Now this is interesting. We only briefly touched upon Qubes two months ago, and now, the team behind the project have announced a very interesting feature: disposable virtual machines. The idea here is that you can tell your operating system to launch an application in a virtual machine that gets created specifically for opening that application. If you close the application, the VM is destroyed automatically – and this all in under one second.
Qubes is an interesting operating system that builds upon the strengths of Linux, the Xen hypervisor, and the X windowing system. Its goal is to create a secure system through the use of virtualisation. “Qubes lets the user define many security domains implemented as lightweight virtual machines, or ‘AppVMs’,” the website reads, “E.g. user can have ‘personal’, ‘work’, ‘shopping’, ‘bank’, and ‘random’ AppVMs and can use the applications from within those VMs just like if they were executing on the local machine, but at the same time they are well isolated from each other.”
Qubes supports secure copy and paste between these virtual machines. The virtual machines consist of a small X server running a dummy driver, so they take up relatively little RAM. Apart from the AppVMs, several system components are running inside special virtual machines too, such as the networking environment.
They’ve now taken all this a step further by announcing the disposable virtual machine concept. You can right click on any file or application, and select ‘open in a disposable VM’; the system will create a virtual machine and launch your application in it, which should take less than one second. Once you’re done and close the application, the VM will be destroyed automatically.
“Basic support for Disposable VMs is planned for Beta 1, which is scheduled sometime at the end of the summer holidays,” Joanna Rutkowska, the driving force behind Qubes, writes, “But I can tell that’s just the beginning. The ultimate goal, from the user’s point of view, would be to make Qubes OS to look and behave just like a regular mainstream OS like Linux, or Windows, or even Mac, but still with all the strong security that Qubes architecture provides, deployed behind the scene. Seamless support for Disposable VM is one of the first steps to achieve this goal.”
This is a very interesting approach, and in all honesty, I’m kind of wondering why none of the big boys have every thought of this – spelled out like this, it sounds like such a no-brainer.
How does this differ from being a normal OS except with highly restricted interprocess communication? It seems like nothing more than a OS that takes processes partitioning all the way down to the filesystem level.
Not sure I would actually call this a VM…