Xen-Based Secure OS Qubes Hits 1.0

Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today released version 1.0 of Qubes, a stable and reasonably secure desktop OS. It is the most secure option among the existing desktop operating systems — even more secure than Apple's iOS, which puts each application into its own sandbox and does not count on the user to make security decisions. Qubes will offer users the option of using disposable virtual machines for executing tasks they believe could harm their computer. These VMs will be lightweight, easily and extremely speedily created and booted, and would be just as easy to discard." First covered back in 2010. See some screenshots of the X11 part in action (and they say displaying clients from multiple "hosts" isn't useful...)

And I feel so safe downloading it..

[R_Growler]

Because the first thing I see is:
Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

Oh goodie...

Think I'll go with this one ;) : ... or you might try to download the ISO via bit torrent:

Re:And I feel so safe downloading it..

[0123456]

Because the first thing I see is:
Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

Real men use wget. Or telnet.

Re:And I feel so safe downloading it..

[aNonnyMouseCowered]

You can be secure enough if you use a router, an updated operating system and separate profiles or different browsers when browsing all the stuff you shouldn't be browsing. Unless you're a politician, a drug lord, a terrorist cell leader, or somebody else with potentially powerful enemies.

That said, killing Javascript and disabling or better uninstalling all plug-ins for new sites or sites that you rarely visit should fix most Internet security issues.

Re:And I feel so safe downloading it..

At least for me, their wiki is also serving up an expired (on 4/6/2011) SSL certificate.

To be fair, the java script requirement probably comes from Amazon, as the download link is https://s3.amazonaws.com/qubes-os/iso/Qubes-R1-x86_64-DVD.iso which gives me an error message encoded in XML. (with no script, no cookies, and the referrer spoofed to the root of the site (https://s3.amazonaws.com/))

Still, this is almost as bad as security tools with a browser interface that requires flash. (I'm looking at you, Nessus.) They could have used another distribution method that didn't require javascript; Coral Cache comes to mind.

Re:And I feel so safe downloading it..

[fm6]

I haven't visited the Qubes web site, But the fact that No'Script breaks it is not a big issue, NoScript breaks half the sites on the web. NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to — after multiple warning from NoScript as to how dangerous it is.

If you think this is a sane approach to security, you should consider abandoning graphical browsers altogether. I think Lynx is still being maintained.

Re:And I feel so safe downloading it..

[0123456]

NoScript breaks half the sites on the web.

No, it doesn't. But thanks for playing.

Re:And I feel so safe downloading it..

Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

It's not just that, it's the condescension, the admission that they don't know how to create a file link without JavaScript (which may be indicative of the quality of their OS too) and the very poor grammar that it was written in. I was going to check this out, but now I'm going to give it a complete pass due solely to that idiotic statement.

Re:And I feel so safe downloading it..

[Black+LED]

If your site breaks because the client doesn't have JavaScript enabled, then you are doing it wrong. The site should gracefully degrade so that anyone can use it.

Re:And I feel so safe downloading it..

Neither the Invisible Things or Qubes web site works without Javascript. You know why? Because they both unnecessarily use Javascript for a static navigation menu.

That is absolutely pathetic.

Re:And I feel so safe downloading it..

[sjames]

I have no idea why it says that, the links appear to work fine with noscript in full force.

Re:And I feel so safe downloading it..

[thePowerOfGrayskull]

Because the first thing I see is:
Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

Real men use wget. Or telnet.

Definitely telnet. It's the most secure.

Re:And I feel so safe downloading it..

[smash]

should, yes. most of the web does not.

Re:And I feel so safe downloading it..

[Black+LED]

And I never claimed that it did. What's popular isn't always good.

Re:And I feel so safe downloading it..

[Zontar+The+Mindless]

Real men use wget. Or telnet.

TFTFY

Re:And I feel so safe downloading it..

[forkazoo]

should, yes. most of the web does not.

Thankfully, most of the web that does not, isn't useful. Seriously, after adding necessary exceptions for a few days, the overwhelming majority of the web that I care about works just fine with NoScript installed. Most of what doesn't work is stupid, and the vanishingly small remainder is easy enough to whitelist with a click or two. Anything that requires clicking through whitelisting 37 domains to make it work properly, usually just turns out to be an adcrap laden hellhole that doesn't work at all even when it is 'working properly.'

Re:And I feel so safe downloading it..

[Seahawk]

Isn't that like saying: "Your application shouldn't break because a windowing system isn't available, but instead fall back to curses"?

Sometimes, IMHO, it's just not worth it to have a non-js enabled fallback.

Re:And I feel so safe downloading it..

Isn't that like saying: "Your application shouldn't break because a windowing system isn't available, but instead fall back to curses"?

I don't understand. You are describing a feature that is sensible, convenient, and present in the programs I find most useful. But the context implies that you somehow expect me to interpret it as a bad idea.

Re:And I feel so safe downloading it..

[TheRaven64]

NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to — after multiple warning from NoScript as to how dangerous it is.

Given the number of security holes in JavaScript implementations and the lack of adequate sandboxing in modern browsers, that's not too much of a stretch. Even if you trust the site, do you trust the guy who paid $10 to put an advert on it?

Re:And I feel so safe downloading it..

[Black+LED]

I would say it's more akin to someone sending you an HTML formatted email without an option for a plain text version.

Re:And I feel so safe downloading it..

[Big+Hairy+Ian]

Definitely telnet. It's the most secure.

Putty Putty Putty

Green Green Putty

I found in my armpitty

One midsummers morning

Re:And I feel so safe downloading it..

