Slashdot Mirror

← Back to Stories (view on slashdot.org)

Qubes OS 3.1 Has Been Released

Posted by timothy on from the or-is-that-have-been-released dept.

Burz writes: Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS are Salt management, the Odyssey abstraction layer, and UEFI boot support. The 3.x series also lays the groundwork for distributed verifiable builds, Whonix VMs for Tor isolation, split-GPG key management, USB sandboxing, and a host of others. Qubes has recently gained a following among privacy advocates, notable among them journalist J.M. Porup, Micah Lee at The Intercept and Edward Snowden. Embodying a shift away from complex kernel-based security and towards bare metal hypervisors and IOMMUs for strict isolation of hardware components, Qubes seals off the usual channels for 'VM breakout' and DMA attacks. It isolates NICs and USB hardware within unprivileged VMs which are themselves are a re-working of the usual concept, each booting from read-only OS 'templates' which can be shared. Graphics are also virtualized behind a simple, hardened interface. Some of the more interesting attacks mitigated by Qubes are Evil Maid, BadBIOS, BadUSB and Mousejack.

43 comments

  1. What was it in for/? by Anonymous Coward · · Score: 0

    Parole?

  2. This sounds great by Anonymous Coward · · Score: 0

    Only if you want to boot a completely secure OS and then spend a lot of time doing absolutely nothing useful with it. I guess maybe you could hammer out a decent manifesto with it, as long as you stuck to plain text. Odds are nobody would hack in and find it until you e-mailed it to the newspaper after your attack.

    1. Re:This sounds great by Anonymous Coward · · Score: 1

      Only if you want to boot a completely secure OS and then spend a lot of time doing absolutely nothing useful with it

      Did it take many years of advanced training to reach your level of cluelessness, or did it come naturally for you?

  3. Re:A Settlement Needs Your Help by Anonymous Coward · · Score: 0

    So... like, nuh uh dude, the FBI and CIA too!

  4. What is it? by Anonymous Coward · · Score: 0

    Neither article nor front page of linked website says.

    1. Re:What is it? by Anonymous Coward · · Score: 0

      If you're unable to figure that out, you should take a pass and stick with the Windows 10 Home edition that came with your entry level Lenovo laptop.

      Even with all of the automation and simplification that Qubes provides, it is something that should only be attempted by someone with basic reading comprehension skills and a 3 digit IQ.

    2. Re:What is it? by lhowaf · · Score: 1

      This sort of acrimonious shite causes me to question the value of AC posts.

      Maybe there should be a "Registered User Posting Anonymously" that gets a score of 0 while AC posts get a score of -1.

    3. Re:What is it? by Anonymous Coward · · Score: 0

      It's responses like this that prevent Linux from being a viable desktop OS.

    4. Re:What is it? by Anonymous Coward · · Score: 0

      Near as I can tell, it's a microkernel-based operating system, except that instead of a microkernel and server processes they're using a hypervisor and virtual machines. What that buys you I don't know.

  5. Qubes by Anonymous Coward · · Score: 0

    Last time I tried it, there were no games. Hopefully this has improved in this release.

  6. A word to the wise by petes_PoV · · Score: 5, Insightful

    When announcing a new "thing" or a new version, it's often helpful to tell people WHAT IT IS and WHAT IT IS FOR.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    1. Re:A word to the wise by freeze128 · · Score: 2

      I agree with your sentiment. All too often, the summary says "Hey, there is a new version of XXXXXX that has just been released!", and that's it. Then, the reader has to do RESEARCH to find out what it is, and why they should care.

      However, in this case, the summary has all the info you need, as long as you read ALL of it. It does indeed say that it is an "secure concept, single-user desktop OS".

    2. Re:A word to the wise by Burz · · Score: 1

      From the OP, it is a secure desktop OS.

    3. Re:A word to the wise by bobo_1968 · · Score: 1

      It's an operating system designed with security in mind. What part of the summary was unclear? The "OS" phrase, reference to moving away from kernel based security, hypervisors, VM based isolation of hardware devices, and list of attacks it claims to mitigate seemed like a dead giveaway.

      "Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS"

    4. Re:A word to the wise by fisted · · Score: 1

      Yeah, what coul

      this secure concept, single-user desktop OS

      possibly be?

      In your defense, it's only the 2nd sentence of TFS, can't noone expect you to have that high of an attention span, as it would certainly take you half an hour to read all the way till there.

