Qubes 4.0.2
Although it’s only a point release, Mayank Sharma is curious to tinker with the distro that comes recommended by Edward Snowden himself.
Although it’s only a point release, Mayank Sharma is curious to tinker with the distro that comes recommended by Edward Snowden himself.
Don’t let the relatively small version fool you; the Qubes project has been putting out releases for almost a decade. In that period, Qubes has established itself as arguably the most popular securitycentric distribution, thanks mainly to its unique approach of isolating the essential elements that constitute an operating system inside different virtual machines.
Essentially, Qubes divides an installation into a series of virtual domains called qubes. An individual instance of an app is restricted within its own qube. So you run Firefox in one to visit untrusted websites and another instance of the browser in a different qube to transact online. A malware-ridden website in the untrusted qube will not affect the banking session.
Despite its radically different approach, Qubes isn’t all that different from your typical distro. Sure, it does have a learning curve, but this isn’t abrupt enough to prevent you from using the distro post-installation. Qubes is based on Fedora and uses the Xfce desktop environment, but you’ll need to familiarise yourself with its peculiarities. For instance, instead of a list of apps, the application menu lists several qubes, such as Work, Personal, Untrusted, each of which rolls the individual apps inside them.
The distro only ships with a handful of the most essential desktop apps, and you can fetch additional ones with the package manager like a regular distro. But here again, you’ll need to make sure you flesh out the installation from within the Domu unprivileged domain, or you’ll end up negating Qubes’ security advantages.
Another major diversion from typical distros is that Qubes isn’t designed as a multi-user system. The user that logs into Dom0 controls the whole system. Also, don’t expect to play Steam games inside an APPVM of its own just yet, as Qubes doesn’t virtualise Opengl. Its developers argue that this would introduce a great deal of complexity to the GUI virtualisation infrastructure.
Streamlined execution
The current version, v4.0.2 is a point release that applies the latest updates to the major 4.0 release. A majority of the changes in v4.0 are behind the scenes. Many of these manifested themselves in terms of changes to how users interact with the installation.
Perhaps the biggest change in this release is that the project has ditched paravirtualisation (PV) and switched over to full virtualisation. The developers admit that PV might not be the right technology for security-critical applications. For instance, PV VMS don’t protect against the Meltdown attack. Also, the edge PV offered over fullvirtualisation back when Qubes was on the drawing board has been lost thanks to the second-generation virtualisation technologies like Intel EPT and AMD RVI.
Another talking point of the release has been the more coherent user experience. One of the most important steps in this direction is the breakup of the Qubes
Manager app, whose duties have now been delegated to apps in other logical places. Some of them have been assigned to the new Qube Manager widget in the system tray that can be used for monitoring and managing Appvms.
All the VMS in the Qubes main menu now list a Qube Settings entry. This leads to a multi-tabbed settings panel from where you can control various aspects of that VM. Settings that affect the operation of Qubes OS as a whole have been moved to a separate app named Qubes Global Settings; there’s also a separate app for creating new custom Appvms.
All said and done, while it might sound like a handful Qubes isn’t cumbersome to operate. Thanks to the new logically positioned management apps, it wouldn’t take much time and effort to get used to the nuances of the distro and to mould it to your requirements.