Snowden: "I’ll just namecheck Qubes here, just because it’s interesting. I’m really excited about Qubes because the idea of VM-separating machines, requiring expensive, costly sandbox escapes to get persistence on a machine, is a big step up in terms of burdening the attacker with greater resource and sophistication requirements for maintaining a compromise. I’d love to see them continue this project. I’d love to see them make it more accessible and much more secure. [You can read more about how to use Qubes here and here.]
Something that we haven’t seen that we need to see is a greater hardening of the overall kernels of every operating system through things like grsecurity [a set of patches to improve Linux security], but unfortunately there’s a big usability gap between the capabilities that are out there, that are possible, and what is attainable for the average user."
https://theintercept.com/2015/11/12/edward-snowden-explains-...