Qubes OS: An Operating System Designed For Security

Is Real Security Even Possible?

Alan: Last question; a philosophical one. After the Brighton Bombing in ’84, the IRA released a statement that included the line “…remember we only have to be lucky once. You have to be lucky always.” When it comes to computing security, it’s the same problem, only worse. You can’t negotiate with the bad guys, and you’ve got attacks going for the data in the cloud, where the end-user is at the mercy of the e-tailer or cloud provider, and then you have attacks going after vulnerabilities on the user’s own desktop. Do you think we can actually win this war or are we just hoping to minimize our losses?

Joanna: If we didn't believe that we could build a reasonably secure system, significantly more secure than others, we would not be investing all those efforts into building Qubes OS. And personally, I would not be sacrificing the sexiness of Apple hardware and software ;) Yup, you heard me right; I admit I'm an Apple fangirl. Yet, I was willing to replace my primary laptop with a non-Mac one. I guess this is what you call a sacrifice!

Alan: Believe it or not, I just switched back to Windows 7 after using a Mac for a few years (a Lenovo ThinkPad X220). Are you running Qubes as your primary system now? Or dual-booting that and something else?

Joanna: Of course I use Qubes as my primary system! In fact, I completely switched to Qubes back in March 2010 (even before the first public "Alpha 1" release in April 2010), which made me the proud #1 full-time user of Qubes (with Rafal taking second place).

Alan: Are you running Qubes on a MacBook Pro using Boot Camp? Or are you really running it on a PC now?

Joanna: I'm currently using a Sony Vaio Z as my primary laptop for Qubes. It has some advantages over MacBooks, such as support for Intel VT-d in the BIOS, and better support in Linux drivers for various devices.

Just a few months ago, however, I also bought myself an iPad 2, which I use for personal, non-sensitive stuff, such as task/shopping lists (I love things from Cultured Code) and calendar, photos, and news reading, as well as making my public conference slides (I love Keynote, and I really hate Open Office!).

I love my iPad, of course, and I dream sometimes that we could have Qubes for ARM (e.g. iPad) that would be using iOS-based domains. That’s absolutely doable, technically, but unfortunately not possible because of other, non-technical reasons, such as licensing.

Alan: On the topic of tablets, maybe that would be good for the "enterprise"-grade tablets from Cisco or HP.

Joanna: Maybe we will release Qubes for ARM one day and use Android for domains.

Alan: Sounds interesting. Thanks a lot for taking the time to talk to us about Qubes-OS. Please keep us updated with its progress.

Joanna: My pleasure, as always.

  • Interesting.
  • iam2thecrowe
    i wont use it, because i dont really understand half of what is written in the article, they lost me at Bare Metal Hypervisor, but what the hell is with the seemingly random picture of the woman with the scarfe around her neck?
  • OpenBSD: An Operating System Designed For Security
    iam2thecrowei wont use it, because i dont really understand half of what is written in the article, they lost me at Bare Metal Hypervisor, but what the hell is with the seemingly random picture of the woman with the scarfe around her neck?
    The "bare metal hypervisor" is Xen. In a nutshell, it runs directly on the hardware of the server machine, and that is all it does (you install Xen, and it consumes the whole drive) You then install your operating systems virtually ontop of Xen. To access your operating system, you login to it from another machine using special Xen client software.

    As Xen is what runs the amazon elastic cloud, there is need for high security OSes like Qubes for enterprise business applications.
  • FloKid
    Life always finds a way. I just wonder if you put a function for a USB and a function for an ethernet port in the same code, won't that start two kernels even if they are isolated and basically give you access to both in the same code? I might not be getting something, but I could see the same program having a hard time accessing all of the other kernels, since they are not in the same process. Could be good I guess, but I can see sorta a way around that if you have other malicious software already running hidden.
  • 3-R4Z0R
    So this is essentially the same thing as Minix, only that it's been reinventing Minix again (just like about 20 other projects during the last 15 years that have never come as far as EU funded Minix which is even partially POSIX compatible)?
  • i`d hit
  • nevertell
    So what they are doing is sandboxing stuff into partitions using Xen ? WHY?
    I am more interested how are they making the transition between the domains, because if they're using IOMMU to have a discrete videocard available to the domains, how are they sharing it between the domains ?

    Tom's, you could make an article about virtualizing Windows 7 on top of xen with a normal Ubuntu install in dom0 and have a discreet videocard for windows 7 and use the integrated one for ubuntu/linux, like a sandy bridge igpu and some nvidia/radeon. If you prove that the transition between the domains is fast and easy, this would be AWESOME for regular linux users, as I hate to reboot to play some games. But that way, I could just switch between the domains, at any given time. I mean, RAM is cheap.

  • killerclick
    Wow, it's a girl. Let's have an article about her, it'll draw the horny teenager crowd!
  • amigafan
    Lol there would be more comments on this particular article but veterans know they'd quickly get decimated with thumbs downs ;)

    I won't even bother with mentioning "kitchen" in any context :D