Snowden-Approved Qubes OS 3.2 Released With New Management Features, Xfce4 Desktop Environment

Qubes OS with Xfce desktop environment

Qubes OS 3.2 was released as an incremental upgrade over Qubes OS 3.1. The new version focuses on polish and stability, as well as on improving the user experience.

Qubes OS is a security-oriented operating that aims to protect users through “compartmentalization.” The idea is to keep activities that aren’t related to each other, such as personal, work, and banking activities, in isolated virtual machines. You simply start a VM for work and one for banking, ensuring that the malware you may be getting while working doesn’t affect your banking accounts (for example).

The OS allows even more fine-grained control, though. You could for instance start a “disposable VM” that opens a single risky application, and then everything will be wiped when you close its VM.

New Management Functionality

One of the biggest features the new release received is the ability to manage not just the VMs themselves, but the insides of those VMs, as well. That means that you can customize your “Work” VM, for instance, to have certain configurations by default when you do the Qubes OS initial setup.

Allowing the management engine to integrate more deeply into the VMs would normally mean that the VMs would be more exposed to attacks. However, the Qubes OS team believes that it found an “elegant” solution for this, which it implemented in Qubes OS 3.2.

For version 4.x, the team plans to further increase the level of customization to include the following features:

Pre-configured apps optimized to take advantage of Qubes’ compartmentalization, such as Thunderbird with Qubes Split GPGUI and system-wide customizations for specific use casesCorporate remote management and integration

USB Passthrough

Qubes OS 3.2 also comes with a feature called USB passthrough, which allows users to assign individual USB devices such as webcams and Bitcoin hardware wallets to AppVMs. That means now users can do Skype conferences or use other applications that previously required USB access.

Qubes OS has been sandboxing USB devices since it was created, but due to hardware limitations for virtualization technologies, all USB devices connected to a USB controller had to be assigned the same VM, whereas now they can be assigned different VMs. The Qubes team solved this through a software work-around, with the downside that the USB sandboxing is now slightly more exposed to attacks.

The team also noted that if the USB drive is malicious, the VM to which it is assigned is still vulnerable to attacks. This is a problem with all operating systems, but unlike the rest, Qubes OS sandboxes the USB drive from infecting the other system components outside of the assigned VM.

The Qubes OS team recommended that users always be mindful of what USB drives they plug into their computers.

From KDE To Xfce

Qubes OS 3.2 also switched from KDE to Xfce4 as the default desktop environment. The core developers have been complaining about the bloat and instability in KDE and plan to switch to Gnome in the future, but as a stopgap, they’ve chosen Xfce.

Qubes OS 3.1 users can choose to upgrade to 3.2, but a clean installation is preferable, according to the Qubes OS team. Those on Qubes OS 3.2 release candidates can upgrade normally to the stable release.

Edward Snowden, the NSA whistleblower, hasn’t shied away from telling people what his most trusted security tools are. Qubes OS has been one of them for sometime, and he’s now once again recommending people who are serious about security to give it a try.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • lorfa
    I wish the openBSD people could make friends with the qubes people. They could produce the ultimate in security.

    (I also hope they stick with xfce)
    Reply
  • firefoxx04
    Snoden approved? What is that supposed to even mean? Okay great the guy released a bunch of documents that proved what we already knew. That doesn't make him a Messiah.
    Reply
  • sykozis
    18665253 said:
    Snoden approved? What is that supposed to even mean? Okay great the guy released a bunch of documents that proved what we already knew. That doesn't make him a Messiah.

    Doesn't prove he actually knows wtf he's talking about either. He was provided access to the documents he released, through his former job. Not like he hacked government systems to get the documents.
    Reply
  • Davil
    Cool concept for an OS, but seriously F that traitor so hard.
    Reply
  • ssdpro
    "Snowden-Approved" probably means the OS has a back door that shares all of your data with the Chinese and Russians.
    Reply
  • therealduckofdeath
    SSDPRO and Davil needs to look up facts. Here's a tip. Go watch the 2 hour movie about him showing in the cinemas now. It will clearly make yo use the world in a different light as you guys have no clue.
    Reply
  • computerguy72
    99.9% of Snowden's releases were not related to PRISM, Muscular and a couple of others that could be interpreted as public interest. The rest were clearly intended to harm the US generally as some sort of punishment. Irony here is he wound up in Russia where these sorts of programs are 1000x worse versus the citizens.
    Reply
  • Camikazi
    18668086 said:
    SSDPRO and Davil needs to look up facts. Here's a tip. Go watch the 2 hour movie about him showing in the cinemas now. It will clearly make yo use the world in a different light as you guys have no clue.

    Wait... did you just try to use a Hollywood produced movie that is "based on a true story" to make your point about someone? You really can't use a movie to justify why someone is right about something, Hollywood will ALWAYS exaggerate and add things that never happened to movies. There is a good chance that 95% of that movie isn't even real or not exactly what happened.
    Reply
  • pocketdrummer
    You guys beat me to it. On one hand, some of the things the government was doing were unconstitutional and needed to be stopped.

    However...

    I find it very suspicious he ended up in Moscow. Guaranteed, he would not have been able to stay there had he not given the Russian government information in return. They would have used him as leverage to get something else they want from the US. Given the recent hacks against the DNC and other government entities, it wouldn't be a stretch to think he was involved either willingly or unwillingly.
    Reply
  • Crystalizer
    18665253 said:
    Snoden approved? What is that supposed to even mean? Okay great the guy released a bunch of documents that proved what we already knew. That doesn't make him a Messiah.

    Not just released. He risked his life for it and worked there and had a hand on experience how nsa uses it's tech to spy and hack systems.
    Very detailed information about how they handle all the massive amounts of data they gather. Yes some of the people knew and some of them lived in fantasy land where there are conspiracies only tin foil hats. Snowden showed how deep it all wen't and risked it's own life for it and it is was deeper than most people can think of.

    What comes to the OS. All of the features are really nice and make sense. I ques in this case when Snowden approves means that it's an OS that can't be easily hacked by NSA.or infected with malware.
    Reply