I noticed earlier that one of the mods here was working on KNOS, a "reasonably secure" FreeBSD derived OS for workstations. It looks to go more for standard MAC and exploit mitigation stuff than does Qubes, and the hardware requirements are more sane. Also appears to include some kind of copy-on-write sandbox. The info page: http://knosproject.com/info.html "Malware and exploit-proof" sounds very optimistic to me, but it does look pretty good compared to your generic Linux distro. Any thoughts on this? Experiences? BTW, this OS is proprietary, but not terribly expensive (even with the subscription model) assuming it works as indicated. OTOH the license indicates no warranty. Not sure how to take that. P.S. A question for the developers. From the info page: This doesn't quite sound right to me. As long as the BIOS is what's starting the bootloader code, couldn't it tamper with that and by extension with the kernel? Furthermore, couldn't the modified BIOS do something like: - Creating an address for a fake piece of hardware - Having it point to a region of memory containing hostile code - Attacking the kernel when that region is accessed? I could see an OS being resistant to many "generic" firmware rootkits, but I don't see how it could be made entirely immune to a custom-designed firmware rootkit, on normal x86 hardware. Am I wrong about this?