[Hatta]

NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to

Is that not actually the case? The fact that NoScript breaks half the sites on the web is a problem with the web, not a problem with NoScript.

Re:And I feel so safe downloading it..

[mattr]

Real me use curl. Or ssh.
updated that for you

Re:And I feel so safe downloading it..

[Lennie]

You are probably saver just disabling plugins like Java, Acrobat Reader and maybe Flash (or at least use the lastest version).

The Javascript is almost never the vulnerable part, it just used by many bootstrap it. But they don't have to do that.

Re:And I feel so safe downloading it..

[Lennie]

Really how many Javascript security holes have their been the last 10 years ?

In 99 of the 100 cases it was the Java or Acrobat Reader plugin which was the real problem. They just use Javascript to deliver it, but didn't have to.

Re:And I feel so safe downloading it..

[TheRaven64]

There have been no JavaScript security holes. There have, however, been a number of security holes in V8, in SpiderMonkey, etc. Just look up the numbers yourself if you're interested. The exact number depends on whether you are limited just to the JavaScript JIT, or if you include the DOM and related components.

Re:And I feel so safe downloading it..

[Lennie]

Yes, I know that. I'm just saying it is a much smaller problem than the plugins.

Especially with rapid release like Chrome and Firefox use to keep your browser up to date.

Re:And I feel so safe downloading it..

ever tried to make a proper web-site? not a site with 2 or 3 web-pages but a proper web-application sort of a site? it can have hundreds of pages and most of the times, your clients aren't interested in supporting the tin foil hat wearing paranoid geeks..they want the site to be up and ready as soon and with as little cost as possible, if that means an insignificant minority of internet users will not be able to use their site, so be it, the site was probably not built for them anyway...

and even if im working on a personal pet project, i want to complete the project and if supporting the insignificant minority who insist on staying stuck in the 90s means an additional 10,000 lines of code, well I'll release the source to that insignificant minority and they can then write the code to support themselves :) i don't have the resources, patience or the desire to support them by making a crippled version of my own product (and please don't say noscript tags can be used, if you are retrieving and displaying most of the content of your site using ajax or within iframes, using noframe does not really help that much unless you have a second version of the entire site with html anchors and pages which don't rely on ajax or iframes)

Re:And I feel so safe downloading it..

[Black+LED]

Are you really writing each page manually? That should all be pulled from a database and generated on the fly. It takes little to no additional effort to accommodate all users once you have a server side framework or a few scripts in place.

Re:And I feel so safe downloading it..

FUAETH.

X11 protocol is not used for VM virtualization!

Contrary to what the article above suggests, Qubes uses its own, custom and very slim GUI virtualization protocol, instead of the bloated and insecure X protocol!

Re:secure you say?

[R_Growler]

"It is the most secure option among the existing desktop operating systems"

what about OpenBSD?

Yes? What about it?

You know, the headline for all the sec related news should read: "New Secure OS (Not being OpenBSD) Rleased!" or "The Sky is Falling, We'll all be cyber-robbed real soon now (unless you are using OpenBSD)" or "New virus, be very afraid! (OpenBSD users, well.. you're fine)"..
You know it just does not make good press ;)

HTH, HAND.

-RG.

X startup failed, aborting installation

[WD]

Apparently Qubes can't be installed in VMware Fusion. This occurs with both the default boot mode and the "failsafe" VESA mode. I supposed that does indeed make it the most secure operating system possible.

Re:X startup failed, aborting installation

That's to prevent your system from being incepted.

Re:X startup failed, aborting installation

Imagine that, a virtualization technology that uses unused protection levels (rings) can't run a virtualization technology uses unused protection levels which are now in use!

I never would have guessed such a thing wouldn't work out of the box!

Re:X startup failed, aborting installation

[cpghost]

Let me guess (correct me if I'm wrong: I didn't check out Qubes yet...): Qubes may be something like a Dom0 platform with its own hypervisor, and isn't supposed to run in DomU environments, i.e. in yet another virtual machine. Try it on the bare metal, and it may work. Joanna Rutkowska is a well-known master in Hypervisor-related "black magic." I wouldn't expect anything less than a hypervisor-based OS (or Meta-OS?) from her. And this means always that it MUST run on the bare metal.

Re:X startup failed, aborting installation

[WD]

Possibly. In this case, however, it failed due to not having video drivers. It appears to require an Intel GPU. (or nVidia with some trickery)

Re:X startup failed, aborting installation

[sjames]

It is possible in some cases to run a VM in a VM. It's been done for decades on mainframes. It just happens that this particular VM won't run in a VM, but it's not an unreasonable thing to try.

Re:X startup failed, aborting installation

[smash]

Workstation can also run ESXi, and HyperV - expecting this OS to work under a hypervisor isn't necessarily unreasonable. Sure, it doesn't work, but it's worth a shot these days - nested virtualization has been available on X64 for some time now.

Re:X startup failed, aborting installation

True that.

I use an Intel DQ45EK motherboard - which is about the lowest end you can go and still have full functionality in Qubes.

It has an onboard Intel GPU, and it works great.

Re:X startup failed, aborting installation

Why would you want your system prevented from starting? Alternatively, I can see that having your system graduate from college could be a bit confusing.

Re:X startup failed, aborting installation

Have you found a workaround for this?

POSIX

Is this POSIX compliant? And does the command line support *NIX commands - if there is a command line?

