Reply to post: I've wondered for some time --

Qubes goes commercial to keep its secure VM-focused OS dream alive

Palpy
Thumb Up

I've wondered for some time --

-- why the Qubes team hadn't taken this path.

Now they have.

My main laptop and my desktop both run Qubes, in multiboot with Mint and Ubuntu respectively. The OS is not hard to learn, IMHO, but it depends on the user understanding how to use the different VMs. I have an "untrusted" VM which is used for casual browsing, and a "personal" VM which is used for email, banking (minimal, actually), and a few trusted websites. The firewall rules are different, as are the browser configurations. And of course I have a couple of offline VMs that are denied network access and can be used for purely local tasks.

The main benefit I would see in a corporate setting is that pre-configured VMs could be rolled out easily, and to some extent the policies around the various VMs get fine-grained control. However, as with any OS, a minimum of user understanding is required.

There is still a squishy thing behind the keyboard.

All that said, though...

1. It's based on Xen and Fedora, both of which are quite active about keeping their code updated. (You can choose to install other VM templates than Fedora, and I believe work is progressing on other hypervisors. FYI.)

2. Security by obscurity: it's Linux and at this point a rather obscure distro with somewhat unique challenges for anyone trying to hack the OS.

3. And of course security by isolation -- you might hack my untrusted VM, but aside from that VM's dedicated file structure, everything else is inaccessible.

Nothing's perfect, but I am very glad the Qubes team takes security seriously. Hope they make enough money to keep the project active.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022