Secure operating system Qubes OS

Qubes OS is an open source desktop operating system from Polish security firm Invisible Things Lab, what makes this system more secure than other Linux distributions is that you can isolate components within disposable containers separating them from interaction with the rest of the OS. The distribution is based on Fedora Linux and runs virtualization software Xen Hypervisor to segregate applications assigning them to domains. The developers decided to use Xen over other virtualization software because its code is compact and easy to audit.

The user can define temporary coloured virtual machines for specific applications, for example, your email (Thunderbird), terminal (xterm) and web browser (Firefox) can all be contained within a virtual box, with one or more tools running inside each sandbox (called domain), if malware infects any of them it won’t spread to the OS and the domain can be restored to its original form. Qubes comes with KDE desktop, after logging in you will be shown Qubes VM manager listing the dom0 virtual machine, a default privileged Xen domain, and other virtual domains managing your network like netvm and firewallvm. If your network card drivers were to be compromised it would not affect the rest of the system integrity because networking has been virtualized.

Linux Qubes OS applications inside virtual machines

Linux Qubes OS applications inside virtual machines

Qubes OS is a new approach to fight malware through easy to audit code, application isolation through virtualization and an easy to use graphical interface to segment the OS based on personal needs. You could sandbox your Internet browser with Qemu yourself or use Linux chroot to contain malware infections, but Qubes OS goes further than that, it virtualizes the whole OS, including network connection, firewall and external storage devices, it allows for advanced networking set ups based on different domain policies and the OS has been optimized to run lightweight virtual machines, Qubes OS principle is security by isolation, not the applications but the domains where the application dwells. This is not a veritable Linux operating system because it uses virtualization as its foundation with applications all virtualized in different compartments.

One downside to virtualization is that you will need a huge amount of RAM, Qubes OS developers advice a computer with a minimum of 4GB and a Solid State Disk which is faster to write and read than traditional drives albeit more expensive. Computer security is made up of layers and Quant OS does exactly that, it builds as many layers as possible to make an attacker’s life very difficult, this is a very powerful operating system for advanced users with a unique approach to computer security that should be implemented in any high security environment.

 Visit Qubes OS homepage

Leave a Reply