
Qubes – Secure Desktop OS Using Security by Compartmentalization - tete
https://wiki.qubes-os.org/
======
prohor
There is a similar concept coming to Windows:
[http://www.bromium.com/innovations/micro-
virtualization.html](http://www.bromium.com/innovations/micro-
virtualization.html)

~~~
j_s
Microsoft App-V has been around for 5+ years though it sounds like it would be
a Docker to Bromium's Xen.

Sandboxie was one of the original Windows application virtualization options
10 years ago.

I was hoping something would become the 'Docker for Windows' but these
programs are being snapped up by software security companies.

~~~
ktown
Might want to check out spoon.net - they are working on containers for
Windows. Been doing app virt for a long time. I use them for side by side
browser testing : )

------
bespoke_engnr
I think I've seen this before, in a post somewhere by one of their developers.
I think it was about how insecure X11 is, because any X11 app can listen for
all keystrokes made by the user. AFAIK people jumped on that post as "it's a
known property of X11, stop making drama about it."

------
justincormack
This article [1] is a good overview.

[1]
[http://www.invisiblethingslab.com/resources/2014/Software_co...](http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)

------
phaer
> The Qubes Windows Tools are proprietary but we distribute the binaries for
> free with current Qubes OS releases.

Out of curiosity: What's the reason for them being proprietary while the rest
of the system seems to be free software?

~~~
j_s
Step 3: profit!

------
nnnnni
So... my question is: How does this work with things like games or other
hardware-acceleration-intensive programs?

If there's no performance loss, great.

~~~
smurfcity
3D graphics are not supported. It is listed in the FAQ, found at
[https://wiki.qubes-os.org/wiki/UserFaq](https://wiki.qubes-
os.org/wiki/UserFaq)

------
niutech
Isn't it the same as Sandboxie?
[http://www.sandboxie.com/](http://www.sandboxie.com/)

~~~
anth1y
Qubes is an Xen-based Operating System while Sandboxie is an application for
Windows.

~~~
niutech
But both provide secure application isolation, don't they?

~~~
ayrx
Linux and Windows both allow you to run Firefox so they must be the same thing
right?

------
mrottenkolber
While I am all for virtualizing, it doesn't help security. It just moves the
exploit from your OS into your hypervisor. Even worse, you add a whole new
level of exploitable code.

~~~
spindritf
Of course it improves security. On Qubes, someone who can exploit your browser
(pdf reader, word processor) doesn't automatically get free rein on your
machine. They still need to escape Xen.

~~~
mrottenkolber
Nope. If somebody exploits your PDF reader, they still have to circumvent the
OS. Sound familiar?

Now instead of one layer with hardware contact, you have two (assuming you
want performance too). Twice the attack surface.

~~~
amalcon
This would be sound logic if existing desktop operating systems had actual
good security models.

In the real world, if someone exploits your PDF reader, they don't have to
circumvent your OS: your OS hands over everything you can access, by design.
One could argue that a better security model baked into the OS would make more
sense than a virtualization hack, but the latter has the advantage of actually
existing.

~~~
Touche
What would be the better security model?

~~~
SamReidHughes
Somebody exploiting your PDF reader can't upload all your email.

~~~
Touche
That's not a model. What's the model that prevents this? User performs a
2-step auth every time code executes?

~~~
SamReidHughes
Just pick one that gives the feature I described without being a pain to the
user.

~~~
Touche
I know of no such models. Perhaps someone smarter than me has thought of them,
that's why I asked the question initially.

~~~
pjmlp
Sandboxing, where each process is only allowed to use a precise set of system
resources.

Any attempt to use anything else leads to termination.

~~~
Touche
Which resources are they allowed to use? What defines which resources they are
given?

~~~
pjmlp
> Which resources are they allowed to use?

The system administrator at installation time.

> What defines which resources they are given?

Applications just have a request list of what they require.

If the administrator doesn't allow them for the given application modules
(executable, dynamic library, function call,...), bad luck.