      --
      CLI paste? paste.pr0.tips!
    5. Re:A word to the wise by Anonymous Coward · · Score: 0

      I knew what this is from the summary because I have been reading the damned site. Not for 15 years (which I have) but the last 5.

      http://slashdot.org/index2.pl?...

      Joanna Rutkowska is a promising security researcher interested in having actually secure hypervisors, and applications that can run on them. Qubes is an OS she's built in this space. Any other details you want you can get from her blog or TFA.

      I'm sorry, we're not reddit or washpost. The summary more than adequately described the interested community, new features of interest, and attacks considered theoretical that it prevents. If you don't know have an idea it's used for from that -- the problem is with you, not the summary.

      I guess what I'm saying is -- why should the community lose even more of the screen space taken up by this ridiculous redesign they did years ago, bad editors, comments with horrific padding... to give you a layman's explanation of something that you'd already know if you'd been a regular reader? Not a regular reader of her blog or articles about her -- but anything at all in this application space -- including this very website.

      In which case... hey, maybe you should go read to learn what they are instead of griping that you don't know what something does from the cliff's notes summary.

    6. Re:A word to the wise by Anonymous Coward · · Score: 0

      If only it were found in the summary! ikr ...

      Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS...

    7. Re:A word to the wise by Natales · · Score: 1

      Really? has the IQ level in Slashdot gone downhill that much that you can't even do a Google search?

      If you frequent this site, you will notice this community is big on privacy, and QubesOS has been for quite some time among the best options out there, since they are the only ones addressing very hard problems, like hard isolation of driver-level components in the OS, such as the USB or the Network subsystems for example. This is particularly good to mitigate against 'evil maid' type attacks and such. They achieve this using a modified version of the Xen hypervisor with lightweight VMs with a common hardened X-based interface.

      These folks don't release very often, and this update has been coming for a long time, and it's very welcome. Particularly the UEFI boot support, that has blocked me to be able to install it on my private laptop.

    8. Re:A word to the wise by jwymanm · · Score: 1

      What the hell is wrong with both of you? You clearly missed the summary that has all the info you need, as long as you read all of it. It clearly states that it is a secure concept single user desktop OS. Geez, what is wrong with this place. Yes, tongue in cheek.. :)

    9. Re:A word to the wise by petes_PoV · · Score: 1

      you can't even do a Google search?

      If you weren't so quick to scoff and had actually gone to the announcement page for this "thing" you would realise that there is no mention at all about WHAT IT IS or WHAT IT IS FOR. It dives straight in jargon about the new features.

      It is plain to every professional that if you want people to engage - especially when writing publicity material (such as announcing a new release) that it will answer the readers' questions. The most basic question is WHAT IS THIS THING?

      However it's typical of FOSS that the people who make this stuff are more concerned with telling the world how clever they are and how wonderful is the work they have done. How it can be used, what it is for and who might benefit from it are a very distance second. This announcement is a classic example of everything that's wrong with amateur-written (in quality, if not remuneration) products. They are more concerned with features than users.

      --
      politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    10. Re:A word to the wise by Anonymous Coward · · Score: 0

      Fail. When the name of the product has "OS" in it it should be quite obvious what kind of product it is.

    11. Re:A word to the wise by Anonymous Coward · · Score: 0

      Not really a fail. If it has a USP then mentioning this might be useful.
      So it's an OS? Is a Linux derivative? Can it run software targeted as other OSes? Does it has system? Is it targeting anything specific in terms of hardware. Or purpose (embedded, desktop, phone, server)?

      Still good way to support GPs post. It's got "OS" in the name so it's obvious. vi commands are obvious too...

    12. Re:A word to the wise by Anonymous Coward · · Score: 1

      > So it's an OS?

      What is QubesOS?

      > Is a Linux derivative?

      Is Qubes just another Linux distribution?

      > Can it run software targeted as other OSes?

      Managing Operating Systems withing Qubes

      > Does it has system?

      ???

      > Is it targeting anything specific in terms of hardware.

      Hardware Compatibility List

      > Or purpose (embedded, desktop, phone, server)?

      How is QubesOS different from..?

  7. Qubes 3.1 ? by Anonymous Coward · · Score: 1

    I'm waiting for 3.11 - Qubes for Workgroups.

  8. uses systemd by Anonymous Coward · · Score: 0

    not interested in it because it uses systemd.

