?id=1796384 - Oct 2010 (1 comment)
Open source Qubes OS is ultra secure - https://news.ycombinator.com/item?id=1249857 - April 2010 (7 comments)
Introducing Qubes OS - https://news.ycombinator.com/item?id=1246990 - April 2010 (20 comments)
Did it help anyone pass any kind of security audit? In other words, do auditors recognize it as a valid environment for working with potentially malicious documents, or only as a toy?
When interacting remotely with untrusted services, apps, or documents, Qubes cannot be beaten.
However, if I was afraid of my laptop getting attacked with an evil maid attack, I’m sticking with my Mac, Secure Boot, and FileVault; so that my Lock Screen is less likely to be patched against me. If I’m afraid of persistent malware, I want a platform that isn’t necessarily game over if the malware gets sudo privileges once. If I’m afraid of PIN guessing attempts to break in by brute force, I want something like a modern iPhone where the guessing limit is hardware enforced, not a Linux phone where it’s software enforced.
Same for if I were in a country with a hostile government. Nothing screams “I’m hiding something and I’m malicious” like using GrapheneOS or Qubes in Russia or China. They might not see your work, but the uncommon choices by itself makes you suspect. An iPhone and Mac over there suggests wealth, and would possibly socially increase your benefit of the doubt due to white collar associations; GrapheneOS and Qubes would shred all benefit of doubt you may have enjoyed.
I sometimes think of the Tor incident at a US College. I’m not encouraging this behavior, but a college student sent bomb threats to his university. He was identified, arrested, and convicted because he was the only one using Tor on the university network. A perfect example of how the “more secure” thing used without strategy can shoot yourself in the foot.
The point is: If you are reporting on military activity in the Donetsk region, don’t be the only person in the area using Qubes and Tor. Don’t be the only person in the area with a phone pinging GrapheneOS update servers, or a laptop pinging Qubes package repositories. Heck, don’t be the only guy with a phone on the cell network identifying as Android that inexplicably never talks to Google.
Related
Qubes OS 4.2.2 has been released
Qubes OS 4.2.2 consolidates security patches, bug fixes, and updates. It enhances file-copying between qubes, reverts a restrictive change, and offers installation options. Users are advised to back up before updating.
Why one would use Qubes OS? (2023)
Qubes OS is a security-focused operating system that uses virtualization for application compartmentalization, ideal for users needing data separation, but has high resource demands and a steep learning curve.
Converting untrusted PDFs into trusted ones: The Qubes Way (2013)
Qubes OS provides a method to convert untrusted PDFs into trusted ones using Disposable VMs, creating a "Simple Representation" in RGB format, though it limits text search and editing capabilities.
PQConnect – Automated Post-Quantum End-to-End Tunnels from DJB, Lange, ohters.
PQConnect is a new Internet security layer that protects against quantum attacks, offering automatic end-to-end encryption, installation guidance, and support from international funding bodies, with a dedicated chat for user feedback.
Superior Internet Privacy with Whonix
Whonix is a privacy-focused operating system that routes internet traffic through Tor, ensuring user anonymity. It features no activity logging, advanced security measures, and is open-source, enhancing user privacy.