Most active commenters

    ←back to thread

    Qubes OS: A reasonably secure operating system

    (www.qubes-os.org)
    441 points ploggingdev | 12 comments | 19 Nov 17 16:06 UTC | HN request time: 1.414s | source | bottom
    1. AaronFriel ◴[19 Nov 17 18:55 UTC] No.15735264[source]
    I'm very excited that Microsoft is moving in the same direction. The feature Windows Defender Application Guard (WDAG) runs Windows applications, right now only the Edge browser, in a virtualization isolated container[1]. Under the hood it's using what Microsoft calls "Hyper-V Containers", which are lightweight virtual machines that share some host resources such as a read-only filesystem. The closest open source analogues to that are Intel(R) Clear Containers[2] and Qubes.

    The closest you can get to Qubes on Windows would be to follow Microsoft's Privileged Access Workstation (PAW) guide, but it requires a lot of additional infrastructure[3]. That infrastructure allows you to do remote attestation of the virtual machines, but makes it costly to deploy in a SMB or homelab environment.

    I don't expect it'll be very long before PAW and WDAG are usable at the same time, with colored window borders indicating the origin virtual machine. I hope this is on Microsoft's roadmap.

    Video on privileged access workstation use, starting at a demo: https://youtu.be/3v8yQz2GWZw?t=41m48s

    Video on privileged access workstation setup: https://www.youtube.com/watch?v=aPhfRTLXk_k

    [1] https://docs.microsoft.com/en-us/windows/threat-protection/w...

    [2] https://clearlinux.org/features/intel®-clear-containers

    [3] https://docs.microsoft.com/en-us/windows-server/identity/sec...

    replies(5): >>15735496 #>>15735635 #>>15736061 #>>15736174 #>>15736189 #
    2. walterbell ◴[19 Nov 17 19:35 UTC] No.15735496[source]
    HP has virt isolation for Chromium & IE, via Xen derivative from Bromium: http://www8.hp.com/us/en/hp-news/press-release.html?id=24054...
    3. kijiki ◴[19 Nov 17 20:04 UTC] No.15735635[source]
    https://cappsule.github.io/

    It's unmaintained now, but it is basically the same idea as WDAG. Essentially similar to firejail but the container gets its own lightweight kernel and runs in a stripped down VM, so the attack surface is KVM, not all parts of the kernel that aren't firewalled off by SECCOMP.

    4. bearbearbear ◴[19 Nov 17 21:33 UTC] No.15736061[source]
    > right now only the Edge browser

    Did you know if you force remove Edge from Windows 10 it will forever after ignore the "always use this" checkbox and prompt you to choose your default browser every time the browser is called from a link in an application?

    5. mtgx ◴[19 Nov 17 21:56 UTC] No.15736174[source]
    I'm only half-excited about this because I worry Microsoft has no intention to do either one of these:

    1) Support anything other than Edge/its own apps

    2) Allow the feature to be accessed by users of all Windows editions

    I understand for now it's still experimental and whatnot, but I'm not getting my hopes up.

    replies(1): >>15736645 #
    6. michael-go ◴[19 Nov 17 22:00 UTC] No.15736189[source]
    I think that "The closest you can get to Qubes on Windows" is what https://www.hysolate.com/ are building
    replies(1): >>15736242 #
    7. gruez ◴[19 Nov 17 22:13 UTC] No.15736242[source]
    >Virtual Air Gap

    lol. the whole point of an airgap is that you can very easily -at a glace- verify that the system is secure because there's no inputs/outputs to/from it (air gapped). trying to implement it using a hypervisor turns it into a buzzword.

    replies(2): >>15736333 #>>15737108 #
    8. Pharaoh2 ◴[19 Nov 17 22:33 UTC] No.15736333{3}[source]
    Facts are lost in the world of marketing, all that matters is ctr and conversion. I wonder if we can do something about this?
    replies(1): >>15737590 #
    9. Santosh83 ◴[20 Nov 17 01:30 UTC] No.15737108{3}[source]
    It might no longer be as simple as at a glance in a world with ubiquitous wireless. You'd have to take special care to disable or disconnect all wireless chips in your system. And that might be hard for laptops and impossible in lower form factors.
    replies(1): >>15737195 #
    10. alasdair_ ◴[20 Nov 17 01:49 UTC] No.15737195{4}[source]
    Even without radios, there are lots of different ways to get data in and out of an airgapped system. Examples include everything from sound (especially ultrasonic beacons etc. as these are used for cellphone marketing today) to more esoteric stuff like flashing the LEDs in a specific pattern or even changing the cpu temperature to specific levels.
    replies(1): >>15737308 #
    11. fulldecent ◴[20 Nov 17 02:17 UTC] No.15737308{5}[source]
    Or how about the AM radio transmitter that is built into all x86 hardware - https://github.com/fulldecent/system-bus-radio
    12. micaksica ◴[20 Nov 17 03:40 UTC] No.15737590{4}[source]
    Make people care more about reason and logic than emotion when making product purchasing decisions? I don't think we'll get very far with that goal.