Qubes vs. Mirimir's Isolation System

Yes, that’s right. I only have one machine for all my systems so I have many partitions already. I thought about a shared partition for different distros but I didn’t think it was a good idea in the end. With Qubes I sometimes forget that isolation means a pretty restrictive usability (at least until you get the hang of it). I don’t think I will be able to use KeePass on both Windows and Qubes. I do know that it is possible to use it on both Windows and Linux. With regard to Qubes I think it would contradict the whole concept of isolation. I have secured my passwords in KeePass using a Yubikey and one-time passwords to access the database (Windows logon needs a Yubikey as well).

While I am very much interested in both data security and privacy, I am looking for the best solution for my needs. On the one hand I don’t mind making sacrifices in usability in order to actually be safer instead of just feeling safer. On the other hand there is a limit to those sacrifices, especially for someone like me who is not an IT professional but only someone keeping himself busy with this stuff as kind of a hobby. Of course, I do hope me spending time with topics of computer security to be beneficial.

Currently I am working with Crunchbang and it feels good. My hardware is old but I tried to keep it up to date over the years (as far as you can with a laptop that’s almost 7 years old). I won’t get rid of Win7 completely (I even need Vista from time to time) but my goal is to set up a linux distribution that I will work with most of the time. I plan to use Win7 only when I have to (because of programs that won’t work with linux). At the moment it’s the other way round because I spent a lot of time improving my system for my needs and I will need a lot of time to get there with Linux.
Today I got my books on Linux and on cryptography (the former has 1300 pages). I think it will help me a lot. There’s lots of guides and stuff to be found online but when it comes to reading I am a little old fashioned.

That’s one of my problems. You have the wiki and the google group and that’s about it. I already told you about my networking problems. It took me ages to solve this problem. (By the way, I had the same problem while trying to set up Arch Linux, I had to cancel the installation when trying to connect to the internet [via LAN]). So yes, it is harder to figure out.

Thanks! I won’t give up on Qubes but I will give it time getting to know it better. It’s like you said, you need to see and feel some progress at some point. I think I will setup Crunchbang for my everyday needs and experiment with Qubes when I’m in the mood for it. At least, that's my plan for now.

 

@Balthazar

Yeah, I know what you mean about there being a limit between how much security and privacy one wants and how much time one wants to spend administering their own system. You got stuck on getting networking to work with Qubes, I'm still scartching my head over partitioning (though I'm finally getting some answers in the google groups that help me understand--and your answers have helped also). It sounds like Qubes doesn't really even use a separate swap partition normally. I wonder if that's for security reasons also.

Yeah, Arch has become ridiculously complicated to install. It used to be complex (when I first used it for a while a couple years ago). Now it's just over the top. Sometimes I feel like the logical end of Arch's somewhat odd interpretation of, "keep it simple," is that in the end there will only be the (albeit excellent) wiki and no packages at all. They'll just tell you how to write your own code and compile your own system.

If you still have any interest in Arch though, now there's the much needed Manjaro that gives you an Arch system through a very standard type of Linux install process. I've never seen a distro catch on so fast at distrowatch. In its first six months, it climbed to the top ten of the most popular distros. It's now a little more popular than Arch itself. I think that showed that a lot of people like how Arch works, but were tired of the unnecessarily complex install process.

I'm using Manjaro now and like it. I really prefer rolling release distros. And it has a good Mate spin (I like the more fully featured, less minimilistic desktops, but KDE and now Gnome 3 are too glitzy for me--did compiz once, got over the idea that fancy animations add any functionality). I'd still like to give Sabayon a go. And perhaps Fedora, even though it's not rolling release. It seems like it may have an easier upgrade path between releases than other distros, but I'm not sure.

Anyway, sounds like we're in the same boat with Qubes. Would like to get it going for the security, but there is a bit of a learning curve. And it's enough different from other Linux distros that you have to go back to square one on some things. (Athough to be fair, it sounds like if I was just going to install it on a bare hard drive, it would be a lot easier--so I've created some of my own problems.)

*

Wow, that seems just anti-thetical to what Linux is about. I don't know that even Windows and OS X are that creepily commercial, in that particular way, yet (not that they aren't creepy in lots of other ways).

Found this article about it: http://arstechnica.com/business/2012/09/ubuntu-bakes-amazon-search-results-into-os-to-raise-cash/

Now that I think of it, I do remember the uproar about Shuttleworth's "we have root" comment. I understand what they're doing with the Dash and making it search anything, in principle. But in some ways it sounds like the goal of Ubuntu now is more to be an internet client, than an OS that can access the internet, amongst other things.

In the spirit of this thread (Qubes and your own isolation system), that concept really seems antithetical to privacy and security. One should isolate one's interaction with the internet into sandboxed parts of the system, even isolate different modes of accessing the internet into different sandboxes for different purposes (e.g. anonymity, general surfing, etc.). Going the other way and having the most basic parts of the system (like the Dash that essentially serves as a type of file manager) be configured to constantly phone home, or rather phone out, seems just bad.

