Linked by fvillanustre on Sun 1st May 2011 21:51 UTC
Linux "Qubes OS comes from an elegant concept: if you can isolate functional components within disposable containers, and you can separate those components that can be tainted through their interaction with the outside world from the core subsystems, you stand a good chance to preserve the integrity and security of the base Operating System at the possible expense of needing to jump through some hoops to move data around the system. All in all it sounds like a good proposition if it can be demonstrated to be practical." Read the full review.
Permalink for comment 471539
To read all comments associated with this story, please click here.
RE[2]: Not a review ?
by Neolander on Mon 2nd May 2011 10:46 UTC in reply to "RE: Not a review ?"
Neolander
Member since:
2010-03-08

I agree that hardware code verification would be a powerful defense against rootkits. Until they manage to corrupt the code which the hardware uses for its verification, that is. However, this hardware feature is not mainstream yet, and will remain so for a very long time. Qubes' security is based on something else.

Developers of Qubes state that their security is based on untrusted component isolation through virtual machines. However, the "virtual machine" words are so overused nowadays that they have lost their meaning a lot of time ago. What is being virtualized ? What kind of isolation does this new layer provides ?

Mainstream OS kernels already provide a form of virtualization : software doesn't access the hardware directly, doesn't share a common address space... So what's new here ? In what way is their additional virtualization layer more secure than what the Linux kernel already provides ?

Edited 2011-05-02 10:55 UTC

Reply Parent Score: 1