Bulkheads on the desktop – Qubes OS
Everything's Virtual
Qubes OS compartmentalizes every activity on your desktop in its own VM.
Compartmentalization has always been a basic principle of security. For instance, limiting what can be done with a regular user account confines the damage that can be done by malware to the current user account. However, Qubes OS [1] takes compartmentalization to an extreme, running each window in its own Xen hypervisor [2]. The result is one of the most innovative desktop environments available, as well as what the project understatedly calls a "reasonably secure operating system."
Qubes is not the first distribution to emphasize security. A popular practice is to sandbox [3] questionable applications, often running them in virtual machines. In the last few years, the security-focused Tails [4] distribution has also become popular. However, as the Qubes documentation points out, virtual machines are only as secure as the host operating system. Similarly, Tails, while providing a strong measure of security, because it is designed to be run off a flash drive, is still monolithic, which means that if any part of it is cracked, the whole system is likely to be as well.
As for anti-virus applications and firewalls, they are at best a partial solution, because malware today is often concealed in legitimate applications. By contrast, so-called "bare metal" hypervisors like Xen do not run from the host operating system, making them more difficult to crack, whereas compartmentalization limits any potential damage and makes Qubes highly customizable as well.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Alpine Linux 3.24 Features Fresh Desktops and a Newer Kernel
If you're a fan of Alpine Linux, it's time to upgrade because the latest version has been released with KDE Plasma 6.6, Gnome 50, and Linux kernel 6.18 LTS.
-
EU Open Source Strategy Plays Key Role in Tech Sovereignty Package
Comprehensive measures adopted by the European Commission aim to reduce dependency on non-EU countries.
-
Linux Foundation Report Indicates AI Driving Tech Hiring
Within growing security and skills gaps, AI has been found to be a positive driving force behind tech hiring trends in Europe.
-
United Nations Open Source Portal Goes Live
A new open source portal seeks to coordinate and scale open source efforts across the United Nations system.
-
KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
-
California May Exempt Linux from Its Age-Verification Law
After backlash from the Linux community, California may be backing off on its promise to force all operating systems to verify age, but one platform may still have to comply.
-
Another Logic Bug Found in Linux Kernel
Qualys has discovered a vulnerability in the Linux kernel that can be used to elevate standard user privileges.
-
Ubuntu Core 26 Offers Game-Changing Enterprise Features
Ubuntu Core 26 could be a game-changer for organizations looking for increased security and reliability.
-
AI Flooding the Linux Kernel Security Mailing List
AI is giving Linus Torvalds a headache, but not in the way you might think.
-
Top Priorities for Open Source Pros Seeking a New Job
Professional fulfillment tops the list, according to LPI report.