zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. AaronF+Gd[view] [source] 2017-11-19 18:55:31
>>ploggi+(OP)
I'm very excited that Microsoft is moving in the same direction. The feature Windows Defender Application Guard (WDAG) runs Windows applications, right now only the Edge browser, in a virtualization isolated container[1]. Under the hood it's using what Microsoft calls "Hyper-V Containers", which are lightweight virtual machines that share some host resources such as a read-only filesystem. The closest open source analogues to that are Intel(R) Clear Containers[2] and Qubes.

The closest you can get to Qubes on Windows would be to follow Microsoft's Privileged Access Workstation (PAW) guide, but it requires a lot of additional infrastructure[3]. That infrastructure allows you to do remote attestation of the virtual machines, but makes it costly to deploy in a SMB or homelab environment.

I don't expect it'll be very long before PAW and WDAG are usable at the same time, with colored window borders indicating the origin virtual machine. I hope this is on Microsoft's roadmap.

Video on privileged access workstation use, starting at a demo: https://youtu.be/3v8yQz2GWZw?t=41m48s

Video on privileged access workstation setup: https://www.youtube.com/watch?v=aPhfRTLXk_k

[1] https://docs.microsoft.com/en-us/windows/threat-protection/w...

[2] https://clearlinux.org/features/intel®-clear-containers

[3] https://docs.microsoft.com/en-us/windows-server/identity/sec...

◧◩
2. michae+Bs[view] [source] 2017-11-19 22:00:14
>>AaronF+Gd
I think that "The closest you can get to Qubes on Windows" is what https://www.hysolate.com/ are building
[go to top]