Re:POSIX

[Tapewolf]

I'm not sure, but it seems to have a Fedora base. Talks about KDE a lot. See also: http://wiki.qubes-os.org/trac/wiki/InstallNvidiaDriver

Re:POSIX

[Tapewolf]

Actually, it seems to be something like a modified version of Fedora running inside their own hypervisor, with Fedora modified to run some processes inside sandboxes provided by the hypervisor. I think that's what it is, but I'm not completely sure.

Re:secure you say?

[0123456]

what about OpenBSD?

Or Solaris?

Not quite true about iOS...

[EGSonikku]

Would just like to point out iOS does in fact give user control over Privacy:

https://p.twimg.com/Avd_bj2CEAAokCD.jpg

The same pop-up occurs when an application wants to access your photo's, location, etc.

And you can also set up Provacy controls for apps in Settings:

http://i.imgur.com/LvImi.jpg

Re:Not quite true about iOS...

[PopeRatzo]

Would just like to point out iOS does in fact give user control over Privacy:

Is there a way to use iOS without iTunes, because iTunes does, by default, require personal information. Is there a way to set up iTunes and purchase apps for iOS without giving up any personal information?

If not, then aren't those "privacy" setting in iOS a little like closing the barn door after your mule has been kidnapped and gang-raped by a biker gang and sold into white slavery?

Re:Not quite true about iOS...

[SuricouRaven]

No. iOS devices are shipped in a locked state, and revert to locked when the erase feature is used. They can only be unlocked by connecting them to a computer running iTunes, and associating to it. I don't know if you need an iTunes account too, or just the software installed. The latter won't get you apps (Baring jailbreak) but you can at least put music and media on.

Re:Not quite true about iOS...

[girlintraining]

Would just like to point out iOS does in fact give user control over Privacy

Apple uses a different definition of privacy than other people do; they define it as "giving information to anyone other than us." So your data is private, as long as you don't mind Apple having all of it.

Re:Not quite true about iOS...

[EGSonikku]

How do you intend to purchase apps without giving Apple your address and a method of payment? You could just use free apps, or use Apple gift cards for making purchases, and provide a fake name and address.

At least as of the iPhone 4S, and 3rd Gen iPad you aren't required to plug into a computer or use iTunes to activate. All setup is now done on device.

Re:Not quite true about iOS...

[Shadowmist]

How do you intend to purchase apps without giving Apple your address and a method of payment? You could just use free apps, or use Apple gift cards for making purchases, and provide a fake name and address.

At least as of the iPhone 4S, and 3rd Gen iPad you aren't required to plug into a computer or use iTunes to activate. All setup is now done on device.

That's true of any device running iOS 5 or later.

Re:Not quite true about iOS...

[EGSonikku]

Apple's own apps have the same pop ups, and though you are asked for your name and address to create an AppStore account, nothing stops you from providing a fake name and address, or using Apple Gift Cards or throw away credit cards for purchases.

Re:Not quite true about iOS...

[EGSonikku]

Older iOS devices. The iPhone 4S, and the new iPad don't require a connection to iTunes at all for activation. You can take it right out of the box and turn it on and be on your merry way.

Re:Not quite true about iOS...

Would just like to point out that iOS is not the benchmark for security either.

Re:Not quite true about iOS...

nothing stops you from providing a fake name and address

No. You have to enter a valid credit card to create an account, including card number, and billing name/address.

Re:Not quite true about iOS...

[PopeRatzo]

How do you intend to purchase apps without giving Apple your address and a method of payment?

That's my point. There are methods of paying without giving personal information. Paypal comes to mind. Apple won't allow those.

That's why any "privacy" setting in iOS is just marketing BS.

Re:Not quite true about iOS...

Buy a gift card with cash. Lie about your personal information. Problem solved.

Re:Not quite true about iOS...

[PopeRatzo]

You can take it right out of the box and turn it on and be on your merry way.

Unless you want to run an app on it.

Re:Not quite true about iOS...

[PopeRatzo]

That's true of any device running iOS 5 or later.

It's also true that if you happen to want to actually use your iOS device by running an app on it, you've got to give up that personal information.

Re:Not quite true about iOS...

[jbolden]

Is there a way to use iOS without iTunes, because iTunes does, by default, require personal information. Is there a way to set up iTunes and purchase apps for iOS without giving up any personal information?

Unless you are on an enterprise account there is no tracking between accounts and what you buy. The only company with that information is Apple and Apple doesn't sell data. Its sort of like worrying about privacy from the bank that's running your credit cards.

Re:Not quite true about iOS...

[Mista2]

Or you can lie.
Just like the personal security questions, I lie to them too.
Many services i use think I live at 1 Infinite Loop, including Apple 8)

Re:Not quite true about iOS...

The only company with that information is Apple and Apple doesn't sell data.

This is so misguided it needs to be shouted at everyone. Are you insane?

Re:Not quite true about iOS...

[LocalH]

Funny, I have an Apple ID without a credit card attached.

Re:Not quite true about iOS...

[EGSonikku]

Then, as I said, you make an account as John Smith and make up an address and use gift cards or throw away credit cards. I mean, you can't blame Apple that purchasing things requires money. That's hardly an issue with iOS.

Re:Not quite true about iOS...

Mod UP

Re:Not quite true about iOS...

[marcello_dl]

Who should be interested in who I am? Apple or the credit card processor?

I should only enter the CREDIT CARD personal details on the page of the credit card processor, and leave no trace on the pc itself, no reason for it.

Re:Not quite true about iOS...

[PopeRatzo]

The only company with that information is Apple and Apple doesn't sell data. Its sort of like worrying about privacy from the bank that's running your credit cards.

And when Apple is regulated the way banks are supposed to be regulated, I'll be OK with that.

