Qubes 2 Beta 2 has been released!

Discussion in 'sandboxing & virtualization' started by lotuseclat79, Feb 28, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Qubes 2 Beta 2 has been released!.

    Note: Qubes is a research OS project targeted at both security and virtualization. I do not believe this release includes the recent Windows version of Qubes (looks like Linux only).

    -- Tom
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Qubes Security Goals

    Seems like a clever approach, but isn't it easier and just as secure to run a web-facing app in Sandboxie??
     
  3. No, because Sandboxie runs on top of the NT kernel, which is itself a huge code base (and thus has high attack surface). The point of using Xen is to support the sandboxing with as little code as possible, and to do it below the level of the kernel, so that even a kernel exploit could (theoretically, hopefully) be contained.

    Qubes is... very secure. But I'm not a fan of its approach; it strikes me as a massive kludge. I realize that memory protection techniques can't prevent all exploits, managed code is imperfect, MAC systems are more imperfect, etc. but virtualizing a separate environment for every sandboxed application... It just seems kind of insane to me, to be using a hypervisor, hardware acceleration, and 4+ GB of RAM just to have a "reasonably secure" desktop.

    It's like taking precautions against robbers. A sufficiently determined and resourceful crook will eventually find a way in; while the homeowner quickly reaches a point of diminishing returns. There are IMO contingencies that are possible, but not really worth planning for.

    (Also, 99% of attacks on desktops are dumb automated rubbish that won't make it past Noscript, never mind Sandboxie, etc. And I don't think that's going to change, because the entire point of attacking desktops is to hit as many people with as little effort as possible.)
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I agree, I think their approach is missing the point. It seems really convoluted. It would cost far fewer physical resources to just set up a PPA with a Grsecurity kernel, and then spend the rest of your dev time fixing userland projects independently.
     
  5. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    Yes, thank you. Go Joanna :-*
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    I agree - it is way easier, but not even close to being just as secure.

    -- Tom
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Funny, you guys say this, yet nothing has escaped the sandbox in years. That is fact.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Nothing that you know about and can prove it has never happened - you mean.

    -- Tom
     
  9. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    Woah! Just had a weird experience win Windows. Basically security center turned itself off, then re-enabled heaps of services I disabled. Also there was this weird I.P to a server in Hon Kong.

    So I think I'm making the journey to Qubes as my full time OS. :cautious:
     
Loading...
Thread Status:
Not open for further replies.