Qubes Linux Distribution - Security By Isolation
Qubes is a Fedora Based Linux Operating System to provide better security by using virtualization. Qubes is developed by Poland developers that include Joanna Rutkowska, Marek Marczykowski-Górecki, and many others. The first Qubes version was released on 3 Sep 2012. Currently, Qubes is on version 3.2. It is developed under GPL v2 license its default user interface is KDE and Xfce.
How does Qubes OS provide security?
Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes. This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.
Moreover, all of these isolated qubes are integrated into a single, usable system. Programs are isolated in their own separate qubes, but all windows are displayed in a single, unified desktop environment with unforgeable colored window borders so that you can easily identify windows from different security levels. Common attack vectors like network cards and USB controllers are isolated in their own hardware qubes while their functionality is preserved through secure networking, firewalls, and USB device management. Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space, to boot). Qubes even allows you to sanitize PDFs and images in a few clicks. Users concerned about privacy will appreciate the integration of Whonix with Qubes, which makes it easy to use Tor securely, while those concerned about physical hardware attacks will benefit from Anti Evil Maid.
Moreover, all of these isolated qubes are integrated into a single, usable system. Programs are isolated in their own separate qubes, but all windows are displayed in a single, unified desktop environment with unforgeable colored window borders so that you can easily identify windows from different security levels. Common attack vectors like network cards and USB controllers are isolated in their own hardware qubes while their functionality is preserved through secure networking, firewalls, and USB device management. Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space, to boot). Qubes even allows you to sanitize PDFs and images in a few clicks. Users concerned about privacy will appreciate the integration of Whonix with Qubes, which makes it easy to use Tor securely, while those concerned about physical hardware attacks will benefit from Anti Evil Maid.
Download Qubes
You can make it bootable by burning the DVD or by making a flash drive.
Qubes doesn’t have torrent downloads so you have to download it using the website link.
Qubes doesn’t have torrent downloads so you have to download it using the website link.
Qubes Linux Installation
For the latest version, there is no live option but for earlier releases like 3.1, it has Live mode available. I am using live mode to evaluate how Good qubes is. The installation process of cubes 3.2 is much like normal Fedora installation but in the end, it includes some configuration for the Domains.
Note
You cannot install qubes inside Vmware or virtualbox easily because it will switch installer to command line which is much difficult to use so better to try it on spare hard drive or pc.
Live Mode Review
Live Mode is simple to boot and it will get you into the Kde environment. Domains are created if you try to open something.
Dom0 has the most priority and other domains are then given priority. These domains are like virtual boxes which are created to separate the programs form one and other so if one is infected by virus other cannot be infected. VMs can be killed if through Domain Manager
If you open browser it will have its own domain and it will get its resources.
If you open browser it will have its own domain and it will get its resources.
This is great as the focus of cubes is on privacy to keep someone safe from getting hacked and tracked. By default updates are disabled so you have to enable them using a package manager. Qubes is all about privacy and that is its main focus. There is not much into that. Every Program gets its domain to remain secure and using KDE as a Desktop Manager makes it a resource heavy to use. It uses Thunar as a file manager.
Using live mode may have some bugs in it because it is in the alpha phase.
Final Thoughts
Although Qubes is a great distro from a security point of view. It is not suitable for daily use because it has some restrictions to be used as updates by default are disabled. The privacy point of view of Qubes in practical is a great way of implementing virtualization for security and privacy. But for easy use of Operating System, it is cannot be used because of restrictions.