Re:Not quite true about iOS...

[PopeRatzo]

I mean, you can't blame Apple that purchasing things requires money.

Not just money, but traceable, personally identifiable money.

If Apple cared about anyone's privacy, they would accept PayPal payments.

Re:Not quite true about iOS...

[jbolden]

I think Paypal and iTunes are broad enough that they should fall under banking laws. The FDIC so far is of the opinion that if you don't hold customer money you don't need to be chartered like a bank.

Re:Not quite true about iOS...

[PopeRatzo]

Paypal certainly "holds customer money".

My account balance, as of 5:10pm CST, was about the same size as my personal checking account.

My small business' PayPal accounts often holds as much or more than the business checking.

Re:secure you say?

[0123456]

Actually, it looks somewhat similar to the secure version of Solaris, running different processes in different VMs. I wonder if I have a crappy old machine lying around somewhere that I could test it on.

What a specimen

[TummyBanana]

Blimey, have you checked her out? She has is now my third favourite woman (after my mother and the Queen).

Re:What a specimen

[blade8086]

Yes, but she speaks polish. have you ever heard polish?

Re:What a specimen

I'm sure we could think of things to do to keep her from speaking.

But, looking at photos, I'm not convinced she's not a fembot of some type. Definitely some robot in there somewhere.

Re:What a specimen

[TummyBanana]

Yeah, but I bet she speaks better English than most English people, too.

Re:What a specimen

Not passing judgment in any way, but you do know that this specimen is of questionable gender?
http://www.rutkowska.yoyo.pl/

Re:What a specimen

[spasm]

And people wonder why women avoid IT..

Re:What a specimen

[Zero__Kelvin]

Yes. It is a well known fact that women hate it when guys think they are hot.

Re:What a specimen

[LocalH]

Why do you care?

Re:What a specimen

[geminidomino]

Don't feed the butthurt feminist trolls...

Re:What a specimen

[macraig]

I don't share your particular preferences for (pheno-|geno-|whatever-) type. Competitors - 1. Lucky you!

Re:What a specimen

[capedgirardeau]

I don't see anything in the comment you replied to that indicates poster meant she was attractive or was in any way objectifying or sexist.

In fact quite the opposite when you read who is other two top females are, his mom and the Queen, women he presumably respects for reasons other than sexist reasons.

It read to me like he checked out her significant credentials in her chosen field and was very appropriately impressed.

Re:What a specimen

[Robert+Zenz]

There's a difference between "Telling a woman that she looks good/hot/awesome" and "being a total jerk".

Re:What a specimen

It is a well known fact that women hate it when guys think they are hot.

No, but it is a well-known fact that people with functioning brains hate it when assholes act like a woman's appearance is relevant to a discussion of an article about an innovative operating system.

Re:What a specimen

[Zero__Kelvin]

I must have missed the part where he claimed that the OS was or wasn't secure based on her appearance. Basically you are saying that we can't observe that a woman is good looking in any context other than a beauty contest, since - for example - if I make such an observation at Starbucks I am an asshole since it has nothing to do with coffee. Get a life. Seriously.

Re:What a specimen

i know what i'll feed their butt hurt with

Re:What a specimen

[serviscope_minor]

The article is about lightweight virtualisation containers (interesting).

Some prat thought this would a good time to start making off-topic and irrelevent comments about the appearance of one of the people involved. Notice how this only ever seems to happen with women. Noone ever points out if a guy involved is ugly or not or bald or whatever (most guys can spot an ugly bald guy, so why no comments? Why no comments if the guy is good looking too?).

Basically what happens is that for a small but annouyingly vocal minority of /. commenters any article about a guy doing things is about the technical stuff, anything a women does becomes about her appearance.

Do you honestly claim that you don't see how that is plain douchy?

asically you are saying that we can't observe that a woman is good looking in any context other than a beauty contest, since - for example - if I make such an observation at Starbucks I am an asshole since it has nothing to do with coffee.

No, you are an asshole because you seem to be unable to see why every article involving women but not men degenterates into a discussion about the woman's appearance, is sexist.

Re:What a specimen

[serviscope_minor]

Don't be a mysoginist douche.

Re:What a specimen

[PsychicX]

In all seriousness, it is nice to see that a perfectly normal looking woman (ie not "ugly" or "manly" as is often the norm for acceptability into male-dominated circles) is also a brilliant hacker and presumably successful businesswoman. Wait, not nice -- fantastic. Amazing. Wonderful.

Re:What a specimen

[serviscope_minor]

At was first I was thinking you might be gay, but then I realized that isn't possible because you're a straight moron.

Not sure how you deduced either of those, but whatever.

On websites most frequented by women you will sometimes see a comment that I am hot.

Well, I hope you won't be offended that I do not take you at your word on that one.

I don't take offense anymore than a psychologically healthy woman would take offense.

And what websites are these?

Actually who cares?

The fact of the matter is that every tech thing involving a woman always has one commenter posting on her appearance. It's not relevent.

You don't have any idea what sexist means.

I have a feeling I'm about the be enlightened...

his thread did degrade, but it didn't degrade into a sexist degeneration of the obviously highly competent and attractive woman.

Really? What has her appearance got to do with Qubes? Absoloutely nothing. "Woman does cool stuff" always partially degenerates into "woman is hot".

Again, nobody said "that OS can't be secure because she is too hot.

Nobody said anybody said that except for you. Apperently reality isn't your strong suit.

What has her *physical appearance* got to do with Qubes? Nothing whatsoever.

Re:What a specimen

[Zero__Kelvin]

"... and then don't bother to reply."

