If Security Is On Your Mind, Then Qubes Is Your OS In Need

Xen Project Software

Qubes is an open-source operating system that is security-oriented. It basically provides security through isolation. It uses Xen hypervisor (a microkernel design that allows multiple operating systems to function/execute on the same computer concurrently) for the purpose of providing security isolation between different domains. The Xen hypervisor schedules the CPU, and does the memory and power management. The operating system was selected as a finalist in the 2014 Access Innovation Prize for the Endpoint Security Solution category.

Importance of security

Malware and viruses can cause serious damage to your computer, both software and hardware. They can affect your whole operating system, in which case you will have to re-install the operating system. This means spending money. You will have to pay the technician for re-installing the OS. You might also lose many important files. A malware can also work in the background, and steal important information, like your credit/debit card information, while you make online transactions.

Firewalls and antivirus programs are effective to an extent, but they can also fail occasionally. For example, a malware creator can check if an antivirus program recognizes a particular malware.  If it’s recognized, then they can rewrite the codes until the antivirus programs no longer recognize it. By the time an antivirus discovers the new threat, it might already have been too late for a lot of users. Also, the antivirus programs usually make your system slow. You also have to update the antivirus programs constantly.

Directly booting your computer from a CD or a USB stick while performing sensitive activities can make your personal computer secure to a certain extent, but the fact is, you are still running the same software stored / installed on your computer. That means, if your session is compromised, then all the activities and data performed during the session are also compromised.

Qubes approach to provide security

As stated earlier, the Qubes implements enhanced security by its Security-by-Isolation method. In a normal operating system, there are millions of lines of codes, and billions of hardware and software interactions. A bug in any of these interactions will allow a malicious program to infect, and take control over a machine. To counter this, Qubes isolates various environments. By doing this, if a virus infects a machine, it will affect only one environment. The other environments will be safe.

Qubes compartmentalizes the various sections of digital environments into securely isolated VMs (Virtual Machines). A virtual machine is a simulated system with its own operating system. It runs as a program/software on your computer. A virtual machine is basically a computer within a computer. The advantage of this is that you can keep your data in different VMs. This means, in the event of a virus affecting a system, it will be able to do harm only to the files stored in one VM. All the other VMs will be secure. For example, you can keep a VM specifically for opening files or emails that you suspect has malicious contents.

Now, not every VM software are equally effective when it comes to security. For example, Type 2 VMs or Hosted VMs like VMware Workstation or VirtualBox. They are popular because they can be run under Windows operating systems. However, these VMs will be compromised if their host operating system (like Windows) is compromised.

Qubes uses Type 1 or Bare Metal VM called Xen. Xen runs on the hardware instead of running inside an operating system. This means, Xen will not be compromised in case the operating system gets affected. In all reality, compromising Xen is not impossible, but it is extremely difficult.

Qubes makes it in such a way that two or more VMs running under a Bare Metal or Type 1 hypervisor can be used as an integrated operating system, securely. For example, the operating system puts all the application windows on the desktop with unique colored borders showing the trust level of their respective Virtual Machines.

It helps to securely perform copy/paste operations, and file transfers, between different VMs. It also helps for secure networking between Internet and VMs.

How is Qubes security different from using separate physical machines?

Using separate physical computers with conventional operating systems to store your data can certainly be more secure. For example, storing your important files in one computer and using a different computer to go online. However, even that approach has its own risks.

  • Physical separation can be expensive and cumbersome, because you have to buy and setup separate computers for each security levels needed.
  • There is no secure way to transfer files between computers running conventional operating systems.
  •  Individual systems are still vulnerable to attacks. Opening a harmless looking file can still put the system at risk.
  • Malware that can bridge air-gaps are real, and they are becoming very common.

You can rent a computer that runs Qubes, try it out and then decide to buy it.

Tuesday, February 2, 2016