Secure operating system Qubes officially released

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

“After nearly three years of work, I have the pleasure to announce that Qubes 1.0 has finally been released,” Joanna Rutkowska, Founder and CEO of Invisible Things Lab, announced today.

Qubes OS is a “stable and reasonably secure desktop OS”, she writes, explaining that she cannot call it “secure” or “unbreakable” unless it is formally proven that the whole design and implementation are 100% secure.

Still, she considers it the most secure option among the existing desktop operating systems – even more secure than Apple’s iOS, which puts each application into its own sandbox and does not count on the user to make security decisions.

“In Qubes OS, it’s the user that is responsible for making all the security decisions – how to partition her digital life into security domains, what network and other permissions each domain might have, whether to open a given document in a Disposable VM, etc,” she explains. “This provides for great flexibility for more advanced users, but the price to pay is that Qubes OS requires some skills and thinking to actually make the user’s data more secure.”

Qubes OS will make users as secure as they are able to make themselves by choosing the right security choices.

For example, Qubes will offer users the option of using disposable virtual machines for executing tasks they believe could harm their computer. These VMs will be lightweight, easily and extremely speedily created and booted, and would be just as easy to discard.

Using the example of a potentially malicious PDF attachment received by email, Rutkowska explained the usefulness of these VMs: “You create a clean, disposable VM, just for the purpose of viewing the PDF. Then, once you’re done, you just throw it away. If the PDF was malicious it could done harm only to its own disposable VM, that doesn’t contain anything except… this very PDF. At the same time, the disposable VM is always started in a clean state, so there is no way somebody could steal the document. Only the document can steal itself.”

The creators’ goals was to make an OS that would be easy to use and efficient on the surface, but would have all the strong security that Qubes architecture provides seamlessly implemented below the surface. According to Rutkowska, they have succeeded.

But “…even though Qubes has been created by a reasonably skilled team of people, it should not be considered bug free,” she conceded, and called upon hackers and tinkerers to try to break Qubes and report their findings in order to help make it more secure.

The OS’ ISO and the installation instructions can be picked up here.