I didn;t read your drivel. Learn to follow directions next time.

Re:What a specimen

[serviscope_minor]

I like the sound and solid rebuttal of my claim that technical threads degenerating into "hot or not" for female technical people is somehow bad. Your rhetoric is really improving.

Learn to follow directions next time.

What on earth makes you think that I would pay even the slightest attention to your directions. You're clearly not a very logical person, so it stands to reason that your directions would not be very sound either.

Re:What a specimen

That might be irrelevant or relevant. The project/company is heavily focused towards security. If this is a gender change, no problem. If this is someone posing as different person, then it *is* relevant.

On a side note, the company does not have any business address listed on site, but I managed to find their government registration record here: http://www.krs-online.com.pl/invisible-things-lab-joanna-rutkowska-krs-477642.html so they do exist.

Pretty sure that once they get first customers, and those customers will be interested in security, the thirst thing they do will be monitor Invisible Things Lab and Joanna Rutkowska, so they'll know for sure.

Re:What a specimen

[geminidomino]

Ah, "misogynist," (note spelling) another word that has lost pretty much all meaning save to serve as a shibboleth within the ranks of the True Believers, thanks to overuse. How lovely.

Protip, white knight: There's a difference between hating women and not buying into feminist bullshit.

Re:What a specimen

[serviscope_minor]

There's a difference between "not buying into feminist bullshit" and being a misogynist douche.

Protip: excessive use of "protip" also makes you sound like a regular douche.

Re:What a specimen

I'm confused. What is wrong with a man mentioning that a woman is intelligent and attractive a bad thing. Isn't that what most men want in a woman. I would think that would be a great complement. It's not like he said anything rude or crass.

I think they know.

Note: We don't recommend installing Qubes in a virtual machine!

No, I'm not going to say something snarky like "you should have read the system requirements." or some demeaing bullshit that's all to common on Slashdot that also gets mod'ed up.

if I had a machine available I would have done the same thing - hey, that's what we do! jump in, try it out, and have fun

Re:I think they know.

[WD]

Thanks. That's good to know. But it surely eliminates the majority of people who may wish to try it out.

Re:I think they know.

[Wolfrider]

--The site/article also mentions that it can be installed to a USB drive... ;-)

Yawn

I have a computer that's even more secure.

It has no plugs at all. If you can't power it on. It's forever secure!

Not very useful tho.

Alot like tfa one it sounds like.

Re:Yawn

The Iranians thought that being offline would protect them too.

Re:secure you say?

Just run it in a VM.

Re:secure you say?

[0123456]

Just run it in a VM.

You seem to have missed the comments further down about it not running in a VM.

Missing projects & documents on her site

what happened to some of the projects on her site? "Red Pill" and others are nothing but broken links. What a shame, some useful tools and documents.

But.. consider...

what if she's a spy?

Disposable VM

(2010) "Disposable VMs will be very lightweight VMs that can be created and booted in a very short time, say 1s, with a sole purpose of hosting only one application, e.g. a PDF viewer, or a Media Player."

so what exactly is this disposable vm? is it self-contained? can it run non-virtualized? what applications can it run? what application can it not run?

TIA

Re:Disposable VM

FreeBSD already has these, called Jails :P PC-BSD makes it easy to install each application into its own jail. Negligible overhead.

lacking documentation or lack of focus

[ThorGod]

I've looked through the docs, and can't tell what distro this is based upon.

It's a cool thought, but it feels a little too 'new' and lacking in robustness.

Re:lacking documentation or lack of focus

[Zero__Kelvin]

"I've looked through the docs, and can't tell what distro this is based upon."

You should have stuck with the main page. From the linked page: "And what good is saying that our microkernel is formally verified, if we continue to use a bloated and buggy X server as our GUI subsystem?" It is an OS with its own microkernel. So you can reasonably expect to have difficulty determining which distribution it is based on, since it is not based on a distribution.

Re:lacking documentation or lack of focus

[ThorGod]

I'm not sure you're correct on that. I've read comments elsewhere suggesting it's a modified Fedora. Further, the statement you listed does not say anything about Qubes itself. It says there are microkernels that are verified as "secure", but that X itself is not.

Funny that my honest question gets modded down. This is not an obvious question that's readily apparent from the blog post nor project website.

Re:lacking documentation or lack of focus

[Aaron+B+Lingwood]

I have been using Qubes for some time and have used it as the starting point for my own desktop. Qubes is a customized Xen kernel booting a customized linux kernel as Dom0 (or Host). It currently uses a modified Fedora for the Dom0 as Fedora has best support for various Xen tools, comes with a scriptable installer (Anaconda), and plans adoption of Wayland to replace the unsecure X protocol.

Re:lacking documentation or lack of focus

[ThorGod]

Thank you! That's what I was trying to figure/find out!!

(I'm sure it's readily apparent somewhere in the documentation, I just had a difficult time finding it yesterday.)

I Use Words Good

[fm6]

A JVM is called a virtual machine, but it isn't virtual machine in the same sense as the one provided by Xen. The JVM is a simple bytecode interpreter/compiler. It sort of emulates a machine, but not a complete machine. It runs in user space on top of the native OS and cannot run an OS of its own.

Xen is a hypervisor whose virtual machines emulate a complete system. It doesn't just run the application program, it runs the whole bloody OS. The virtual machine has virtual disks, virtual memory, a virtual processor, even a virtual reset button, Support for this virtualization is built into modern processors, so it occurs at a very low level.

I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things, But it's one hell of a lot harder than breaking out of a JVM sandbox.

