zlacker

[return to "Qubes: an open source OS with strong security for desktop computing"]
1. nvicto+x6[view] [source] 2011-06-12 03:33:21
>>evangi+(OP)
aren't the specs a little too much for an os focusing on security?

Minimum:

4GB of RAM

64-bit Intel or AMD processor (x86_64 aka x64 aka AMD64) Intel GPU strongly preferred (if you have Nvidia GPU, prepare for some troubleshooting; we haven't tested ATI hardware)

10GB of disk (Note that it is possible to install Qubes on an external USB disk, so that you can try it without sacrificing your current system. Mind, however, that USB disks are usually SLOW!)

◧◩
2. eroppl+29[view] [source] 2011-06-12 05:18:58
>>nvicto+x6
I agree - it sounds like a performance nightmare across the board, even with those aggressive specs.

Wonder how it handles OpenGL applications and games.

◧◩◪
3. X-Iste+pa[view] [source] 2011-06-12 06:14:14
>>eroppl+29
It is definitely not meant to be used for gaming. The whole idea is to put everything in a Xen virtualised environment so that you can run untrusted applications or applications with untrusted input in different security levels.
◧◩◪◨
4. eroppl+sc[view] [source] 2011-06-12 07:16:44
>>X-Iste+pa
Yes, I realize that. The practical concern is that people like to play video games, and if your high-security desktop OS doesn't let them, it will be discarded.
◧◩◪◨⬒
5. freyrs+yd[view] [source] 2011-06-12 07:55:13
>>eroppl+sc
Qubes is not a desktop OS for the masses, it's a niche operating system for professionals who need a high security environment. I would doubt it would be discarded based on lack of game compatibility since anyone who has that level of security knowledge is certainly going to be able to dual boot into whatever more game-friendly OS they need.
◧◩◪◨⬒⬓
6. eroppl+Ud[view] [source] 2011-06-12 08:13:58
>>freyrs+yd
That's the thing, though: I am skeptical that your "professional who needs a high security environment" is going to be satisfied by this. It's turtles all the way down--while I know Joanna herself was one of the folks behind the Bluepill attack, why trust Qubes to not be vulnerable to its own version of the attack? (This is obviously an oversimplification and executing such a task is nontrivial--but breaking out of a VM was thought to be a lot harder than Bluepill made it, too.)

The closest thing to an answer to that, as far as I can tell, is multiple computers. Assuming Qubes works as advertised, however, it seems as if it doesn't really scratch the bigger itch--the technology seems cool (I haven't dug deeply into it), but does it address the social/usability problem of security, even for these professionals who need that high security environment?

From reading about this, it seems as if you could have stopped at "it's a niche operating system," because to my mind it seems like professionals who need a high security environment will just have multiple computers. If a segmented system like Qubes is not going to run the stuff that your hypothetical professional will want to run (games just being an example, and one that seems to have been misleading), then why would it be preferable to just rolling multiple computers? (Cost, which is the only advantage I can think of, doesn't strike me as a significant factor to folks who are actually doing things that necessitate this sort of security.)

◧◩◪◨⬒⬓⬔
7. rdl+Mg[view] [source] 2011-06-12 10:03:52
>>eroppl+Ud
There has been a lot of work out there on how to use a "separation kernel" (basically, a hypervisor with proven/provable levels of isolation between guests), plus stuff like Intel's VT-d, VT-x, etc., to provide real isolation between guests. (also, really useful for RTOS and embedded systems)

If you've ever worked in a high security computing environment, you've had N workstations on your desk, where N is often approaching 5 -- NIPR, SIPR, JWICS, various task-specific machines, etc. These environments aren't just nice air conditioned purpose-built offices in the US; they're tents in Afghanistan, on aircraft and cramped warships, etc.

Sometimes people use KVM switches, but even then, you need separate hosts, and it's usually best to use multiple monitors and keyboards anyway.

Invisible Things was has been testing the limits of current hypervisors, and there's room for them to both work on what is possible once a real separation kernel exists (now) in prototype form, and to continue to refine hypervisors and develop a real separation kernel.

I'm still kind of amazed that these 2-4 people in Poland are probably the world's foremost experts on hypervisor security.

◧◩◪◨⬒⬓⬔⧯
8. sbierw+Jh[view] [source] 2011-06-12 10:59:45
>>rdl+Mg
N=6, here.

https://secure.wikimedia.org/wikipedia/en/wiki/File:Intel_Gr...

[go to top]