Xen-Based Secure OS Qubes Hits 1.0

Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today released version 1.0 of Qubes, a stable and reasonably secure desktop OS. It is the most secure option among the existing desktop operating systems — even more secure than Apple's iOS, which puts each application into its own sandbox and does not count on the user to make security decisions. Qubes will offer users the option of using disposable virtual machines for executing tasks they believe could harm their computer. These VMs will be lightweight, easily and extremely speedily created and booted, and would be just as easy to discard." First covered back in 2010. See some screenshots of the X11 part in action (and they say displaying clients from multiple "hosts" isn't useful...)

Re:secure you say?

[R_Growler]

"It is the most secure option among the existing desktop operating systems"

what about OpenBSD?

Yes? What about it?

You know, the headline for all the sec related news should read: "New Secure OS (Not being OpenBSD) Rleased!" or "The Sky is Falling, We'll all be cyber-robbed real soon now (unless you are using OpenBSD)" or "New virus, be very afraid! (OpenBSD users, well.. you're fine)"..
You know it just does not make good press ;)

HTH, HAND.

-RG.

Re:secure you say?

[0123456]

Actually, it looks somewhat similar to the secure version of Solaris, running different processes in different VMs. I wonder if I have a crappy old machine lying around somewhere that I could test it on.

Re:And I feel so safe downloading it..

[0123456]

Because the first thing I see is:
Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

Real men use wget. Or telnet.

What a specimen

[TummyBanana]

Blimey, have you checked her out? She has is now my third favourite woman (after my mother and the Queen).

I Use Words Good

[fm6]

A JVM is called a virtual machine, but it isn't virtual machine in the same sense as the one provided by Xen. The JVM is a simple bytecode interpreter/compiler. It sort of emulates a machine, but not a complete machine. It runs in user space on top of the native OS and cannot run an OS of its own.

Xen is a hypervisor whose virtual machines emulate a complete system. It doesn't just run the application program, it runs the whole bloody OS. The virtual machine has virtual disks, virtual memory, a virtual processor, even a virtual reset button, Support for this virtualization is built into modern processors, so it occurs at a very low level.

I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things, But it's one hell of a lot harder than breaking out of a JVM sandbox.

Re:I Use Words Good

[blueg3]

I imagine a sufficiently clever hacker could think of a way to bypass the guest OS and the hypervisor and do wacky things,

Can and has. The sufficiently clever hacker that has been behind most incidences of piercing the guest-hypervisor veil is one Joanna Rutkowska, CEO of Invisible Things Lab.

Interesting how that works, don't you think?

Re:And I feel so safe downloading it..

[Black+LED]

If your site breaks because the client doesn't have JavaScript enabled, then you are doing it wrong. The site should gracefully degrade so that anyone can use it.

Re:New OS or glorified shell script ?

[lindi]

The way Qubes shares composition buffers of X applications over xen shared memory is much nicer than VNC. It is rootless unlike VNC and there is no extra copying of data over a socket so you get nice performance. They also do sound so you can actually watch youtube in a web browser that runs in a disposable VM.