Re:I Use Words Good

[LordLimecat]

I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things

Someone who could figure out how to do that would rent a private virtual server from Rackspace and go to town. I imagine there would be far more lucrative targets than a desktop.

Re:I Use Words Good

[fm6]

Not at all. You could put a Xen-breaking package in a trojan or virus and create virtual zombies for your botnet. But your malicious Rackspace VM would be limited to penetrating VMs that happened to live on the same physical server.

But.... I used to be the documentation lead for the Sun Fire X4600, a server that could have 8 quad-core processors and half a terabyte of RAM. You could run hundreds of VMs on the thing. Discontinued, alas.

Re:I Use Words Good

[LordLimecat]

What im saying is that if youve cracked through to the hypervisor, they have some serious problems. If you manage to get root access to the box, all bets are off, especially if they have some kind of clustering-- you could potentially provision scads more VMs, and they would be loadbalanced.

Re:I Use Words Good

[blueg3]

I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things,

Can and has. The sufficiently clever hacker that has been behind most incidences of piercing the guest-hypervisor veil is one Joanna Rutkowska, CEO of Invisible Things Lab.

Interesting how that works, don't you think?

Re:I Use Words Good

Yeah, its definitely a tough nut cracking into a guest OS especially if it is run as a read only mount and I guess that's probably the idea here so that any malware program cannot alter the so called security provisioning programs.

----------------------
http://dealcouponsusa.com
http://coolcoupons.in
http://topcoupons.in

Re:I Use Words Good

[fm6]

Good thing she uses her powers for good!

Re:I Use Words Good

[cerberusss]

I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things, But it's one hell of a lot harder than breaking out of a JVM sandbox.

No, it's not:
Script Error Opens up Security Hole in Xen 3.0.3

It's an easy trap to fall for, I grant you that. I was on the same line of thinking until my server got hacked with exactly the above mentioned bug.

Re:I Use Words Good

Breaking out of the hypervisor is definitely doable. It has been done before, even as recently as 2 months ago. See: http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/ for a recent example, but dont fool yourself into thinking this is just a one time thing...

Re:I Use Words Good

[Bert64]

Your VM could be clustered, and could get migrated to another server, giving you another target to attack.
Having root on one cluster node might give you the ability to access other nodes, depending on configuration... At the very least you could probably force a vm to be migrated, and then use that to root the other node.
You would have access to all the other vm images running on the same host, some of which may have access or common passwords to other images running on other physical hardware...

Re:I Use Words Good

What you said does not make any sense. Furthermore, it is not a tough nut cracking into a 'guest os', even if it is run from a read only mount. You can still exploit client-side vulnerabilities to obtain user-level access. From there you can use a hypervisor breakout and then its game over.

Re:I Use Words Good

[gbjbaanb]

I imagine there would be far more lucrative targets than a desktop.

while the bad guys like hacked servers due ti the bandwidth they bring, they also are a single point of failure - and an admin is more likely to be taking note of what that box is doing (or the hosting facility network guy is).

so a single server is like getting a general, but... once you've broken 1 copy of Windows, you have an army of foot troops ready and waiting to follow your commands.

Re:I Use Words Good

[lindi]

That bug was found by Rafal Wojtczuk who is also an author of Qubes: https://groups.google.com/forum/?fromgroups#!topic/qubes-devel/JIpZoQUP6dQ

Re:I Use Words Good

[NormalVisual]

I used to be the documentation lead for the Sun Fire X4600

Want. I could only afford a lowly X2100, which is still running 10 or so VMs quite comfortably even now, almost four years later.

Re:I Use Words Good

Slashdot comments are getting really crappy. We are on the internet. Why the heck do you not include a link?!?

http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html

Or at the very least, mention what you are talking about --> Blue Pill.

And this has NOTHING to do with bypassing an existing guest-hypervisor to get to dom0. It is about creating an ultrathin-hypervisor to hide your malware so it is not discoverable by the OS it is running on.

+5 informative, my butt. More like +5 misleading and incomplete information

Re:I Use Words Good

[blueg3]

You didn't know what I was referring to, so you went and found something, assumed that's what I was referring to, and then criticized me for that thing not being relevant? I hope you see the error in logic here.

Re:Yeah, VMs are the answer

Why does it pass true to the break out routine?

Debian GNU/Hurd

Does this visualization better by leaps and bounds. Just need some more polish.

Re:Yeah, VMs are the answer

[fm6]

Learn basic coding, dude:

If (insideVM()) {
            If(vmHost==exploitableVersion) {
                        doBreakOutRoutine( );
            }
}

New OS or glorified shell script ?

It seems to me that QubeOS is little more than a wrapper for your usual kvm machines.

How comes this makes the news on /. ?
Is QubeOS any more interesting than Joanna Rutkowska's previous discoveries like the 100% undetectable rootkit: https://en.wikipedia.org/wiki/Blue_Pill_%28software%29
Which was actually not even stealth if the rules had allowed to tamper with the machine or saturate the CPU like any serious forensic people would do.

Is that just another hoax to draw attention and ask for a huge sum of money this time again ?
I have lurked Rutkowska's blog and website, i'm pretty sure the "CEO" doesn't actually have any technical skills nor a big team of specialized engineers.

Presenting other people's work at DefCon as your own this year again ? Sure, no shame whatsoever.

Re:New OS or glorified shell script ?

I can plug VNC clients to my FreeBSD jails too for sure and didn't rebrand the concept as a whole new OS.

Re:New OS or glorified shell script ?

