Qubes for Christmas

Seems we are set for an early X'mas present with Qubes2 final due early December.

http://qubes-os.org/trac/roadmap

Might be how I spend the 'hols.



-cheers,
feandur

 

YAY! Go Joanna!!!

 

Note: The Roadmap also indicates that there are 11 open item tickets (none of which are as yet closed from 9 months ago) against Milestone RC2 Final Release due on Dec 1, 2013.

-- Tom

 

Qubes R2 Beta 3 has been released!

 

Already installed. Thanks for the update I love Qubes OS. I finally got GRSecurity working in the VM's too. So this should be very good

 

I don't know, it appears to me the Qubes is an overkill for average desktop users.

 

Maybe they'll start hiding the complexity behind simple-seeming GUI richness, so everyone can use it

 

I think it's exactly what average desktop users need, if it's easy enough. Most people willy nilly surf the internet, download things, log into their bank while they have another tab open to cat pictures on a website that's been infected with cross site scripting, and generally are vulnerable to every exploit out there.

Locking down a single system and browser is complicated, breaks the internet, and no one wants to deal with it. But with Qubes, if people can get the simple concept to do general internet surfing in one VM, have another for email and more pesonal stuff, and maybe a third for only the most secure things (bank, etc.), then they can isolate all the bad vulnerabilties from the things they want to keep most secure, without really having to know much about security.

It basically solves the problem of getting infected or attacked, by just keeping the mess in one place and having another place for security. That seems to be much better and much simpler that the existing options. It doesn't solve every security vulnerability, but it's a big step forward.

 

But how likely am I to get infected on linux?

 

Yes that's what I meant by "overkill". I feel Ubuntu x64 is very solid by default. Hell even Windows 8 x64 is pretty secure if a strong antivirus is installed.

 

There are rootkits for Linux and it's becoming more common. There are also all kinds of javascript exploits in your browser. Firefox or Chrome are no more or less secure (I believe) than on Windows or OS X. There are also exploits for Flash and Java, if you have those installed. There are also cross platform attacks, that target applications like OpenOffice, used by all major operating systems.

And there are security patches for Linux all the time. If Linux was invulnerable, it wouldn't need to be patched. Indeed, there would also not be all kinds of more stable and secure versions of Linux (like CentOS) intended for servers. And that's to say nothing of the BSD systems, that also offer more security. What's the point of them if Linux is so secure?

On top of that, with the popularity of Android, as it becomes more of a target, that could (I think) increase the amount of malware also capable of targeting Linux.

So there's still a significant benefit to be had from isolating different parts of your system from each other with VMs.

In addition, Qubes provides isolation of hardware components (USB, network adapter, etc.), hardware vulnerabilities is an issue that has nothing to do with Linux per se.

In any case, I was responding to the claim that Qubes is "overkill for average desktop users." The average desktop user is not using Linux. The average desktop user is using Windows and maybe OS X. If the average desktop user were use Linux, Linux would be a huge target, just like Windows, and there would be tons of malware for Linux. And in that case, something like Qubes, which really has the potential to be pretty easy to use, could save the average unsophisticated desktop user from a lot of dumb mistakes and behavior. That is the beauty of Qubes, if one thinks of is as a sort of proof of concept. That being said, I guess Chrome OS is doing something similar and realistically speaking is a more likely candidate to end up in the hands of the average desktop user.

 

root kit is more common on Linux? do you mind sharing a list of some current active root kits? I have rkhunter and chkrootkit installed on Ubuntu and run them regularly. I don't see any root kit yet. Plus, my installation is on a UEFI BIOS with Secure boot on, so I don't think root kit is a issue here.

secondly, it appears you are still into the myth that if more ppl use Linux then you'll get more viruses on Linux. e.g., you believe that Android is more popular so more viruses will appear. Think it this way, today Linux dominates the web server market, and these servers are highly valuable targets for hackers to break into. If Linux is so vulnerable, how come Linux can dominate the server market? You also appears to hint the Desktop version is vastly different from the server version of Linux, which I do not agree.