  9. Re:A Settlement Needs Your Help by Burz · · Score: 2

    OK, I'll bite... Yes, you probably could run Fallout 4 on Qubes IF you installed an additional graphics card on the system and assigned its PCI device to the VM were you installed the game. Qubes cannot yet virtualize 3d GPU access, so VMs either have to go through the shared virtual 2d mode or have a whole (additional) graphics card assigned to them via the IOMMU.

    Its also possible you could run the game in the privileged domain where it would have access to the GPU, but I'm not sure if taking that risk would be worth it.

    There has been some experimentation with GPU virtualization, but progress has been slow on that front.

  10. Possible Changes to Qubes OS by Anonymous Coward · · Score: 1

    Just a few ideas for the Qubes OS...

    Qubes OS needs to use the Mirage OS model for all its master (dom0) and utility VMs (network, VPN, firewall, usb controller/multiplexer, vault, storage, crypto, ...). If there was a way to use the Linux loadable module interfaced easily in the Mirage OS it would allow access a larger number of available/newly updated device drivers. Another possibility is to use minimal kernels like Atom or CoreOs and add the modules as required. Full OS VMs would still be allowed for things like work, personal, private (TOR) browsing, ...

    The GUI needs a permanent VM status bar (VMsb) that only the dom0 controls. It would be positioned on the top of the main display monitor. This would mean that no other VM would be able to have full screen access to the monitor. The VMsb provides the following information: name of the active VM window, security level, color security coding, dynamic VM window change (task bar flashing?), drop down tool for providing USB access for the active VM, drop down tool for active VM security/network/devices). This would allow for special processes like a password entry/authorization system.

    One of the problems with all operating system Window systems is protecting the entry of passwords. The dom0 can control that by: opening a password entry window, indicating via the VMsb that a password entry window is open, graying out all background VM windows. All utility VMs will have a module that requests from the dom0 a password verification (send VM, user name) and the dom0 returns an authentication token. The full VMs could have special PAM modules added to them to allow them to access the new password entry/authorization system.

    The USB controller/multiplexer VM should allow the dom0 to allocate individual USB devices to specific VMs. It would act lice a USB firewall router. This could mitigate the issue with IOMMU only allowing all or nothing access to the USB controller and all devices on the controller bus. It would also allow the dom0 to run all keyboard, mouse/track pad entry past any possible malware attempting to read confidential input information (passwords,...).

    1. Re:Possible Changes to Qubes OS by Burz · · Score: 2

      Someone is already trying to get Mirage working with Qubes. Check out the dev mailing list.

      Your UI ideas are interesting. Qubes' UI is already pretty special though. Its a great foundation for accurately portraying what's going on inside the system.

      Qubes 3.1 already has some of the 'USB allocation' capability you mention: This release can pass through a USB mouse from a USB VM to the rest of the system... this means that an infected mouse cannot masquerade as a keyboard and start entering malicious commands, for example.

    2. Re:Possible Changes to Qubes OS by Anonymous Coward · · Score: 0

      It is important for all the utility VMs including the dom0 VM to use a minimal or unikernel to reduce the attach surface and increase the auditability of the VM's OS. Possibility the use of a minimal kernel like Atom would be better than Mirage OS because it may be easier to use current Linux device drivers. Although, I am not entirely familiar with the portability of the large number of Linux drivers to Mirage OS. Also it may be easier to add the specific Linux desktops (Kde, Gnome, Mate,...) to the dom0 VM minimal Linux OS.

      Regarding the USB controller, the extra functionality is about having a VM status bar (VMsb) is to provide tools to allow the user to set which VMs have access to the USB devices. The user explicitly must decide if a specific device (USB jump drive) is accessible by a particular VM. The USB controller is controlled through the dom0 (possibly), it acts like an on-the-fly user configurable USB firewall. If you want only your most insecure full VM to have access the a suspicious jump drive, you can specify that easily with the VMsb drop down selection.

      Also, the VMsb is very important because it is always visible and only controlled by the dom0. You will always be certain which VM you are inside. For example, with the current Qubes OS you could be still fooled by a phony VM completely enclosed within another VM window. It may be a faux VM window created by the enclosing corrupt VM window (you may not notice that the enclosing VM window also has focus). The VMsb always tell the user which VM is active/has focus. That allows for much more secure user interactions (i.e., password/authentication mechanisms).

  11. Raspberry Pi? by ooloorie · · Score: 1

    Could this run on Raspberry Pi or does that lack some necessary hardware support?

    1. Re:Raspberry Pi? by Burz · · Score: 2

      Qubes currently only runs on 64bit x86 CPUs, preferably with IOMMU support. ARM is not yet supported, however the Odyssey framework is designed to allow switching-out the hypervisor or hardware platforms, so it could be made to work.