[lindi]

The way Qubes shares composition buffers of X applications over xen shared memory is much nicer than VNC. It is rootless unlike VNC and there is no extra copying of data over a socket so you get nice performance. They also do sound so you can actually watch youtube in a web browser that runs in a disposable VM.

Re:Yeah, VMs are the answer

Don't you mean Jython? Or was it Scala... :)

A secure approach to insecure software

[hobarrera]

The whole idea seems quite ridiculous.
The OS's focus is isolating applications because they may have security issues. That's just a nasty workaround, applications with issues need to be fixed, and that's the end of it. You can try a millon different thing, but coding secure applications will always work.
It will always have less overhead as well, since it's not an aditional VM (how much memory does this use up in order to run, say, leafpad?
Have we really reached a point were bad software is so commonly accepted that we tailor OSs so it's no longer a problem?

Re:A secure approach to insecure software

[myxiplx]

Riiiight. Because requiring every single programmer in the world to design perfect software with no errors is sooooo much easier than adding extra security to the OS.

People make mistakes, it's why the term human error exists. In the real world people accept this and work with it. It isn't something you can eliminate.

Re:A secure approach to insecure software

[gl4ss]

here's their faq, it does seem sensible. however lack of opengl apps makes it a bit unfeasible for daily driver.

Home
Architecture
Screenshots
FAQ
Press
Resources

BulletIsn’t Qubes just another Linux distribution after all?

Well, if you really want to call it a distribution, then we’re more of a “Xen distribution”, rather then a Linux one. But Qubes is much more than just Xen packaging -- it has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc, and also its very unique GUI virtualization infrastructure.

BulletWhat is the main concept behind Qubes?

To build security on the “Security by Isolation” principle.

BulletWhat about other approaches to security?

The other two popular approaches are: “Security by Correctness”, and “Security by Obscurity”. We don’t believe any of those two can bring reasonable security today and in the foreseeable future.

BulletBut what about safe languages and formally verified microkernels?

In short: these are non-realistic solutions today. We discuss this more in-depth in our Architecture Specification document.

BulletWhy Qubes uses virtualization?

We believe that today this is the only practically viable approach to implement strong isolation, and, at the same time, provide compatibility with existing applications and drivers.

BulletDoes Qubes run every app in a separate VM?

No! This would not make much sense. Qubes uses VMs to create security domains, such as e.g. ‘work’, ‘personal’, ‘banking’, etc. Typical user would likely need around 5 domains. Very paranoid users, who are high-profile targets. might use around a dozen domains.

BulletWhy Qubes uses Xen, and not e.g. KVM?

In short: we believe the Xen architecture allows to create more secure systems, i.e. with much smaller TCB, which translates to smaller attack surface. We discuss this much more in-depth in our Architecture Specification document.

BulletHow stable is the current Qubes release?

Right now we’re at the beta stage, which means the system is quite mature, but still need some polish, mostly at the UI-level. The system seems stable besides that.

BulletWhen do you anticipate the production quality version to be ready?

Fall 2011.

BulletDo you plan a commercial version of Qubes?

Qubes will always remain an open source project. However we plan to create some commercial extensions to the system in the future. This might include e.g. support for Windows-based AppVMs.

BulletWhat is so special about Qubes GUI virtualization?

We have designed the GUI virtualization subsystem with two primary goals: security and performance. Our GUI infrastructure introduces only about 2,500 lines of C code (LOC) into the privileged domain (Dom0), which is very little, and thus leaves not much space for bugs and potential attacks. At the same time, due to smart use of Xen shared memory our GUI implementation is very efficient, so most virtualized applications really feel like if they were executed natively.

BulletCan I w

Re:A secure approach to insecure software

however lack of opengl apps makes it a bit unfeasible for daily driver

Which OpenGL apps do you require on a daily basis? I can't think of a single one that isn't either a video game or something extremely specialized.

Re:A secure approach to insecure software

[hobarrera]

So maybe we should surround all roads with foam as well, instead of expecting people to drive cars properly. Humans will make mistakes, and it isn't something you can eliminate.

Re:A secure approach to insecure software

No, but we do have safety features built into the cars, and crash barriers on the fast roads. Accidents will happen, but it makes sense to take precautions to reduce the risks. Technology is now getting to the level where the cars themselves can help avoid crashes.

And precautions like that are exactly what's being done by hardening the OS as described here. Programmers do their best to write good software, but mistakes will happen and unfortunately in the current climate their are a lot of extremely good programmers targeting these mistakes. This means there is a very real risk of systems being hacked or infected with viruses.

Given that, adding protection to the OS to reduce these risks is a sensible precaution. Certification of software is another useful step, and both Apple and Google are using that to good effect, with Microsoft having similar plans going forwards.

Re:A secure approach to insecure software

[fa2k]

It's not just "insecure" applications, it's *malicious* applications. If you use Linux, how many packages do you have installed? Imagine how easy it would be for someone to slip some backdoor into a single one of those. And if you ever download small pieces of software for a one-off task, do you read all the source to make sure it's clean? Current OSes are incredibly insecure: any appliaction run as your user basically has access to all your data, your network and all devices. Making different users is perhaps sufficient for terminal applications, but for GUI applications you are limited by X11, which is not designed to isolate clients.

Re:A secure approach to insecure software

[hobarrera]

I hate to tell you this, but the BSD community has found a better alternative to certification, and it's been around for about 30 years: let others review the code (regardless of if it is or isn't free-software).

Re:A secure approach to insecure software

[hobarrera]

I know applicaiton I use have access to my network, just in the same way that physical products have access to the enviroment around me. It's still my responsability to use the right tools in the right way.