I do believe the vulnerability introduced by Java and Flash. This indeed is a potential easier target for hackers. However, the way how a file is executed on Linux is vastly different from the way in Windows - if the hacker could not gain root privilege, which is really difficult as compared to under Windows, no real damage could be done.
Update and security patch is part of Linux, and part of the reasons why Linux is so secure - e.g., Ubuntu patches security holes very quick and frequently, which leaves little chance for the hackers to take advantage of the security holes.

Overkill or not, let's look at the reality and fact. how many ppl are using Qubes and the like? unfortunately, negligible, even in Linux desktop users. Sure, it's more secure than regular Linux by adding one more layer of protection, however it's not really useful because Linux itself is already secure enough, hence it's an overkill even for Linux desktop users.

 

You did not understand what I wrote. I said rootkits are becoming more common in Linux than they used to be. I did not say that they are more common in Linux than Windows or other operating systems.

I guess I would say that you have bought into the myth that Linux is invulnerable. It is not. It's better than Windows or OS X. But it is far from invulnerable. In addition, if the fact that half of all servers run on Linux proves that Linux is secure, then the fact that the other half run on Window must prove that Windows is equally secure. You logic is flawed. Further, another reason many adminstrators prefer Linux for servers is because they find it easier to administer, that has nothing to do with security. Your logic is doubly flawed. And yet another reason Linux is often choose for servers is because it's free, again nothing to do with security. Your logic is triply flawed. And yes, the versions of Linux commonly usued for servers (e.g. CentOS, Redhat, etc.) are much more secure than things like desktop Ubuntu. Indeed, many Unix based servers don't even run on Linux, they use BSD, which has security advantages over Linux.

So I think you don't really understand the many varities and differences of Unix derived operating systems out there. In addition, I don't know what makes you think Linux servers aren't attacked. They're attacked and compromised all the time. Often its due to poor administration of the server or a failure to keep its software up to date. But if server administrators aren't doing a great job, I don't know what makes you think Linux desktop users know better how to secure their systems. That being said, yes, there are reasons that Linux is intrinsically more secure, in its design, than Windows, but if you don't think the Linux is going to become more of a target as it becomes more popular (especially in the form of Android), you're just fooling yourself. Good luck with that. Pride goeth before a fall.

There are Java attacks that can install rootkits in Linux. Flash isn't even supported anymore for Linux by Adobe so it's security can only go down hill from here. Further, you again did not understand what I was saying. Whether or not your browser can compromise your underlying system in Linux, it still can compromise anything you're doing within the browser. The benefit of something like Qubes is that it allows you to isolate one instance of your browser used only for secure purposes (e.g. banking), from another instance used for surfing the internet in general. Since most people are most at risk through the things they do with their browser, this is a big benefit to Qubes, that you just don't have in regular Linux, regardless of how secure the underlying system is.

You have also bought into the myth that security holes in Linux are always caught right away. Just not true. Yes, when they're found patches are released more quickly than with Windows, but there are cases of security holes going unnoticed for years. Any system is vulnerable. This is one of the reasons Qubes runs on the Xen hypervisor. It's much smaller than the Linux kernel, there are a lot less lines of code to keep track of, and so it's much more likely that problems will be discovered. The Linux kernel has become large an unwieldy, like the Windows kernel. It has millions upon millions of lines of code. Xen has a couple hundred thousand.

The question was would the average user benefit from Qubes. The answer is obviously yes. It protects them from some of their worst habits. It is completely irrelevant how many people use it. If Qubes is just as easy to use as Linux (eventually when it's fully developed) and much easier to secure, then what is the benefit to the average user of not using it? It's just silly to say, I'm not going to use something that's better and no more difficult, because the older thing was okay in its day. And in any case, as I explained above, you're fooling yourself if you think Linux will always remain as secure as it has been (it's already attacked more than it used to be), as well as your'e ignoring the browser risks, which are the biggest risk these days to the average user. Linux does little more to protect users from many browser attacks, than Windows or OS X. But Qubes does offer a real alternative in that area (and as I said, so does Chrome OS, apparently). What's the point of Linux being more secure than Windows, if the one thing that the average user does most with their desktop (browse the internet) is not more secure?