      Also, a big reason why Qubes runs x86 is that it was envisioned as a way to run Windows and closed-source apps safely under the control of a FOSS hypervisor and virtualized hardware.

    2. Re:Raspberry Pi? by bobo_1968 · · Score: 1

      Also, a big reason why Qubes runs x86 is that it was envisioned as a way to run Windows and closed-source apps safely under the control of a FOSS hypervisor and virtualized hardware.

      That's super cool. Are you associated with the project? Do you have any examples of use-cases in the wild, or anyone using it in production? I could imagine for example a journalism organization or a government body being interested in legacy support for closed-source/Windows applications being very interested in the added security here.

    3. Re:Raspberry Pi? by Burz · · Score: 1

      I'm just a user, though I have a small list of enhancements I want to make. The project is not actively documenting use cases, although people do discuss them on the mailing list. There is enough corporate and institutional interest in Qubes to have made the integration of Salt necessary.

  12. Re:A Settlement Needs Your Help by Anonymous Coward · · Score: 0

    I won't be playing that game again until I find a mod that lets me shoot Preston Garvey in the face and have him fall to the ground, dead, never to rise again, and then lets me craft a wall trophy with his salvaged head, stupid hat, and some wood that I can mount on a random wall somewhere in a settlement I'll rarely have cause to visit.

    Fuck your shitty radiant quests, Bethesda. Leave the Fallout games to people with a clue like Obsidian in the future please. Also, where the fuck is the GECK so people can get around to properly repairing your abortion of a game that never manages to do much more than look a bit pretty?

  13. Re:A Settlement Needs Your Help by PopeRatzo · · Score: 1

    Yes, you probably could run Fallout 4 on Qubes IF you installed an additional graphics card on the system and assigned its PCI device to the VM were you installed the game. Qubes cannot yet virtualize 3d GPU access, so VMs either have to go through the shared virtual 2d mode or have a whole (additional) graphics card assigned to them via the IOMMU.

    This is why I love Slashdot. Ask a stupid question and get a thoughtful, serious answer that might actually be useful.

    Thanks, Burz. You're OK.

    --
    You are welcome on my lawn.
  14. not desktop by Anonymous Coward · · Score: 0

    Can I run applications, like games, which require 3D support?

    Those won’t fly. We do not provide OpenGL virtualization for AppVMs. This is mostly a security decision, as implementing such a feature would most likely introduce a great deal of complexity into the GUI virtualization infrastructure. However, Qubes does allow for the use of accelerated graphics (OpenGL) in Dom0’s Window Manager, so all the fancy desktop effects should still work.

    Sooo.... not desktop then? Like I give a fuck if my windows wobble. I need my apps to do 3d stuff too, otherwise it's like I don't have a 3d card. How 1980's of you.

  15. Re:A Settlement Needs Your Help by Anonymous Coward · · Score: 0

    Sorry, Qubes is too complicated for your handicapped brain. Don't use it, I don't want it to become "idiot-friendly" to appeal the masses, otherwise one day it'll be a spyware like windows 10.

  16. Re:A Settlement Needs Your Help by Burz · · Score: 1

    You're OK too, for a corrupt ex-Pope :P

  17. Looks cool, but.. by subk · · Score: 2

    ..Can I run Enlightenment or XFCE (for example) or am I bound to KDE?

    --
    Now, if you'll excuse me, I have backups to corrupt.
    1. Re:Looks cool, but.. by Burz · · Score: 2

      XFCE is an install option.

  18. good by tranvantri · · Score: 1

    good

    --
    https://www.youtube.com/watch?v=5wldG1nbiOU
  19. I remember the developer of this by Anonymous Coward · · Score: 0

    Back 10 years ago, when researching game exploits for anticheats, I remember first reading about Joanna Rutkowska - who is a dev on Qubes - and (no proof of this) I think I recall reading that she may have sold some exploit code, maybe even a full exploit framework, for money (to who, I don't know - but think about who the major buyers of such exploits are...), i.e. placing her firmly in black-hat territory, which means there may be a potentially huge conflict of interest on this privacy OS project.

    I could be wrong about this, it could just have been a rumour - but people should hound the devs of Qubes, for a disclosure of past conflicts of interest.
    Most especially, find out if any of them have ever accepted any money at all, from any intelligence agencies known for spying using exploit code - and in general, find out if any of them have ever sold exploit code, and if so, to who.