←back to thread

QubesOS – A reasonably secure operating system

(www.qubes-os.org)
176 points TheFreim | 4 comments | 11 Jul 23 18:11 UTC | HN request time: 0.693s | source
1. aborsy ◴[11 Jul 23 19:01 UTC] No.36685729[source]
Is QubesOS used in the security companies or community?

I know it’s used in Mullvad, and recommended by Snowden (but he isn’t a security specialist).

I have been playing with it, and it might work as a daily driver.

replies(2): >>36685859 #>>36686562 #
2. Izmaki ◴[11 Jul 23 19:10 UTC] No.36685859[source]
It's not often that the benefits QubesOS brings are what security companies (or the community) needs. If you do malware analysis, Windows VMs in isolation on a throw-away laptop is better. If you do penetration testing, Windows or regular Linux will be better, too. If you do extremely sensitive communication you're in a very niche group of people and chances are you're using a provided equipment by your superior (e.g., modified laptops).
replies(1): >>36688163 #
3. fsflover ◴[11 Jul 23 20:07 UTC] No.36686562[source]
https://forum.qubes-os.org/t/deployments-of-qubes-by-entitie...
4. anonym29 ◴[11 Jul 23 22:34 UTC] No.36688163[source]
>If you do malware analysis, Windows VMs in isolation on a throw-away laptop is better. >If you do penetration testing, Windows or regular Linux will be better, too.

I am going to firmly disagree with these two points.

I've been a red teamer at one of the three big cloud providers for over a decade, and a passionate hobbyist with both malware RE and offsec (CTFs, bug bounties, etc). I've reversed easily 2000+ different samples of malware, have more CVEs than I can count (several dozen), and can make my way through a corporate network quicker than almost any known APT group.

I use Windows qubes, both as sandboxes and for certain utilities that only run on Windows, and I do pentesting from Linux-based qubes.

There is precisely one restriction I face with Qubes in my entire line of work: even with two GPU's installed for isolation purposes, Nvidia GPU's (even with FLReset+) do not like being passed through by Xen. Older AMD cards like my RX 580 work fine.

That said, there are only two things I'd have any use out of a GPU for - hash cracking (obvious) and LLM workloads (code generation, to speed up PoC prototyping, tool development, etc).

Fortunately, I have access to a six figure rig dedicated to hash cracking at work, as well as effectively unlimited usage of a non-local code generation LLM.

There is no circumstance in which running Windows on bare metal is ideal or optimal in any way whatsoever for just about any kind of security work.

Linux is better in some ways, but even then, segregating workflows in ring3/userland is a must, and Qubes makes this painless, quick, and easy compared to spinning up a bunch of VMs in your distro of choice.

The USP of Qubes isn't that it does anything magic to make a level of security possible that isn't on other platforms, it's how it makes attaining and maintaining that level of security so effortless and seamless compared to other solutions.

The only alternative I've played with that comes close (imo) is Subgraph OS, but it's really not an exaggeration to say that project is absolutely still in alpha status of development, and I would not yet rely on that for sensitive workloads.

One aspect of what you said that I do agree with and wholeheartedly support is hardware isolation. Even with Qubes, hardware isolation is a fine solution to Xen HV exploits, for the tiny handful that have affected Qubes' Xen implementation.