Qubes OS: A reasonably secure operating system

441 点作者 ploggingdev超过 7 年前

18 条评论

magnat超过 7 年前

Joanna's (Qubes OS Founder) blog [1] is a gold mine when it comes to hardware-software boundary security. Especially "State considered harmful" [2] and "x86 considered harmful" [3] papers are eye-openers.[1] <a href="https://blog.invisiblethings.org/" rel="nofollow">https://blog.invisiblethings.org/</a>[2] <a href="https://blog.invisiblethings.org/papers/2015/state_harmful.pdf" rel="nofollow">https://blog.invisiblethings.org/papers/2015/state_harmful.p...</a>[3] <a href="https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf" rel="nofollow">https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf</a>

评论 #15739388 未加载

评论 #15738236 未加载

评论 #15737955 未加载

评论 #15735998 未加载

AaronFriel超过 7 年前

I'm very excited that Microsoft is moving in the same direction. The feature Windows Defender Application Guard (WDAG) runs Windows applications, right now only the Edge browser, in a virtualization isolated container[1]. Under the hood it's using what Microsoft calls "Hyper-V Containers", which are lightweight virtual machines that share some host resources such as a read-only filesystem. The closest open source analogues to that are Intel(R) Clear Containers[2] and Qubes.The closest you can get to Qubes on Windows would be to follow Microsoft's Privileged Access Workstation (PAW) guide, but it requires a lot of additional infrastructure[3]. That infrastructure allows you to do remote attestation of the virtual machines, but makes it costly to deploy in a SMB or homelab environment.I don't expect it'll be very long before PAW and WDAG are usable at the same time, with colored window borders indicating the origin virtual machine. I hope this is on Microsoft's roadmap.Video on privileged access workstation use, starting at a demo: <a href="https://youtu.be/3v8yQz2GWZw?t=41m48s" rel="nofollow">https://youtu.be/3v8yQz2GWZw?t=41m48s</a>Video on privileged access workstation setup: <a href="https://www.youtube.com/watch?v=aPhfRTLXk_k" rel="nofollow">https://www.youtube.com/watch?v=aPhfRTLXk_k</a>[1] <a href="https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview" rel="nofollow">https://docs.microsoft.com/en-us/windows/threat-protection/w...</a>[2] <a href="https://clearlinux.org/features/intel®-clear-containers" rel="nofollow">https://clearlinux.org/features/intel®-clear-containers</a>[3] <a href="https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations" rel="nofollow">https://docs.microsoft.com/en-us/windows-server/identity/sec...</a>

评论 #15735635 未加载

评论 #15735496 未加载

评论 #15736174 未加载

评论 #15736189 未加载

评论 #15736061 未加载

Jeaye超过 7 年前

What I'd really love to see is a marriage between NixOS and Qubes, allowing for full-system declarative configuration, including the various systems which will be running under Qubes.NixOS has containers that show how this could work, but they're only via systemd-nspawn, so not as jailed as Qube's domUs.

评论 #15735026 未加载

评论 #15735236 未加载

评论 #15735329 未加载

xtanx超过 7 年前

I've been running Qubes 3.2 for about 10 months on a intel skull canyon nuc. I love it.I have separate vms for media and browsing, for music (spotify), development (python, rust), skype, personal email, work email and password manager.It needs 16gb of ram to be able to run all of these at once and about 150gb of disk if you actually create separate template vms.My only real pain was coping and pasting between all of these vms (you need to ctrl+c then ctrl+shift+c for copy and the ctrl+shift+v, ctrl+v for paste [1])I solved that with a custom solution that automatically distributes the clipboard contents (for text only) to multiple vms (depending on the source of the clipboard change). I know it defeats the purpose of isolation for the clipboard but it's ok for my use case.[1] <a href="https://www.qubes-os.org/doc/copy-paste/" rel="nofollow">https://www.qubes-os.org/doc/copy-paste/</a>

drawnwren超过 7 年前

I ran Qubes on a laptop for a while. 1) It's a huge battery hog. 2) It's a real pain to run a non rolling release distro (i.e. Arch). Some dependency is going to try and upgrade itself that can't and it will brick your whole distro. Even being locked to a specific release proved a bit of a pain. It just adds a lot of complexity to your day to day operations (i.e. opening a program is a tiny bit more complicated) that turned out to be a huge drain for me.

