Qubes 2 Beta 2 has been released!

Qubes 2 Beta 2 has been released!.

Note: Qubes is a research OS project targeted at both security and virtualization. I do not believe this release includes the recent Windows version of Qubes (looks like Linux only).

-- Tom

 

Qubes Security Goals

Seems like a clever approach, but isn't it easier and just as secure to run a web-facing app in Sandboxie??

 

No, because Sandboxie runs on top of the NT kernel, which is itself a huge code base (and thus has high attack surface). The point of using Xen is to support the sandboxing with as little code as possible, and to do it below the level of the kernel, so that even a kernel exploit could (theoretically, hopefully) be contained.

Qubes is... very secure. But I'm not a fan of its approach; it strikes me as a massive kludge. I realize that memory protection techniques can't prevent all exploits, managed code is imperfect, MAC systems are more imperfect, etc. but virtualizing a separate environment for every sandboxed application... It just seems kind of insane to me, to be using a hypervisor, hardware acceleration, and 4+ GB of RAM just to have a "reasonably secure" desktop.

It's like taking precautions against robbers. A sufficiently determined and resourceful crook will eventually find a way in; while the homeowner quickly reaches a point of diminishing returns. There are IMO contingencies that are possible, but not really worth planning for.

(Also, 99% of attacks on desktops are dumb automated rubbish that won't make it past Noscript, never mind Sandboxie, etc. And I don't think that's going to change, because the entire point of attacking desktops is to hit as many people with as little effort as possible.)

 

I agree, I think their approach is missing the point. It seems really convoluted. It would cost far fewer physical resources to just set up a PPA with a Grsecurity kernel, and then spend the rest of your dev time fixing userland projects independently.

 

Yes, thank you. Go Joanna

 

I agree - it is way easier, but not even close to being just as secure.

-- Tom

 

Funny, you guys say this, yet nothing has escaped the sandbox in years. That is fact.

 

Nothing that you know about and can prove it has never happened - you mean.

-- Tom

 

Woah! Just had a weird experience win Windows. Basically security center turned itself off, then re-enabled heaps of services I disabled. Also there was this weird I.P to a server in Hon Kong.

So I think I'm making the journey to Qubes as my full time OS.