 

If I am not mistaken, you only need one swap for several Linux distros, so the swap partition is not exclusively for a single Linux distribution. I really don’t know if Qubes makes use of swap.

Luckily, I had a second computer at hand while trying to install Arch Linux. I was using the wiki and everything worked until the first download. I noticed I couldn’t get my (USB-)Wlan to work and the same applied to LAN. After several failed attempts to solve the problem, I had to cancel the process and I moved on to other distros. I guess I had the same problem then that I had with Qubes. I really like to give it a go some time with my LAN express card.
Thanks for the info on Manjaro, sounds very interesting. There are so many interesting distributions to check out. One “only” needs time.

Yes, I think we are in the same boat. Also, I did know that there might be trouble because of the hardware but I didn’t suspect networking problems. I am happy I am able to experiment with Qubes at all. Not far in the near future I will need to buy a new laptop, 7 years is a long time. I want to buy a linux laptop and maybe one, which will work with all the features of Qubes.
Anyway, it’s nice to talk about Qubes and other distros (even from a somewhat amateurish point of view from my side).

 

True.

However, only mirimir works on this Ubuntu VM, with its particular VPN setup. So I don't really care what Dash does, because it's all mirimir.

Each of my other identities has its own VM(s) etc.

 

That's correct for Linux in general, but it sounds like Qubes doesn't need (or use) a swap partition at all, if I'm getting it. Each VM has within itself it's own swap block device as part of the VM itself (see: http://qubes-os.org/trac/wiki/TemplateImplementation). In turn, the underlying Xen hypervisor itself can't swap out anything that's going on in a VM (which is where everything that's using memory goes on), so Xen won't use a swap partition at all. They say that's why 8 GB of RAM is recommended. (See: https://groups.google.com/forum/#!msg/qubes-devel/KDNMoNSgYVo/CTYvm8RzAfcJ.)

I've also been asking questions about partitioning here: https://groups.google.com/forum/#!topic/qubes-users/dnjcss7H-I8. If you're curious.

For what it's worth, in case you don't already know this, Thinkpads are often popular with Linux, because they tend to be heavily Intel based, which is supported better by Linux than other hardware. So a laptop with an Intel CPU, graphics card, and network card will be easier to work with in Linux. At least, that used to be true. I'm not entirely sure if it still is.

Also, I'm fond of buying used laptops on eBay. If you choose your seller carefully, I don't think there's much risk to it. And if you get a model that's not the newest, but the previous one, usually it's value has dropped a lot, 30% to 50%. But the differences in CPU speed on a year old model are only on the order of 10% or so, whereas it will still be many times (200%, 400%) faster than a seven year old laptop. I've had good luck getting nice laptops this way. Somtimes you can get a machine with an i7 processor that's faster than new base model i5 processors, but significantly cheaper (the sacrifice sometimes being not have the same power efficiency and battery life as the latest cpu and chipset).

In addition, a year old model is, I think, more likely to have drivers that definitely work for the hardware. Whereas a brand new model might sometimes not have all drivers ready in Linux yet.

Lastly, whatever you do, for Qubes you want VT-d, I'm sure you know. Be careful, because I noticed even in new models not all processors support VT-d. Especially the lowest end i5 process won't, but the i5 with the slightly faster clock speed will. I don't know why they do this, perhaps they just disable it for product differentiation. So be sure to check the exact processor you're getting for the virtualization features you want.

*

Yeah, I can see how in your isolation system it doesn't matter. But for the average unsuspecting Ubuntu user it seems pretty lame. Maybe said user doesn't care and has already happily handed over their entire identity to Facebook and Google. But I imagine in the world of Linux and open source that's less likely to be the case.

The EFF has a nice article on this "feature," plus suggestions about how to disable it. https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks

 

I am really thinking about giving Qubes a try, but before I do I need to get two things cleared up.

1. Does Qubes have a mechanism to WDE the machine it is on? If the online security is perfect and the online privacy can be tunneled/TOR'd to perfection, it doesn't mean a thing to me if the hard drive is not WDE. No exceptions for me.

2. I have a spare 32GB flash. It is a very high quality usb 3 and I have the machine to drive it properly. Can I install Qubes "bare metal" on this device while I decide if I like the software? I would be a bit more willing to experiment if I don't have to dedicate the whole machine during the decision process.

I am at home with Whonix but TOR is kind of slow. Vpn tunnels and Qubes might have a place for my "needs set".

 

Since Qubes is Linux it can use encryption like any other Linux distro. I'm pretty sure the installer defaults to creating an encrypted LVM system. Download it and take a look at the installer, I think it's just a Fedora's Anaconda, which handles encryption better than any other installer I've seen for Linux.

