Linked by Thom Holwerda on Mon 3rd Sep 2012 21:53 UTC
OSNews, Generic OSes "After nearly three years of work, I have a pleasure to announce that Qubes 1.0 has finally been released! [...] I would like to thank all the developers who have worked on this project. Creating Qubes OS has been a great challenge, especially for such a small team as ours, but ultimately, I'm very glad with the final outcome - it really is a stable and reasonably secure desktop OS."
Order by: Score:
Comment by MOS6510
by MOS6510 on Tue 4th Sep 2012 05:18 UTC
MOS6510
Member since:
2011-05-12

It seems it's a Linux distribution that launches a number of applications within a VM? Why not use chroot?

To me it seems Linux doesn't really have much issues regarding viruses, worms or trojans. The real danger today is phishing and I'm not sure this setup helps.

A few days ago I saw this guy on TV. He got a call from a "Microsoft" person with an Indian accent. He told him Microsoft detected his PC having problems. They walked him through a number of steps making him a crucial member of the team that set his PC up for outside abuse.

Then again some people actually deserve this.

Reply Score: 5

Comment by BBAP
by Bringbackanonposting on Tue 4th Sep 2012 05:37 UTC
Bringbackanonposting
Member since:
2005-11-16

That MS scam is popular here. It weeds out those that should not be allowed to use computers.

Thanks for the explanation on what Qubes OS is. The blog entry was rambling about security so much I stopped reading.

Reply Score: 3

RE: Comment by BBAP
by MOS6510 on Tue 4th Sep 2012 05:49 UTC in reply to "Comment by BBAP"
MOS6510 Member since:
2011-05-12

There is a summary:

Key architecture features:

Based on a secure bare-metal hypervisor (Xen)

Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)

No networking code in the privileged domain (dom0)

All user applications run in “AppVMs”, lightweight VMs based on Linux

Centralized updates of all AppVMs based on the same template

Qubes GUI virtualization presents applications like if they were running locally

Qubes GUI provides isolation between apps sharing the same desktop

Storage drivers and backends sand-boxed in an unprivileged virtual machine(*)

Secure system boot based on Intel TXT(*)

Reply Score: 4

RE[2]: Comment by BBAP
by bitwelder on Tue 4th Sep 2012 06:46 UTC in reply to "RE: Comment by BBAP"
bitwelder Member since:
2010-04-27

Thanks! I think also the project screenshot page http://qubes-os.org/Screenshots.html helps to get a first look of what it is and how it works (before looking under the hood).

Reply Score: 3

RE[3]: Comment by BBAP
by MOS6510 on Tue 4th Sep 2012 07:41 UTC in reply to "RE[2]: Comment by BBAP"
MOS6510 Member since:
2011-05-12

It looks okay, I guess, nothing original.

But basically it's a modified Linux distribution. Therefor I think it kind of stretches the definition of what awards an operating system badge.

Also I think it solves a problem that's not really there. I mean, it's not like hordes of Linux users are running around naked in the streets in blind panic because their desktops are hit by viruses. I suspect that in practice all these extra security layers provider more hassle than the benefit of extra security.

What would be nice is to have some kind of system that allows the user to run any application of choice with added security and make this system an optional install for any Linux distribution.

Not every feature or bell 'n' whistle deserves an entire new "operating system". What is you're happy with your Slackware or Ubuntu, but you do like this idea?

Reply Score: 3

RE[4]: Comment by BBAP
by Lennie on Tue 4th Sep 2012 10:01 UTC in reply to "RE[3]: Comment by BBAP"
Lennie Member since:
2007-09-22

You have to remember the people who are looking for extra security are not the average users.

Also when trying to create secure systems, it is all about seperation and layers of defense and creating small(er) pieces of code which handle that seperation.

The smaller those pieces are, the more predictable and more understandable they usually are and thus they can be better checked for errors.

But it still has to work easily or people just won't use it.

I think they found an interresting balance.

Also default Linux installs already come with SELinux, apparmor and/or the hardend version of PHP.