The reality is, Qubes represents something very different from both Linux and Windows. Linux and Windows both provide an OS based on a monolithic kernel that runs everything on your system and which therefore provides a single point of vulnerability. Qubes does away with this and isolates everything, even hardware components, in separate virtual machines. What's more Qubes does this is a way that's relatively easy to use. I just don't know why the average desktop user wouldn't benefit from such a system.

In the end, your logic just seems to be, because Linux is good, I won't switch to anything else better than comes along. Things evolve and change. Nowhere is that more true these days than in the computer world. Sticking to what used to be the best choice, just because it used to be the best choice, even once things evolve and get better, makes no sense. I have no doubt that tomorrow's OSes will work differently than todays and potentially be much more secure, whether that's Qubes or something else. I'm not going to just dogmatically cling to Linux, as it currently stands, because once it seemed like the best choice.

 

Hi cb474,

The obvious advantage of Qubes is its foundation as a Secure OS from its ground up design from the start, and being designed by one of the best security researcher teams in the industry - Johanna Rutkowska et al.

Windows did not become a huge target because it is used "by the average desktop user". It became a huge target because it was designed from the start without security in mind as a design goal, and it has been cheaper to buy than a MAC since before the inception of Linux thus it is called "the Swiss Cheese model for OS design as it contains the largest set of security hole vulnerabilities". Early on Windows was targeted by malware authors as a way to just try and get M$ to fix it, but that is a never ending task due to its origins. One particular artifact is the Registry construct used in its design - possibly the worst overall construct in the history of OS design from a security point-of-view.

OTOH, Linux is a much harder system to subvert from a security vulnerability point of view. If you are going to crack it, then you must either buy for $$$ tools intended to crack it from the underweb where malware authors are experts at Linux, or have attained the level of a Linux expert. That does not mean that there are no security vulnerabilities in Linux as you have already pointed out - and there are many that are discovered, but not for the lack of aforethought regarding security about its design that plagues Windows. The reason that security problems are found in Linux is because it has grown larger and more complex as it has diversified to adapt to different flavors of use - real-time embedded, large scalability in distributed computing, servers of all kinds, mobility computing, home desktop use, etc.

You mentioned that Qubes could save the average unsophisticated desktop user from a lot of dumb mistakes and behavior. In fact, nothing can save the average unsophisticated desktop user from a lot of dumb mistakes and behavior - even if they use Qubes. Mistakes are the way we learn to become experts - if we try to learn from out mistakes, and that includes all sorts of experts in every field of endeavor.

-- Tom

 

wow - you are writing an essay - such a long post.

I did not say anything comparing rootkits in Windows and in Linux. You said more common in Linux, as you meant, please use FACT, rather than pure speculation, HOW MORE COMMON than it use to be. Please list the names of what used to be available on Linux and what currently active on Linux, then you can talk "more" common or not.

Again - I did not say or indicate that Linux is " invulnerable". I said it's "SOLID". There is a difference.

Also, you tends to stretch everything I said to its extreme to demonstrate you logic - I never said security is the ONLY REASON/Criterion when it comes to server selection. Although there are other factors, mainly depending the function of the servers, but cost certainly is not the decisive factor (although it's an important factor) why Linux dominates web servers. You think big enterprises and the government will choose Linux servers just because Linux servers are free? No, money is not a problem for them.

Both Windows and Linux offer pros and cons. Windows is easy to install and run in its default mode, includes an array of drivers for virtually any type of hardware and has the widest variety of software available. On the other hand, it suffers from frequent security problems and requires critical patches that usually involve rebooting.

