Stories
Slash Boxes
Comments

SoylentNews is people

posted by Cactus on Saturday February 22 2014, @09:15PM   Printer-friendly
from the get-outta-my-sandbox dept.

CQ writes:

Qubes-OS, the Security-by-Isolation, VM-based operating system, has concluded that a port to the Windows OS line isn't feasible. In this post, the CEO of Inivisble Things Labs outlines what she had hoped to accomplish with the port and her explaination why it was just not meant to be.

This paper [pdf] contains all the technical bits you need to know, and the explanation on why the Windows APIs and system architecture are not appropriate for the task of creating an isolation system. It also has some interesting (if that's your thing) information on the Windows security model.

Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by FuckBeta on Sunday February 23 2014, @12:04AM

    by FuckBeta (1504) on Sunday February 23 2014, @12:04AM (#5012) Homepage

    "Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?"

    Yes. A few things to be aware of.

    Hardware: main requirements are modern CPU with virtualization extensions and enough RAM. A fast SSD is recommended but not essential. I run a (2008 model) Intel Q6600 with 4GB RAM which is sufficient for normal desktop use (as would any more modern i5 or better). Intel integrated graphics preferred due to the high quality open source drivers, however will work with most modern NVIDIA with the open source nouveau driver. Installing unsigned binary blobs in the privileged domain (DOM0) is a major risk and against the ethos of the security by isolation approach. For laptops, check the Qubes HCL.

    Software: Qubes is based on Fedora and comes with KDE. There is a user friendly gui interface to control the virtual machines, and the distinction between network VMs (e.g. firewall VM, tor network VM), template VMs (root filesystems which are accessed by appVMs using Copy on Write), and appVMs (where users run software is clear).

    Security domains: rather than running each application in its own VM, which is not resource efficient, instead we partition into security domains. These are colour coded, and the window manager colors the application windows appropriately. Red could be for untrusted web browsing, yellow for personal email, green for internet banking only, and blue for software development. Each domain has its own firewall rules, isolated storage, and can run with different software "templates".

    Other operating systems: Qubes uses Xen and version 2 (currently in Beta) has support for Windows based appVMs. If you have a Windows program you need to run, you can install it under a windows virtual machine, and isolate the unauditable and untrusted proprietary code from the rest of your network and data. Have tested with Windows 7 install from DVD with the above hardware, works smoothly.

    3D acceleration: the appVMs use a software framebuffer, so there is no direct rendering or acceleration. However, 1080p video will play smoothly on a Q6600 @ 2.6GHz, a six year old chip.

    Beta: I know its not a popular term in these parts, but the ITL team do an excellent job. Any issues, there is good documentation, a wiki, or pop over to the mailing list. The developers are very quick to respond and patch issues submitted by beta testers. (suggestion: use e.g. Clonezilla to keep full images of your system for simple backup and restore - this is a Beta product, and there will be some glitches upgrading - probably best installed on a spare HDD for non power users)

    In light of the Snowden revelations (which confirm in more detail what many in the community already suspected), Qubes is a critical product. For example, one of the FoxAcid exploits to bypass proxy obedience in a version of Firefox used by Tor Browser Bundle would have failed against a Qubes install where obedience was imposed at the NetVM level.

    Its defense in depth, security by isolation, based on a stable and trusted RPM based distro, put out by a team with excellent infosec pedigree. Cannot recommend highly enough, and I use as my main desktop.

    If there is enough interest from the community, I'll ask the Qubes team if they'd like to do an "Ask Soylent".

    --
    Quit Slashdot...because Fuck Beta!
    Starting Score:    1  point
    Moderation   +4  
       Informative=4, Total=4
    Extra 'Informative' Modifier   0  

    Total Score:   5  
  • (Score: 1) by mrclisdue on Sunday February 23 2014, @02:28AM

    by mrclisdue (680) on Sunday February 23 2014, @02:28AM (#5045)

    Very informative post. Thank you.

    cheers,

  • (Score: 0) by Anonymous Coward on Sunday February 23 2014, @02:45AM

    by Anonymous Coward on Sunday February 23 2014, @02:45AM (#5048)

    If there is enough interest from the community, I'll ask the Qubes team if they'd like to do an "Ask Soylent".

    I don't know about others, but I would like that if it happened. I've been following the project on-and-off for a while because I find its security design, as well as virtualisation in general, an interesting topic.

    (Posted AC because I modded you up and don't want to obliterate it.)

  • (Score: 1) by Khyber on Sunday February 23 2014, @03:30AM

    by Khyber (54) on Sunday February 23 2014, @03:30AM (#5060) Journal

    Qubes has a tiny learning curve, as well, for anyone familiar with operating even simple VMs.

    Seconding the recommendation.

    --
    Destroying Semiconductors With Style Since 2008, and scaring you ill-educated fools since 2013.
  • (Score: 2) by dilbert on Sunday February 23 2014, @05:11PM

    by dilbert (444) on Sunday February 23 2014, @05:11PM (#5226)
    I too appreciate your reply. I was very interested in Qubes some time ago, but it didn't seem quite mature enough last time I looked. I've been using multiple VMs in virtual box to accomplish the same thing (I even borrowed their idea of colors per VM to make it easy to know which domain/VM I'm in). Snapshots mean companies cannot track me across browsing sessions.
  • (Score: 2) by SMI on Friday February 28 2014, @05:08AM

    by SMI (333) on Friday February 28 2014, @05:08AM (#8285)

    Most informative post, ever. Thank you!

    • (Score: 1) by FuckBeta on Tuesday March 04 2014, @04:59PM

      by FuckBeta (1504) on Tuesday March 04 2014, @04:59PM (#10748) Homepage

      Glad you liked it.
      Qubes R2B3 is pretty stable, hopefully you can try it out.
      Any questions, hit us up on the mailing list.

      --
      Quit Slashdot...because Fuck Beta!