Qubes OS: A Linux Distro For Security And Virtualization

We like to think that there is a Linux distribution for everything. There is a distribution for browsing the web, one for playing video games, one for privacy, and there is one for security – Qubes OS.

Based on the virtualization software Xen, Qubes OS composed of several light-weight virtual machines, each is isolated from the admin system and is dedicated to a special task, such as working, Internet browsing, personal activities, etc. The security comes from this virtualization process: each virtual machine comes with its own web browser, file system, etc., making sure that the different parts of your life are separated from each other, and therefore unreachable in case of breach. It is also very easy to create your own VMs, making the experience perfectly suited for your needs.

First of all, download the official DVD image on the website. The installation itself is very straight-forward. You might figure that for an advanced distribution, the process would be all in command line. However, it is surprisingly very easy and close to an Ubuntu live CD.

qubesos-install

Everything is graphical, and the steps are more or less standard for a Linux installation: date and time, user name and password, type of installation, encryption, and reboot.

qubesos-partition

On the first launch, you will have to accept the license agreement and create the first set of VM. In general, if you have any doubt, I advise you to follow the default choices, which are perfectly appropriate for most cases.

Once you finish the installation, you will be surprised (or maybe not) to find a very traditional Fedora system with KDE.

qubesos-desktop

The only thing that differentiates it from a Kubuntu is the little cubes applet at the bottom left: this is where the fun begins.

qubesos-applet

By clicking on the applet, you open a window that will let you run, stop, create, and update the virtual machines. It will also help you keep track of the memory usage, which is especially useful when you know how CPU-intensive virtual machines are.

qubesos-vms

So, you can go and launch your first VM. You will notice that each one has a specific color, as well as a set of software, which is by default composed of an Internet browser, an email client, a file manager, and a terminal.

qubesos-untrusted_softwares

If you create a new VM, you will choose a new color for it, and it will be derived from a Fedora template. The different colors make it easy to differentiate in which environment you are working. For example, the red Firefox is for “untrusted” activities such as random Internet browsing.

qubesos-untrusted_borwser

Meanwhile, the yellow is for the personal domain.

qubesos-personal_files

That way, if your computer is powerful enough, you will be able to simultaneously run multiple virtual machines, and yet keep track of what you are doing. With a little more configuration, it is possible to add new programs to the different environment from the launch menu (an Office Suite would be welcome). And since this is KDE, everything else is also easily configurable. Finally, it is also possible to update the Fedora template previously evoked, from which the virtual machines are derived, and keep them up to date.

Qubes OS is a very interesting distribution. I have to admit that I was seduced by the intention and the result. However, besides all the advantages, we can still question if such a system could one day replace the more common distributions. Right now, I don’t feel ready to switch completely to Qubes OS. As a last notice, if you consider trying Qubes OS in a virtual machine, give it at least 2 GB of RAM for creating the light-weight virtual machines inside of your main one (Inception?). We can guess that security has its price then.

What do you think about the concept/realization of Qubes OS? Are you seduced? Could you make it your main system? Please let us know in the comments.

Qubes OS