Where did I mention Linux servers are not attached? Being attached but not being compromised is not equal to being not attached. And they are "compromised all the time"? Again, please don't just use speculation when you talk, do you have any data to support your claim? I prefer discussions based on FACT. Your mention of Linux servers being compromised due to lack of admin ability is out of question here. Any OS, if leave outdated, can be compromised, it has nothing to do with Windows or Linux.

where did I say "security holes in Linux are ALWAYS" caught right away? Let's be reasonable here. I never said "always", I said "quickly and frequently". Yes any system is vulnerable, but to a different degree. I never said Qubes is less securer than regular Linux, I only said regular Linux, if keep updated, is secure enough for average desktop users. Security or not, it's all relative.

Yes it's reasonable argument. I may switch to Qubes in the future but not right now, as I think regular Linux is still good enough and more convenient. I know I can keep my Ubuntu box updated and more used to it. Until Qubes proves itself with time, I am very happy with Ubuntu for now.

 

Hi Tom,

I agree that the team behind Qubes is a very good team and that's a definite advantage.

As far as Windows being a traget, I think there's rarely one simple reason for something. Windows was easy to attack, in the early days, because it was so poorly designed. But it was clearly a huge target because it was the defacto desktop that everyone in the world used. It if had been a minor system that only a tiny handful of people used, no one would have ever bothered to target it. As they say in philosophy, the vulnerability of Windows was a necessary, but not sufficient condition. So the two conditions worked hand in hand, poor security and mass popularity. These days Windows is much more secure. Some argue Windows Server 2008 is just as secure as Linux. But Windows remains a huge target, because it is the most widely used. Obviously the efforts of attackers will be much more widely rewarded if there are more potential targets out there. As other OSes have become more popular, especially smartphone platforms, they have increasingly become targets. So I just don't think it's an accurate description of past events to suggest that the popularity of Windows had nothing to do with it being a target.

I agree that Linux intrinsically has many design advantages over Windows in terms of security. I clearly stated that above many times. Although Windows has gotten a lot better. But it's just not true that Linux is magically invulnerable. As I said above Linux servers get attacked, successfully, all the time. The Linux desktop not as much, because it's such a small target. But a lot of Linux desktop users have the idea that somehow by merely using Linux they're safe. It's just not true. If Linux were intrinisically so safe, there wouldn't need to be things like AppArmor, SELinux, and Grsecurity mapped ontop of it to make it more secure. And frankly, those are all things that are not easy to administer. Whereas Qubes offers better security, with far less administration from the user necessary. In addition, there is the problem as I said above of browser exploits, to which Linux is just about as vulnerable as Windows or OS X. If most of what the average desktop users does occurs within the browser, then the security of the browser is what counts, it doesn't matter how secure the underlying OS is. If the average desktop Linux users is sitting around thinking they're magically safe online, because they're running Linux, then they're fooling themselves.

As far as whether or not Qubes can save unsophisticated users from some dumb mistakes, I guess I really just disagree that nothing can help them. Again, there's not one simple, blanket, either/or answer. Things are always more complicated than that. There are lots of dumb mistakes (e.g. bad passwords) that no system can save your from. On the other had, there are many mistakes (e.g. not protecting yourself from cross site scripting attacks) that isolating programs in separate VMs for separate purposes (banking vs. general surfing) saves you from without all the fuss of NoScript and other more complicated solutions that require more understanding.

Cb

 

Hi Cb,

Well, I don't believe that Magic is "real", but I do believe Science is!

I also have never believed that Linux is "magically" invulnerable or safe from determined expert hackers that have made someone a target no matter their defenses employed - usually some kind of expert knowledge or money reason - and that makes targets of corporations more so than individuals except for individuals of enormous $$$ means where the payoff is more than worth the risk.

No amount of technology can save dumb users from themselves, including smart users, e.g. socially engineered exploits taken as bait. After all is said and done - we are all human, and susceptible to all of our human flaws. Not thinking before committing is the usual culprit!

