The Secure OS That Isolates Your Programs to Make a 'Digital Fortress'

The technologist helping to protect the Snowden docs uses Qubes, and now the designers are hoping to make it more mainstream.

|
Oct 1 2014, 5:20pm

Screenshot of Qubes OS. Image: Qubes OS

If you're looking for an operating system with a focus on security, you could do worse than to consider that praised by the technologist tasked with protecting the Snowden documents from prying government eyes. 

Qubes has been described as a "digital fortress" and "the operating system that can protect you even if you get hacked," by Micah Lee, CTO of the Freedom of the Press Foundation and a technologist working with Glenn Greenwald and others at First Look Media. 

The second version of the system, Qubes OS R2, was released at the end of last week, and the designers made it clear they want to attract a more mainstream user base. In a blog post announcing the new release, project lead Joanna Rutkowska said they had brought in Microsoft's former chief privacy adviser, Caspar Bowden, to help "make Qubes OS more suitable for a wider audience of people interested in privacy."

Qubes OS R2 running Windows AppVMs. Screenshot: Qubes OS

The strength of Qubes comes from its overall approach to security, which is fundamentally different to that of other operating systems. Most, such as Windows, release regular patches in order to iron out every single bug; a near-impossible task considering how many lines of code exist in an OS and the software on top.

Whether it's a weakness in Flash that an attacker can exploit, or an unknown exploit lurking around in your word processing software, eliminating all bugs in a computer system just isn't going to happen.

Indeed, zero-day vulnerabilities can sneak up at any time. The recently revealed Shellshock bug, a flaw in the Unix Bash shell that could allow attackers to compromise potentially millions of systems, had been around, undiscovered, for at least 20 years.

Instead, the philosophy of Qubes OS is to "assume breach," Rutkowska told The Economist in March. The designers accept that, no matter how hard programmers try, there will be vulnerabilities in software.

Qubes tackles this by running multiple virtual machines (VMs) at the same time. Lee perhaps describes these most simply as "a tiny operating system running inside of your real operating system."

A diagram showing the Qubes architecture. Image: Qubes OS

The OS applies virtual machines to the different uses of your computer. One may deal with your personal email; another with instant messaging, or online banking. If one of these VMs does get compromised, perhaps via a malicious link nestled in your email, only that VM will be effected. The rest of your computer should remain protected.

You can even create VMs that are not allowed internet access to store sensitive documents; something that could be of particular interest to journalists.

This secure architecture comes at a price, though. Because of the power needed to run multiple virtual machines simultaneously, it is recommended that users have at least 4GB of RAM, and preferably more. It's also not a piece of kit that can be picked up by the average, or even intermediate user. "At the moment you have to be pretty tech savvy in order to get the full benefits of Qubes. And it doesn't hurt if you're already a Linux nerd," Lee wrote.

This is one of the obstacles that Qubes faces if it's looking for widespread adoption, which is what Bowden has been brought in as Qubes Policy Adviser to work on. As well as his previous work for Microsoft, Bowden has advised the UK Parliament, sits on the board of Tor, and is an EU data protection and surveillance law expert.

Rutkowska compared Qubes in its current state as like a racecar heading into production as a road vehicle, but promised that, "This is just the beginning for making security by isolation on the desktop as 'driveable' as a [insert your fav make of German fine cars]."