Isolation with Qubes OS 4.0
Debian 9 as a Domain
As described previously, you can install a domain for Debian 9 or the Tor distribution Whonix [13], which further secures Internet browsing and routes all data packets through the Tor network (Figure 6). Switch newly created or cloned AppVMs from Fedora 26 to Debian 9 through their settings. To make this change, the AppVM must be inactive. After restarting the domains, Debian packages and commands will be available in the AppVM (Figure 7).
You can also set up Qubes OS to multiboot with Linux and/or Windows. However, this undertaking is not entirely trivial and requires special attention. The developers actually advise against dual booting in the project documentation [14]. Qubes feels most comfortable as the sole ruler of the hard disk. By the way, the distribution refuses to install in VirtualBox.
Conclusions
Qubes OS in combination with the anonymizing Whonix probably offers the most secure operating system on the market. In combination with a Purism Librem notebook, security is further increased by using coreboot, TPM, and kill switches. For security enthusiasts and other users who take security seriously, Qubes OS is a powerful alternative.
Qubes is not designed for Linux newcomers: The system is still far away from the stated goal of developer Joanna Rutkowska to make the system as easy to use as Ubuntu. At the moment, Linux professionals will still need a few days to familiarize themselves with the system. For Qubes OS 4.1, the team is working on its own GUI domain, which should reduce the size of dom0
and thus further reduce exposure. In addition, the distribution will someday support other hypervisors, such as KVM.
Infos
- Tails: https://tails.boum.org
- Qubes OS: https://www.qubes-os.org/
- Joanna Rutkowska: https://en.wikipedia.org/wiki/Joanna_Rutkowska
- Invisible Things Lab: https://invisiblethingslab.com/
- Release Notes: https://www.qubes-os.org/doc/releases/4.0/release-notes/
- Intel VT-x: https://https://https://en.wikipedia.org/wiki/X86_virtualization#Intel_virtualization_(VT-x)
- AMD-V: https://https://en.wikipedia.org/wiki/X86_virtualization#AMD_virtualization_(AMD-V)
- Hardware Compatibility List: https://www.qubes-os.org/hcl
- Qubes Admin API: https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
- Qrexec: https://www.qubes-os.org/doc/qrexec3/
- HVM: https://en.wikipedia.org/wiki/Hardware-assisted_virtualization
- PVM: https://en.wikipedia.org/wiki/Parallel_Virtual_Machine
- Whonix: https://en.wikipedia.org/wiki/Whonix
- Multiboot: https://www.qubes-os.org/doc/multiboot/
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
KaOS Linux 2024.05 Adds Bcachfs Support and More
With updates all around, KaOS Linux now includes support for the bcachefs file system.
-
TUXEDO Computers Unveils New Iteration of the Stellaris Laptop Line
The Stellaris Slim 15 is the 6th generation and includes either an AMD or Intel CPU
-
KDE Releases Plasma 6.0.5
The latest release of the Plasma desktop has arrived with several improvements and the usual bug fixes.
-
Gnome OS Adopting systemd-sysupdate
Gnome OS is about to undergo a major under-the-hood change that promises enhanced security.
-
Endless OS 6 Now Available
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.