I'm pretty sure you can install Qubes on a USB and that would be an easy way to try it out. Look at the Qubes wiki and Google groups, I think it's explained there.

The biggest hitch with Qubes is that it works best on a CPU that uses Intel's VT-d and that has a BIOS that enables VT-d (I think there's also and AMD equivalent). It will work on other systems, but not provide all of the security it's capable of, especially the isolation of the network adapter (I think). Being sure you have the hardware to support this has been a stumbling block for some people.

 

Thanks I'll give it a look. My processor shows (Lenovo website) one version has VT-d and another doesn't with the same chip number. Before I go too far I need to get a definite answer on that. Is anyone aware of a VT-d test that I could run to get a dependably accurate determination? I have a few machines but I am thinking about an i5-3210M chip'd machine. Website has two answers for that chip. Hmmmm.

 

^When you have access to the machine, you should be able to find the info in the BIOS.
Otherwise, check Intel info; make sure you have the i5-3210M-BGA model link instead of the i5-3210 rPGA link.
The BGA model offers also VT-d, the rPGA version offers VT-x and VT-x EPT but not VT-d!

 

I always go to ark.com to figure out and scope each processor by category which has both VT-x, and VT-d, etc. along with other categories that are in my requirements set.

 

Good news; the machine has it. I enabled it and it seems to be running fine. I use several OS's on the machine so I am going to watch for anything amiss by having VT-d enabled but not directly employing it. I don't want to keep going into bios to turn it off and on.

Mirimir, sorry for splintering your thread. I love security by isolation as presented in Whonix. I am looking forward to running with this. I'll report on how it runs via a high end USB and on a nice machine using VT-d. It may be after Xmas until I get this going for secure applications. I'll start with normal family internet surfing and then migrate to tunnels and security needed stuff.

I have been looking for an excuse to bump up the RAM in the machine. I may settle on 16 Gig. Found a great deal on some "sticks".

Thanks for the help guys!! I appreciate the "family" atmosphere in here.

 

No problem

I'm going to check out Qubes again soon myself.

There is no question, I think, that compartmentalization via virtualization in Qubes is far more secure than with VirtualBox. What was missing for me when I tested it a couple years ago were networking modules for VPNs and Tor that I felt that I could trust. Perhaps it was just ignorance on my part.

Anyway, I'm all ears for Qubes

 

Mirimir, I have seen both of those mentioned now while reading around. I am starting the process. I just down'd the iso and I am prepping my 32 GB flash by wiping it overnight to have a clean slate.

Little help anyone. My PGP is being "testy" as hell. I am willing to accept second best verification mode since this is a Qubes trial run for me. Since I can't get my PGP to verify (problem on my end):

Is there someone here who has recently pulled Qubes (R2 Beta 3) down that would be willing to run a SHA256 for comparison to what came through on my end?

My SHA256 for the iso shows:

1984DF4E65A5F7A05A3744EC1DB94EAAE7513548A450C835EA35D9A08F42D087

It would be nice to get a verification from someone here that has verified the correct way. Either way, a matching SHA256 would "relax" me. Thanks

 

Hello, I recently downloaded R2 Beta 3 but had some hardware compatibility problems. To answer your question, you're good to go. I used multi hasher to check SHA256, you can see the result here.

 

I can see you already answered your question, but just as a note for any others who come upon this thread, be careful with the i5 machines. Some of the i5 processors have VT-d and others don't. I think all i7 processors have it. As noted, you also need to be sure to have a machine that enables it in BIOS, I'm not sure how to check that before buying a machine other than surfing the internet and asking people who already have it.

 

I have just posted a thread entitled: How to find a notebook with VT-d (IOMMU) support for Qubes OS in the hardware subforum that is very complete on the issues being discussed in this thread especially Johanna's comment message about it.

-- Tom

 

Thanks for the confirmation!

lotuseclat79 - good read. I think I would just go to a computer store and literally "light up" the bios and have a physical look for the features needed. If the price was too high I would then order the exact model online or wherever. I didn't know anything about Qubes when I acquired this machine. Sometimes you just get lucky. LOL!!

 

@Mirimir

A question if I may. If I automate tor.exe by installing it as a system service and then disable torbutton and torlauncher (of course I am talking about version 3.5) are there any security concerns I need to be concerned about that are exclusive to those two addons?

Realize please I am dealing with a person who is somewhat resistant to technology and thus cannot go sophisticated with them. If I can get Tor installed, get them behind a vpn and encrypt their dns I will have accomplished a lot considering the user I am working with. In other words this is the "it's not for me" caveat of embarrassment.

Thank you

 

I don't know Tor well enough to say. From reading the manual, I know that Tor can be configured as a Windows service. But I don't know how that works with the TBB.

I recommend asking on Tor.SE <http://tor.stackexchange.com/>.