评论 #15736144 未加载

snvzz超过 7 年前

Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.[1] <a href="https://sel4.systems/Info/Roadmap/" rel="nofollow">https://sel4.systems/Info/Roadmap/</a>

评论 #15734739 未加载

评论 #15734841 未加载

评论 #15734803 未加载

评论 #15735067 未加载

评论 #15734676 未加载

评论 #15734956 未加载

notfed超过 7 年前

Note that while Qubes OS uses full-disk encryption, it runs on Xen, which does not support hibernate.This means that, if you use this OS on a laptop, you'll be vulnerable to cold-boot attacks, even after you close your lid, unless you configure it to shutdown on lid close. (I.e., if a highly skilled adversary steals your laptop then, even if your laptop lid is closed, they will be able to read your RAM and therefore decrypt your entire hard drive.)Despite the major security implications, it doesn't sound like a fix will be implemented any time soon. [1][1] <a href="https://github.com/QubesOS/qubes-issues/issues/2414" rel="nofollow">https://github.com/QubesOS/qubes-issues/issues/2414</a>

评论 #15736180 未加载

评论 #15736066 未加载

spiraldancing超过 7 年前

Whatever happened to the Qubes-Purism marriage? They were on track to start Qubes-certifying Librems, and selling Librems with Qubes pre-installed ... then they cancelled the plans, and I never heard why?

评论 #15736931 未加载

superasn超过 7 年前

Can it also protect against key-loggers, i.e. if i'm running an app in a qube, can an app in a different qube read my keystrokes?

评论 #15734723 未加载

评论 #15734806 未加载

jnwatson超过 7 年前

10 years ago, I helped design a similar system. It was a capabilities based OS on a formally modeled microkernel.I'm still not sure than there's a market for this stuff. It must be free, and it's hard to build a business model around that.

评论 #15753305 未加载

tonetheman超过 7 年前

I wish there was a way I could try it. The hardware requirements ...<a href="https://www.qubes-os.org/doc/certified-hardware/" rel="nofollow">https://www.qubes-os.org/doc/certified-hardware/</a>Is anyone running this on a laptop? I get the feeling after reading that page that this is really strictly desktop only. Maybe the page has not been updated in a bit?

评论 #15735287 未加载

评论 #15735289 未加载

评论 #15737917 未加载

txgvnn超过 7 年前

How about Subgraph OS? It has grsecurity patch, tor network, container isolate, firewall. It's another good choice also<a href="https://subgraph.com" rel="nofollow">https://subgraph.com</a>

bsdnoob超过 7 年前

openbsd vs qubes os, which one will you prefer?

评论 #15734798 未加载

评论 #15734906 未加载

评论 #15736889 未加载

评论 #15734805 未加载

jlgaddis超过 7 年前

Damn, I was really hoping this was an (early) announcement for 4.0 (or at least an -rc3).

评论 #15734743 未加载

partycoder超过 7 年前

QubesOS won't protect you from Intel ME though.

评论 #15735169 未加载

评论 #15736919 未加载

评论 #15735544 未加载

mtgx超过 7 年前

Version 4.0 should be out soon (at RC2 now):<a href="https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/" rel="nofollow">https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/</a>Some exciting changes are coming:<a href="https://www.qubes-os.org/news/2017/10/03/core3/" rel="nofollow">https://www.qubes-os.org/news/2017/10/03/core3/</a><a href="https://www.qubes-os.org/doc/releases/4.0/release-notes/" rel="nofollow">https://www.qubes-os.org/doc/releases/4.0/release-notes/</a>EDIT: Downvotes for providing relevant sources, really?

评论 #15734954 未加载

评论 #15736916 未加载

known超过 7 年前

I use <a href="https://en.wikipedia.org/wiki/Lightweight_Portable_Security" rel="nofollow">https://en.wikipedia.org/wiki/Lightweight_Portable_Security</a>

qrbLPHiKpiux超过 7 年前

Fun fact. The developer does not believe in using a password on her private keys.

评论 #15735272 未加载