Login
Signup
Write a post
Switch light

QubesOS 3.2 - A reasonably secure operating system [Paranoid? Read this!]

74
9 years ago
in#qubesos

I've been using QubesOS full time on my daily-driver machine for about 4 months now.

I took the plunge and wiped my system after I spotted a tweet from Snowden vouching for the project back in May - and I couldn't be happier with my decision.

This won't be for everyone, if you've never used Linux before I would recommend starting with something like Ubuntu - but if you're a linux guru you should really investigate this for your own peace of mind.

What is QubesOS ?

QubesOS is an advanced, security focused operating system that revolves around the idea of compartmentalization and it allows you to build your own hybrid system where your apps all live in their own virtual machines.

These machines can run whatever linux distribution you want, even windows systems and applications can be integrated depending on your needs.

All of this comes with a pretty steep learning curve for a new user, but gives you the ultimate in control and customisation - giving you complete control of your own system.

Below is the official video tour from the previous version 3.1 - continue the tour here.

The tour is long and not the most interesting, so heres a few of the more interesting features that set QubesOS apart from any other linux distribution I've tried:

  • Almost every aspect of your system is cleanly isolated as much as possible for maximum security
  • You feel near invincible against malware/trojans and 0days - in fact this system is ideal for reverse-engineering and studying malware since you have complete top level control of all processes and device access.
  • Want to test something with no fear of permanent changes or damage ? Spin up a disposable machine customised according to your template!
  • Integrate VPN's , Tor and advanced firewalls for multiple layers of protection against your true IP or unique identifiers being leaked.
  • ANTI Evil maid protection - keep your encrypted drives safe from cold-boot and other physical access attacks.
  • Supports multi-factor-authentication and yubi-keys.
  • Split-GPG allowing secure gpg encrypt/decrypt/signing without ever exposing your keys directly.
  • Split-Bitcoin with online and offline wallets for maximum security.

    This is far from a complete list of what can be done with this beast - for more information please see the official QubesOS documentation

    QubesOS 3.2 update changes

    You can find the changelog since version 3.1 here , but the most important changes in my view are:

    • Finer control over USB passthrough devices - Make your usb bitcoin wallet only visible to your bitcoin virtual machine.
    • Swapped the default window manager from KDE to XFCE - XFCE is much faster, lighter on memory and simpler to audit imo. I already made this change personally so I'm happy to see its the new default :)

    Alright, how do I give it a go ?


    First you need to make sure you meet the minimum hardware requirements - Qubes is a little different to most and has specific requirements for the virtualisation to work.

    You can find a "live" usb version of Qubes to test-drive here , or access the full download mirror list here.

    Direct links for QubesOS 3.2 64bit with verification hash :

    Once you've downloaded the .iso file , you can find a full installation guide on the official site here.

    I'm happy to help where I can if you have trouble installing, just contact me on steemit.chat :)

    My current QubesOS setup



    My Desktop - Coding, Steeming and Tweeting on completely independent machines in the same interface.

    Since I'm paranoid about security, that screenshot is as much as I wanna share at this point (sorry!) - but here are a few tweaks I've done to help my steem experience specifically.

    • All of my development work lives in its own machine, a Debian VM packed with all my usual tools. Site files are backed up independently, and I can rollback easily if I ever really fuck something up :)
    • My social media, email and steem related browsing all happens in specific virtual machines setup to look completely unique and give different (randomized) client signatures.
    • I have a separate VM again for a piston and steemd installation where I can script and experiment with code and know that I can easily rollback to a clean state.
    • All of my passwords are encrypted with GPG using password-store and kept inside my vault VM that has no internet access. I can retrieve passwords from storage and pass them securely between machines one-way using copy-paste between machines. It's a little extra work, but it's secure - and the whole password store is git-synced to multiple offsite locations since its encrypted anyway!

    I'll be upgrading to the next QubesOS version sometime over the next few days (when I have spare time, just in case something goes wrong) and when I do I'll try to make a more detailed guide of the installation process.

    If anyone has any questions about QubesOS, feel free to ask - I'm far from an expert but I'll answer wherever I can !


    Written by @ausbitbank - If you found it interesting please see these
    @steemleak ~ steemviz ~ steemcap ~ steemUSD/sbdUSD indicator

qubesoslinuxsecuritysnowdeninfosec
9 years ago
ausbitbank74
$ 13.59
96
H2
H3
H4
Upload from PC
Video gallery
3 columns
2 columns
1 column
15 Comments