Qubes OS – virtualizing away software threats

Joanna Rutkowska has made a name for herself in the software community as a security researcher. Now, she wants to change the way we run apps to isolate threats to our system’s security.

On her blog, Rutkowska says:

“For the last 6 months we have been busy with a new project: Qubes. Qubes is an open source OS based on Xen, X, and Linux, designed to provide strong isolation for desktop computing…..

The system is currently in the alpha stage, but if you’re determined it’s actually usable. For example I have switched to Qubes around a month ago, and two weeks ago I even decided to wipe and reinstall my Mac Book, which used to be my primary laptop previously. Now I use my old Mac Book only for making the slides (Apple Keynote really has no competition) and Web page for Qubes 🙂 And I use Qubes for pretty much all the other daily tasks, from work, shopping, banking, random browsing, to Qubes development itself (it takes part in the “qubes” AppVM).”

Qubes touts itself as having a Security by Isolation approach. It uses virtualization technology to isolate programs from each other, and even sandbox many system-level components, like networking or storage subsystems, so that any compromise of their functionality does not impact other parts of the system.

Qubes lets the user define many security domains implemented as lightweight Virtual Machines (VMs), or “AppVMs”. For example, a user can have “personal”, “work”, “shopping”, “bank”, and “random” AppVMs and can use the applications from within those VMs as if they were executing on the local machine, but at the same time they are  isolated from each other. Qubes supports secure copy-and-paste and file sharing between the AppVMs.

Rutkowska sees the desktop as the place where most users store their secrets – logins, passwords, documents and keys, and dirty business – so, she is the first line of defense against threats as being here, and not at the network level, where most of the work is done.

Blessed be the anti-viral makers for they shall keep our porn safe from prying eyes.