However, make no mistake about it - Qubes was intended for advanced users, and while M$ have learned a lot about security - they have yet to get rid of the Registry and implement their research OSes to bridge their revenue generating applications if at all afaik.

-- Tom

 

I have just posted a thread entitled: How to find a notebook with VT-d (IOMMU) support for Qubes OS in the hardware subforum that is very complete on the issue of finding a suitable laptop to host Qubes.

-- Tom

 

@lotuseclat79: There is a way to save dumb users from themselves. It's read-only, no modifications allowed. More: https://www.wilderssecurity.com/showpost.php?p=2299335&postcount=79

 

Interesting read.

 

I just don't really understand your insistence on the blanket position that unsophisticated users can't be saved from themselves. Nothing is that simple. As you suggest some dumb mistakes, like falling for a phishing scam, technology can't save you from (although to be fair, browsers, dns servers, and other technologies already block phishing sites, email services scan for phishing email, so it really does seem technology can save people to some degree, though not completely). Other attacks, like having a virus get administrative access to one's desktop system, are largely mitigated by having separate user and root passwords and not automatically logging in as root. Indeed, the very things people have been pointing to as being better about Linux, than Windows, do save people from dumb mistakes. You can't really have it both ways. Is Linux intrinsically more secure than Windows or not? If the system is intrinsically more secure, then it shouldn't matter who the user is. In contrast, security that is entirely dependant on the user is necessarily not intrinsic to the system. Anyway, it's just complicated and depends on the particular situation; it depends on the particular user, the system, and the threat. Like all things there's no blanket answer.

As far as only coporations being the target of attackers in the Linux world that, again, is obviously because Linux as a desktop platform is a very minor player and not worth the effort. If it ever became as widely uses as Windows, which I don't think it will, it would become a target. It may be more resilient than Windows was, back in the day, but it would still be a huge target and there would be a lot of negative consequences for users. Just as Android has become a target and is not as safe as desktop Linux (despite being based on Linux) and iOS is going to become a big target (despite being based on BSD). Even Eugene Kaspersky thinks so: http://readwrite.com/2013/09/05/kaspersky-the-ios-malware-dam-will-break.

I agree that Qubes as it stands is more for advanced users. But it's certainly less for advanced users, as I said above, than administering SELinux, AppArmor, or Grsecurity. I even think it's easier to use or at least no more difficult than messing with NoScript (although the two do not entirely serve the same purpose, but have some overlap). My impression was that in the long run Qubes may be intended to average users. It's not really especially harder to install than any old Linux distro and it's easy to imagine how the other elements might get easier to use.

Anyway, we're probably going in circles on this. But I just don't buy these arguments that X is always better and Y is easier and either you know what you're doing or you don't. As I keep saying, things are always more complicated and nuanced than that.

That aside, thanks for the guide on VT-d. Very useful.

 

Should you switch to a supersecure operating system?

 

Thanks for the link. Seem like a silly article to me. Off the bat he acknowledges not having installed or used Qubes. Then he makes up a lot of scenarios that sound like using Qubes would be a pain and pretends that these extra difficulties almost totally defeat the benefit of Qubes.

Basically his argument boils down to Qubes is more difficult to use than a regular OS and it's not prefect, therefore it's not worth bothering with it.

I don't think anyone is pretending Qubes is as easy to use as a normal desktop system. But it's also not that hard and all the hassles the author outlines are blown out of proportion. Oh no, I have to have different passwords in each domain for good security! Curse you Qubes you've made my life so difficult! As if this is not the same problem of managing passwords with different sites, etc., the we have all the time.

In the end, no security if prefect. but it seems to me that Qubes is working on a relatively easy way from people to have different virtualized environments for different purposes. If this reduces the risk that's good. It's never about totally eliminating the risk. It's just about not making it ridiculously easy for attackers.

 

Am I the only one who sees a salacious pun on Qubes?

It's even security relevant

 

Please - do share!

-- Tom