I am seriously contemplating switching from OpenSUSE 11.4 64 bit with Tumbleweed over to this new Qubes OS which is based on Red Hat Fedora 14, Xen, and the X Windows System. I tend to favor security over functionality and features, but Qubes has a lot of potential going for it. Fedora is one of the most stable, reliable, and dependable GNU/Linux operating systems and it is considered to be a cutting edge distribution. The principles of virtual machines and sandboxes are proven technologies when it comes to reducing the attack surfaces and vectors for cyber attacks especially concerning 0 day exploits. The only disadvantage of the Qubes OS is that it is going to require at least 512.00 MB of RAM per virtual machine, but this is not a problem for me since I own an ASUS N61JV-X2 notebook PC with 8.00 GB of DDR3 PC-8500 1,066 MHz SDRAM and I also own an Intel 2nd Generation 34nm 160.00 GB Solid State Drive.
I wanted to get opinions from community members here about this upcoming Qubes OS which just recently released its public beta version.
I just would try it out and see how it is in real.
Since it runs in virtual mode and applications are declared to on layer or the other, yes it may be more secure as it does not touch the real system.
But, this does not protect against the dangers of the web of course.
I would like to read a review about it and see if it is really that secure, since this is a bold marketing slogan to distinguish it from other distributions.
You can install it on a USB flash stick drive and run it though it will be slow. As for me, I will wait for the stable shipping version to be released hopefully this fall 2011 semester according to the Qubes OS FAQ.
Seriously, how do you expect anyone to take you seriously when you start your post with such absurb claims as “Fedora is stable and dependable”.
If you haven’t noticed Fedora has become the laughing stock of the rest of the Linux “community” (and I shall use that rather loosely) for the fact that they are most likely the least stable, most bleeding edge distribution that constantly pushes out completely broken updates, has broken components out of the box and has the stability of Charles Manson.
Fedora is like a car made in China, I sure as hell wouldn’t go faster than 20km/h with it and wearing full kevlar body armour.
After reading the installation guide for Qubes OS, Joanna Rutkowska mentions that they have not tested AMD ATI GPUs yet and she warns against installing the proprietary nVIDIA GNU/Linux graphics drivers because they are unsigned code and they must be manually installed within the dom0 trusted AppVM as of public beta 1 release. Actually, she recommends buying a laptop with Intel HD Graphics to install Qubes OS.
My ASUS N61JV-X2 uses nVIDIA Optimus which nVIDIA clearly stated that they have no plans to support at the current time within Linux environments.
I plan to purchase a new Hewlett Packard Elitebook 8560w. It will come configured with a nVIDIA Quadro 1000M GPU. It is certified to run SUSE Linux Enterprise Desktop 11 SP1.
I will stick with OpenSUSE with Tumbleweed on my ASUS laptop. When I have the funds available and I get accepted to NYU Poly for their Ph. D. program in Technology Management by January 2013, I will buy a new HP Elitebook 8560w and a genuine copy of SLED 11 SP1.
Qubes OS is a very compelling idea, but I will not migrate to it when it is shipped in its stable release version.
The real reason why I do not want to switch to Qubes OS is due to the fact that I do not want to destroy my OpenSUSE installation and replace it with Qubes OS. Then, I will buy the HP Elitebook 8560w and I will install SLED 11 SP1 or OpenSUSE. I would rather keep my operating system intact rather than have to learn how to use two different ones in less than a year and a half of time.
I am also concerned about the potential problems that I will experience if I switched to Qubes OS. I plan to graduate with my Masters of Science in IT Administration and Security degree from New Jersey Institute of Technology by December 2012 and I need to keep my Oracle Virtualbox virtual machine containing Microsoft Windows 7 Professional 32 bit intact for academic work and research too. I really do not look forward to reinstalling Microsoft Windows 7 from scratch on my ASUS N61JV-X2 notebook PC again if I make any drastic changes.
From what I read on Qubes OS you could probably configure openSUSE to do the same. openSUSE has the xen kernel, so it’d just be a matter of setting it up like that. There is also selinux in openSUSE. Between the two, you could have a very secure openSUSE.
I think this security idea is kinda nice, but the problem is somewhat exaggerated.
You can perhaps pretty tighten the security on a computer, but one vulnerability will be still the web. And this has more to do what the user does if he/she is on the web.
Then you have the whole social networking that is not that secure.
Also smartphones in itself are like Windows on the pc. There are a lot of holes and problems since security does not play a big role on phones so far.
My point is, you can build barriers in the pc, but they are only as good, as you regard security in general.
Most hacking is done by social approach and lesser by just ‘hacking’ for information. The idea is good (i think) but it would not make me switch personally.
And no, there is no review so far. That was from their website. Need to read something neutral on it.
If you chroot dhcp and other web tools like browsers and put them into the xen environment, then you have a very secure environment in which to surf from.
My guess is, that it will protect the system what you suggesting. My assumption was more that you are still vulnerable just alone by the browser. The history, as an example, can be extracted.
I agree that you can make your system somewhat protective, but i have a hard time seeing that you can actually make a foolproof system. So i am not arguing that idea and the distro is safe. Its just not the system that is at stake.