Anyway, still very cool stuff. I used Qubes for a few years before I made the mistake of purchasing a laptop that wasn't fully supported, but I often think about picking it back up or trying to install it again.
Usability, however, is a bit wonky, but that's the trade-off for security. I'm sure my relative inexperience with it is at play there, as well.
I have a primary 'vault' qube that holds all the credentials for all qubes, and then use Firefox's built-in password management on a per-qube basis. There is an initial 'config' step where I'll need to pass credentials from the Vault qube to an App qube, but after that it's smooth+automated.
Alternatively, you could use a vault-per-qube model.
The article mentions using a disposable VM to view email attachments but considering how much malware is delivered through the web I like to keep my web activity highly comparmentalized by default. The trick is to configure the browser and set your bookmarks etc first in the disposable app vm template. You can even have some accounts pre logged in, ideally using Firefox's container tab system for extra security.
For a more advanced setup: I have one dispvm template for general web surfing and another for my social activity, with container tabs and live logins for various social platforms, and then a third dispvm template where I'm logged in to some things I care more about like Google Docs. Then all my really sensitive stuff is in a fourth, non disposable vm where I only use it for things like bank, mutual fund, 401k, credit cards, etc (all in container tabs for extra security). No web surfing ever in that vm.
Here is a list of devices recommended by the community: https://forum.qubes-os.org/t/community-recommended-computers....
Qubes doesn't preinstall any spyware. It provides privacy with Whonix: https://www.qubes-os.org/faq/#how-does-qubes-os-provide-priv.... If your BIOS is compromised, then it might be game over; coreboot is recommended.
VMs (Qubes) work like a snap. I typically run 8-10 with various utilities/browsers and wouldn’t even be able to “tell” that it’s running in a VM if I didn’t know any better. The entire OS feels very lightweight and snappy. I also prefer minimal UIs, so that helps a bit. I can see where the UI might “put off” some modern users, as it reminds me a lot of the old CDE interface without the bottom status bar that CDE used to have (I believe Qubes uses GTK-2, IIRC). The included Linux Qubes (Debian, Fedora, Whonix) all work well and provide a “seamless” enough experience, considering that you are always working with multiple virtual machines.
Others in the thread have echoed concerns about the funky copy/paste feature, but it works well for me once I got the hang of it. I sometimes now even accidentally do the two-step copy/paste even when I’m not using Qubes.
Windows 10 in a Qube, on the other hand, is only okay-ish. It’ll get the job done running Office 365, but I wouldn’t exactly call it a pleasant experience. It’s a bit sluggish and will only run in full VM mode, which is a resource hog.
Although I don’t really call Windows a pleasant experience in most cases. ;)
This cannot be emphasized enough. :)
I was using zswap to cut the memory load of each VM, which made it sort of tolerable. When a VM gets to using too much RAM, streaks and visual artifacts start to show up in windows and desktop decorations, eventually filling them with random noise, and then there is nothing to do but shut the VM, and often the whole machine, down.
I resent systemd burning hundreds of MB in each VM for, mostly, nothing of any value. You can "systemctl disable" things like wpa_supplicant, but it doesn't help much.
I have finally got another laptop with 32GB, expandable to 64GB. But suspend/resume doesn't work on it -- screen just goes black, until power-off -- nor an external HDMI monitor. I have to hope future kernel releases will fix these.
That seems...not right. I typically have 8-10 app Qubes running and don't have a problem, although I only use web browsers in a couple at a time, truth be told, which are my typical RAM use offenders.
Qubes, like most *nixes, will allocate all available RAM when it's free, so maybe that is where you are seeing the problem? When you run additional Qubes, the OS should balance and re-distribute RAM so it isn't typically an issue. I find that it works quite well for my uses.