back to article Qubes goes commercial to keep its secure VM-focused OS dream alive

Financial necessity is forcing the security research group behind Qubes OS to begin establishing commercial funding to support its continued development. Warsaw-based Invisible Things Labs was founded in 2007 by low-level security researcher Joanna Rutkowska, who spoke at the Chaos Communications Congress last year about the …

  1. Anonymous Coward
    Anonymous Coward


    Qubes is pretty neat but I wish it wasn't so tightly coupled with Xen (understand why but still). Still if my life depended on locking down a desktop for say multiple users would probably go with Solaris trusted extensions.

    1. Rainer

      Re: Qubes

      Yeah, mention Solaris and get a downvote.

      I never used the Trusted Edition, so I can't really comment on its quality.

      1. Anonymous Coward
        Anonymous Coward

        Re: Qubes

        Yeah Linux is great in a lot of ways but life or death mission critical, kind of I guess. Tend to be more of an old school UNIX guy and so far been able to resist us moving from HP-UX (not one OS crash ever often with years of uptime, last downtime was moving from PA-RISC to Itanium hardware) to commodity Linux. As for the trusted extensions they are darn powerful but like any other hard core lock down RBAC they are a major PITA that admins and policy geeks love (not me) and users and everyone else hates (me). Thus the if my life depends on it qualifier. May also have gotten the down vote from a Xen fanboi.

  2. John Smith 19 Gold badge

    If they stay open source this is not necessarily a bad move.

    the idea sounds good but I can't evaluate it.

  3. Palpy
    Thumb Up

    I've wondered for some time --

    -- why the Qubes team hadn't taken this path.

    Now they have.

    My main laptop and my desktop both run Qubes, in multiboot with Mint and Ubuntu respectively. The OS is not hard to learn, IMHO, but it depends on the user understanding how to use the different VMs. I have an "untrusted" VM which is used for casual browsing, and a "personal" VM which is used for email, banking (minimal, actually), and a few trusted websites. The firewall rules are different, as are the browser configurations. And of course I have a couple of offline VMs that are denied network access and can be used for purely local tasks.

    The main benefit I would see in a corporate setting is that pre-configured VMs could be rolled out easily, and to some extent the policies around the various VMs get fine-grained control. However, as with any OS, a minimum of user understanding is required.

    There is still a squishy thing behind the keyboard.

    All that said, though...

    1. It's based on Xen and Fedora, both of which are quite active about keeping their code updated. (You can choose to install other VM templates than Fedora, and I believe work is progressing on other hypervisors. FYI.)

    2. Security by obscurity: it's Linux and at this point a rather obscure distro with somewhat unique challenges for anyone trying to hack the OS.

    3. And of course security by isolation -- you might hack my untrusted VM, but aside from that VM's dedicated file structure, everything else is inaccessible.

    Nothing's perfect, but I am very glad the Qubes team takes security seriously. Hope they make enough money to keep the project active.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022