Re:secure you say?

Well, if you use KVM, you can pass your processor VMX/SVM flag and it would run another hypervisor on top on your KVM VM

Re:secure you say?

"I wonder if I have a crappy old machine lying around somewhere that I could test it on."

No. You almost surely don't.

I've been fooling around with Qubes for six months now, looking for a good solution to the Bitcoin offline wallet issue. Qubes is perfect - you don't need to be offline, and yet you can manipulate your 'offline' wallet using Armory in a ("Black") Qubes VM with zero network contact; but you can use (secure copy/paste) file transfer to the online component of your wallet in a different VM with network access to send and receive bitcoins.

The thing is, you need some pretty specific hardware to enable all the security features of Qubes: either Intel VT-d, or IOMMU. Effective GPUs are limited as well. And chipsets, of course.

So unless your "crappy old machines" are a hell of a lot better than what's usually laying around, you're going to need to buy some hardware just like I did.

But it's worth it.

Re:A new OS? Really?

I thought it used a different kernel. Where are you seeing that it's a Linux distro?

Com or Corba?

I can help but feel that something like this would need some form of (D)COM or CORBA for interVM communication. The problem is that AFAIK all such technologies are gead expect for those specific to a particular language.

Re:secure you say?

Solaris zones are not true virtual machines. They often inherit directories from the parent, and they share the same kernel as the global zone.

Not a new concept

[pop+ebp]

Fedora has had the "sandbox" command for some years which uses SELinux to set up a disposable sandboxed context for running a program.

Since Fedora 17 there is also a "virt-sandbox" command using LXC or KVM to do a similar job:

https://fedoraproject.org/wiki/Features/VirtSandbox

Re:Not a new concept

[lindi]

Do these really work for desktop use? The links that you provided don't seem to mention graphics, sound or clipboard handling. Perhaps you have some more information that I didn't find when I quickly browsed those?

Re:Yeah, VMs are the answer

[erroneus]

It's just made-up crap code written so that the point is clear. Adding as many lines as possible was the point.

The point is that breaking out of VMs is done often enough that it's trivial once an exploit is identified.

Yes, no doubt simplified code compiles smaller and runs faster. Get the point, and stay out of details. Look around yout. It's a DISCUSSION FORUM.

Re:secure you say?

Can't you just run it in a VM? :-)

Re:secure you say?

[MichaelJ]

You are correct about Zones. They're even lighter-weight than paravirtualized VMs, which in turn makes them ideal for some things, and not others. Solaris also has Logical Domains (LDOMs) which are very much like VMs. They see only the hardware that has been mapped into them. If you need something to be visible to multiple LDOMs (like your network interface) you have to have a control LDOM which owns that particular piece of a hardware and virtualizes it for any other LDOMs that want to see it. They're not the easiest thing in the world to set up, but work well (on larger hardware) and are nicely isolated.

Security Concerns

[polyp2000]

"even more secure than Apple's iOS"

Wow ... thats the benchmark is it ?

i SAW xSYSTEMS

Xsystems have a great many vunerabilities such as x windowing server and the security model itself is broken, obsolete, etc. as per yesterdays slashdot thread if you bothered to read the links to whats broken and ungrokken in LUX

Re:secure you say?

[SixGunMojo]

"It is the most secure option among the existing desktop operating systems"

what about OpenBSD?

As someone who is paranoid enough that all my personal financial online transactions are done on a live cd, I love the consept of OpenBSD. In the past I have installed it on both a pc and a laptop. Not even after, or during, a week long Hunter S Thompsonesque drug and alchohol binge would I consider OpenBSD a desktop os.

Re:Yeah, VMs are the answer

[fm6]

Crap code offends me. Sorry, it's a personality flaw.

Re:Yeah, VMs are the answer

[binarylarry]

It's funny because your response was also crappy.

To those saying "it sounds like ..." ...

[daboochmeister]

I've read a lot of comparisons here that mention Qube as "sounding just like running things in a VM/container/chroot" ... just fyi, from my reading of their architecture docs (several months ago) the difference is that they've isolated specific userspace processes to run in these lightweight VMs, and defined an API approach for other processes to interact with them. E.g., running the X server in a VM, while X apps can still make all expected calls, without being aware that they're crossing VM boundaries -- and yet under the covers, the isolation is there, and protecting both sides. That's somewhat more than just being able to run the apps you want in a VM.

Iirc, they've even isolated certain kernel processing into separate VMs, e.g. the network stack. But someone not relying on months-old memory, pls check me on that.

Storage

[fa2k]

I really want this. One problem: The storage VM seems to be running Linux, but can you use any filesystem you want, and can you use software RAID?

Re:Storage

[fa2k]

And of course, I assume it uses encryption?

Re:Yeah, VMs are the answer

[fm6]

Oh yeah? Well, your mother wears Army boots!

the only thing that bothers me

is their statement "In the future it might also run Windows apps". why would i install an os with that mistake as its goal?

Re:Yeah, VMs are the answer

Burned! .. with napalm!

Answering a question got me a downmod? LMAO... apk

Fine, but you all WISH you had it "going on" like the lady this topic's about & you WISH You were her... period!

* After all - She's out there DOING THINGS in the art & science of computing, + doing well @ them... are you?

APK

P.S.=> On that note? A little "dedication" to my fellow Polish person, in a tune that I *think* describes her abilities, perfectly:

---

ROXETTE - "Dangerous":

http://www.youtube.com/watch?v=VFNRh26TPmM

---

(I love the ending - that woman has a HELL OF A VOICE!)

... apk