back to article Qubes OS bakes in virty system-level security

Invisible Things Lab (ITL), a group of security researchers based in Warsaw, Poland, has announced Qubes 1.0, the first production release of a new desktop operating system designed to provide unprecedented security through the pervasive use of virtualization. "Unfortunately, contrary to common belief, there are no general …

COMMENTS

This topic is closed for new posts.
Silver badge

"Based on Xen, X Window System, and Linux"

So how long until Microsoft starts with the threats?

2
1
Silver badge

Re: "Based on Xen, X Window System, and Linux"

Huh. T'was an honest question, if somewhat provocative, and I get no replies but some kind of pavlovian downvote. Microsoft hates Linux, is currently waging (a losing) patent war against it, and Qubes OS is partly based on Linux. Just to really rattle the hornet's nest, they are working on Windows compatibility.

So.. when does the demand for a hundred bajillion dollars for violation of 235 patents appear on the doorstep of Invisible Things Lab?

3
0

This existed in 2001

http://en.wikipedia.org/wiki/GreenBorder

0
0
Meh

Re: This existed in 2001

Not quite, that was only oriented towards browsers, where this is more like an OS that is a collection of VM's, some of which may or may not include browsers.

Were I to want something like GreenBorder today, I'd go with BitBox.

I might configure up a Qubes OS on a micro-drive for use at internet cafe's, that could be interesting.

1
0
Anonymous Coward

Re: This existed in 2001

If you read more about the security architecture of Qubes I think you'll find that the similarities don't run past cosmetics. GreenBorder was for sandboxing - along the lines of Sandboxie, with the segmentation happening on top of the OS.

Qubes is a different beast all together - with the segmentation happening at the hypervisor level, enforced by hardware level controls, etc.

That's not to say that "[Qubes rulez and GreenBorder is teh suxorz]"... A lot of what Qubes protects against seems to be more theoretical than actual, and I have no reason to doubt the effectiveness of solutions like Sandboxie, but I have been following the Qubes project for quite a while now... even if just as a bit of academic fascination.

4
0
Anonymous Coward

Re: This existed in 2001

Wow - Dear editor, how about a review of Sandboxie and Bitbox.

Probably more positive than yet more tems about latest crack of Java, Browsers etc ad nauseum.

3
0
Silver badge

I wonder....

...if the various VMs can be different OSs; or if it is more like Containers/Jails?

Time to RTFM I guess! :)

0
0
Ru

Re: I wonder....

It presumably uses the Xen hypervisor, so there's no obvious technical reason why any Xen-compatible OS couldn't be used. Doesn't mean that the Qubes userland supports such a thing yet, of course.

1
0
Anonymous Coward

Re: I wonder....

They are working on Windows support, and while it has been demonstrated (if you can call a screen shot that) it's not available on this release. Last I heard they were debating on making it available as a point (1.x), vs. major (2.0?) release. There seem to be some pretty significant challenges to doing this - both in working within the security architecture (appears to be satisfied now by changes to the hypervisor) and usability (no secure clipboard to pass info between the VMs, and desktop vs. per-Window display for the Windows VMs) which are still being worked on.

More information on Windows support here: http://theinvisiblethings.blogspot.com/2012/03/windows-support-coming-to-qubes.html

As to other OS support - like a different distro of Linux for the app VMs - I know I've seen that asked before but I can't seen to find anything on it right now on my Mobile.

1
1
Anonymous Coward

The question is..

..could this be enough to run Java safely? :)

0
2

Re: The question is..

On a one time, throw away, disposable VM of course ;)

1
0
Anonymous Coward

Users

Can the average user be bothered to set up Domains for different purposes (can the average user even understand why they have to do this) - I think what will happen is that most users will end up with one VM for everything and we are back to sq1.

2
0
Silver badge

Re: Users

Someone from Invisible Things is welcome to tell me I'm wrong, but their project doesn't appear to be made for Average Joe or Jane. That said, as a preconfigured, locked down box in a webcafe or library for example, it might well provide the sysadmins with relief from headaches created by distinctly average (or even nefarious above-average) users.

1
0
This topic is closed for new posts.

Forums