Lightweight containers for running certain security sensitive applications, based on "LXC", are also in the works.

Edited 2012-09-04 10:15 UTC

Reply Score: 3

RE[4]: Comment by BBAP
by peteo on Tue 4th Sep 2012 12:45 UTC in reply to "RE[3]: Comment by BBAP"
peteo Member since:
2011-10-05

Linux is a kernel, not an OS.

QED

Edited 2012-09-04 12:46 UTC

Reply Score: 0

RE[5]: Comment by BBAP
by MOS6510 on Tue 4th Sep 2012 12:49 UTC in reply to "RE[4]: Comment by BBAP"
MOS6510 Member since:
2011-05-12

Yes, that's why I repeatedly mentioned "Linux distribution" as opposed to just "Linux".

But when people talk about "Linux" I think it's safe to assume they mean an operating system (with a Linux kernel). When people talk about the Linux kernel they often mention the word kernel anyway.

Reply Score: 2

RE[6]: Comment by BBAP
by peteo on Tue 4th Sep 2012 13:30 UTC in reply to "RE[5]: Comment by BBAP"
peteo Member since:
2011-10-05

What we should take away from this is that

1) It's perfectly fine for Qubes to call itself an OS.

2) It's very different from your stock distro, which makes it even finer to call itself an OS. With a Linux kernel.

Now we eat.

Reply Score: 1

RE[7]: Comment by BBAP
by MOS6510 on Tue 4th Sep 2012 14:58 UTC in reply to "RE[6]: Comment by BBAP"
MOS6510 Member since:
2011-05-12

It's okay to call itself an operating system, but if I google around it seems it's really yet another Linux distribution.

The feature that stands out is that it boots an entire virtual Linux host just for you to run an application.

What I ask myself is does this extra security really solves anything? How many desktop Linux users are the victims of any type of malware (not including Adobe Flash)? Does it protect again user errors, phishing attacks, DNS spoofs?

If you are paranoid you may like this, but you'd need to give up your current favorite operating system.

To me it seems you'd be far better of using any common Linux distribution and educate yourself (daily if possible) using Linux. Do all the security basics, be smart and be up-to-date and you'll be fine.

Reply Score: 3

Comment by abstraction
by abstraction on Tue 4th Sep 2012 11:10 UTC
abstraction
Member since:
2008-11-27

Yeah it's really not it's own operating system.

Considering it is based on Linux I can see why they thought this solution was the only reasonable one.

If each process would have it's own mount table (and in turn it's own view of the filesystem, including multiplexing of resources) as in Plan9 and processes could only communicate through the filesystem and not through some obscure system calls there would not have been any need for this what so ever because that together with the MMU would been enough. Chroot, as pointer out earlier would not have been a reasonable alternative either.

The overhead of the solution they came up with must be incredibly high. It is an ugly workaround, but it's nice they made it work anyway.

Edited 2012-09-04 11:12 UTC

Reply Score: 2

Rube Goldberg "microkernel"?
by coreyography on Wed 5th Sep 2012 00:02 UTC
coreyography
Member since:
2009-03-06

This sounds like use of a virtual machine monitor (Xen, in this case) to provide separation between applications, some drivers, and other processes, and to run them in an unprivileged mode. Something that things like Minix and most true microkernel OSes do without the VMM ;) .

Is it more secure than Linux chroot? Probably. More secure than FreeBSD jails/UML/<your favorite app virtualization scheme here>? Depends on how secure you think Xen is. It's a fairly substantial amount of code regardless. Unless Qubes can run any general-purpose OS in one of the "appVM"s, I think the effort would probably have been better spent on one of the other technologies mentioned above.

Reply Score: 2

nice effort
by NuxRo on Wed 5th Sep 2012 09:17 UTC
NuxRo
Member since:
2010-09-25

Nice effort, but it looks like overkill to me.

I'd be more interested in something lighter and more integrated, like Selinux Sandboxing (hm, something to look into I guess).

Funny how the installation guide almost attacks NoScript - lol, what is that all about? Especially from people focused on security:

"Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic)."

Reply Score: 1