Qubes OS, an open source operating system that employs the "security by compartmentalization" approach to protect against malware on desktop PCs, reached version 3.0 today. The new release brings Hypervisor Abstraction Layer (HAL), an upgrade to Xen 4.4 from Xen 4.1, official support for Debian templates, and integration with the anonymity-focused Whonix template.
The team behind Qubes OS introduced HAL as a way to decouple the Qubes logic from the underlying hypervisor, which is currently Xen. This made it easier to upgrade to Xen 4.4, but it will also allow for an easier switch to other hypervisors in the future such as KVM or Microsoft's Hyper-V. According to the main architect of Qubes OS, Joanna Rutkowska, this makes Qubes OS "not yet another virtualization system," but a user of a virtualization system.
Upgrading to Xen 4.4 brings a few benefits such as better hardware compatibility, and starting with Qubes OS 3.1, support for UEFI as well. (Until now you had to use the Legacy Mode for BIOS). The new upgrade will also bring better overall performance, including for inter-VM services.
Although Qubes OS's main core is based on Fedora, the VMs that it creates can be based on Debian, Ubuntu, Whonix, Arch and others. This allows users the flexibility to run apps that work on Fedora or Debian, for instance. Many of these have been unofficial templates so far, but starting with Qubes OS 3.0, the Debian template will be officially supported. Qubes OS has also supported Windows 7 for a while.
The Whonix integration in Qubes OS 3.0 is interesting because it now allows all Qubes users to connect to the Internet via a more secure anonymity-focused VM. Whonix is a TAILS alternative that works only in a VM and connects everything through Tor and through another "Gateway" VM, ensuring strong isolation between the "Workstation" OS and the Tor-enforced connections.
Qubes OS has had support for a similar "TorVM" for years, but Whonix is a more mature and advanced project. Unlike Whonix residing inside Virtualbox or some other virtualization program, the Qubes-Whonix integration offers enhanced security thanks to all the other security features of Qubes OS, such as networking, storage and GUI compartmentalization, as well as more secure inter-VM communication.
Qubes OS 3.1 RC1 with UEFI support is expected to come out by the end of the month as well, although it should take a few more months before it's released as stable. Over the next year, the Qubes OS team will prioritize making the OS more stable, supporting more hardware, and making it easier to use from a UX and UI perspective, which could increase its adoption by less technical users.
Follow us @tomshardware, on Facebook and on Google+.
