Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xen-Based Secure OS Qubes Hits 1.0

Posted by Unknown on from the subhurds-for-the-masses dept.

Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today released version 1.0 of Qubes, a stable and reasonably secure desktop OS. It is the most secure option among the existing desktop operating systems — even more secure than Apple's iOS, which puts each application into its own sandbox and does not count on the user to make security decisions. Qubes will offer users the option of using disposable virtual machines for executing tasks they believe could harm their computer. These VMs will be lightweight, easily and extremely speedily created and booted, and would be just as easy to discard." First covered back in 2010. See some screenshots of the X11 part in action (and they say displaying clients from multiple "hosts" isn't useful...)

8 of 175 comments (clear)

  1. Re:secure you say? by 0123456 · · Score: 4, Informative

    Actually, it looks somewhat similar to the secure version of Solaris, running different processes in different VMs. I wonder if I have a crappy old machine lying around somewhere that I could test it on.

  2. I Use Words Good by fm6 · · Score: 5, Informative

    A JVM is called a virtual machine, but it isn't virtual machine in the same sense as the one provided by Xen. The JVM is a simple bytecode interpreter/compiler. It sort of emulates a machine, but not a complete machine. It runs in user space on top of the native OS and cannot run an OS of its own.

    Xen is a hypervisor whose virtual machines emulate a complete system. It doesn't just run the application program, it runs the whole bloody OS. The virtual machine has virtual disks, virtual memory, a virtual processor, even a virtual reset button, Support for this virtualization is built into modern processors, so it occurs at a very low level.

    I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things, But it's one hell of a lot harder than breaking out of a JVM sandbox.

    1. Re:I Use Words Good by blueg3 · · Score: 4, Informative

      I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things,

      Can and has. The sufficiently clever hacker that has been behind most incidences of piercing the guest-hypervisor veil is one Joanna Rutkowska, CEO of Invisible Things Lab.

      Interesting how that works, don't you think?

    2. Re:I Use Words Good by lindi · · Score: 3, Informative

      That bug was found by Rafal Wojtczuk who is also an author of Qubes: https://groups.google.com/forum/?fromgroups#!topic/qubes-devel/JIpZoQUP6dQ

  3. Re:And I feel so safe downloading it.. by fm6 · · Score: 3, Informative

    I haven't visited the Qubes web site, But the fact that No'Script breaks it is not a big issue, NoScript breaks half the sites on the web. NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to — after multiple warning from NoScript as to how dangerous it is.

    If you think this is a sane approach to security, you should consider abandoning graphical browsers altogether. I think Lynx is still being maintained.

  4. Re:X startup failed, aborting installation by sjames · · Score: 2, Informative

    It is possible in some cases to run a VM in a VM. It's been done for decades on mainframes. It just happens that this particular VM won't run in a VM, but it's not an unreasonable thing to try.

  5. Re:lacking documentation or lack of focus by Aaron+B+Lingwood · · Score: 3, Informative

    I have been using Qubes for some time and have used it as the starting point for my own desktop. Qubes is a customized Xen kernel booting a customized linux kernel as Dom0 (or Host). It currently uses a modified Fedora for the Dom0 as Fedora has best support for various Xen tools, comes with a scriptable installer (Anaconda), and plans adoption of Wayland to replace the unsecure X protocol.

    --
    [Rent This Space]
  6. Re:secure you say? by MichaelJ · · Score: 3, Informative

    You are correct about Zones. They're even lighter-weight than paravirtualized VMs, which in turn makes them ideal for some things, and not others. Solaris also has Logical Domains (LDOMs) which are very much like VMs. They see only the hardware that has been mapped into them. If you need something to be visible to multiple LDOMs (like your network interface) you have to have a control LDOM which owns that particular piece of a hardware and virtualizes it for any other LDOMs that want to see it. They're not the easiest thing in the world to set up, but work well (on larger hardware) and are nicely isolated.

    --

    Michael J.
    Root, God, what is difference?