Finally, a 'Reasonably-Secure' Operating System: Qubes R3

The world's most secure operating system assumes you've been owned.

You know the state of computer security is dire when Qubes OS, arguably the world's most secure operating system, makes only modest claims.

Last week, the software project announced the official release of Qubes R3, which includes major advances both for Qubes and for the future of secure operating systems. It is, the announcement noted, a "huge effort of creating a new 'reasonably secure' desktop OS."

Unlike most operating systems, Qubes doesn't just play an endless game of Whack-a-Mole by patching security vulnerabilities as they come up (although Qubes does that too).

Instead, Qubes applies the infosec adage "assume a breach," and compartmentalizes accordingly.

"Security by Isolation," as Qubes founder Joanna Rutkowska puts it.

Qubes lets users create multiple virtual machines (VMs) and so compartmentalize their digital activity.

By isolating your dodgy malware-prone porn browsing in one VM from, say, the VM where you do your online banking, you ensure that one exploit doesn't let an attacker take over your entire computer.

"There are actually two main obstacles preventing Qubes becoming more widespread"

Qubes is built on a security-hardened version of the Xen hypervisor. (A hypervisor mimics the underlying hardware and supports running multiple VMs.) While earlier Qubes releases supported only Fedora, a distribution of the free and open source operating system Linux, and, later, Windows 7 VMs. Qubes R3 includes official support for Debian, another Linux distribution, and also for Whonix, a privacy-optimized Debian derivative that routes all internet traffic over Tor.

Under the hood Qubes R3 features a new "Hypervisor Abstraction Layer (HAL)," which, the announcement explained, "decouples Qubes logic from the underlying hypervisor. This will allow us to easily switch the underlying hypervisors in the near future, perhaps even during the installation time, depending on the user needs."

Before you rush out and download a copy of Qubes, you should know it's still a pretty geeky tool. Computer users without an IT background may experience frustration—"driving" Qubes has been compared to a driving with a manual transmission. Finding compatible hardware can also be tricky as well.

"There are actually two main obstacles preventing Qubes becoming more widespread," Rutkowska wrote in an email. "1. Difficulty in finding a compatible laptop to install Qubes OS on, and 2. Difficulty to configure the system for specific workflows (e.g. set up Split GPG, or Whonix Tor VMs, or VPNs, etc.)."

Rutkowska wants to work with a few companies and pick two or three specific models that can be "Qubes Certified" laptops. She wrote that Qubes has been in talks with two vendors over the last month, but declined to reveal their names as negotiations are ongoing.

Qubes also plans to refine up its user interface design to make it easier for non-technical end users, such as journalists, lawyers, and other high-risk individuals.

"The users who need the security offered by Qubes the most are human rights defenders—journalists, activists, civil society groups," Michael Carbone of the Qubes project wrote in an encrypted email. "Groups who cannot afford to have a single malicious attachment compromise their entire system—or community."