Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Communications Encryption Open Source Operating Systems Privacy Security Virtualization

Qubes OS 3.1 Has Been Released 43

Burz writes: Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS are Salt management, the Odyssey abstraction layer, and UEFI boot support. The 3.x series also lays the groundwork for distributed verifiable builds, Whonix VMs for Tor isolation, split-GPG key management, USB sandboxing, and a host of others. Qubes has recently gained a following among privacy advocates, notable among them journalist J.M. Porup, Micah Lee at The Intercept and Edward Snowden. Embodying a shift away from complex kernel-based security and towards bare metal hypervisors and IOMMUs for strict isolation of hardware components, Qubes seals off the usual channels for 'VM breakout' and DMA attacks. It isolates NICs and USB hardware within unprivileged VMs which are themselves are a re-working of the usual concept, each booting from read-only OS 'templates' which can be shared. Graphics are also virtualized behind a simple, hardened interface. Some of the more interesting attacks mitigated by Qubes are Evil Maid, BadBIOS, BadUSB and Mousejack.
This discussion has been archived. No new comments can be posted.

Qubes OS 3.1 Has Been Released

Comments Filter:
  • A word to the wise (Score:5, Insightful)

    by petes_PoV ( 912422 ) on Saturday March 12, 2016 @11:24AM (#51684389)
    When announcing a new "thing" or a new version, it's often helpful to tell people WHAT IT IS and WHAT IT IS FOR.
    • I agree with your sentiment. All too often, the summary says "Hey, there is a new version of XXXXXX that has just been released!", and that's it. Then, the reader has to do RESEARCH to find out what it is, and why they should care.

      However, in this case, the summary has all the info you need, as long as you read ALL of it. It does indeed say that it is an "secure concept, single-user desktop OS".
      • by jwymanm ( 627857 )
        What the hell is wrong with both of you? You clearly missed the summary that has all the info you need, as long as you read all of it. It clearly states that it is a secure concept single user desktop OS. Geez, what is wrong with this place. Yes, tongue in cheek.. :)
    • by Burz ( 138833 )

      From the OP, it is a secure desktop OS.

    • by Bobo ( 4493993 )
      It's an operating system designed with security in mind. What part of the summary was unclear? The "OS" phrase, reference to moving away from kernel based security, hypervisors, VM based isolation of hardware devices, and list of attacks it claims to mitigate seemed like a dead giveaway.

      "Invisible Things Labs has released Qubes OS 3.1. Some of the features recently introduced into this secure concept, single-user desktop OS"
    • by fisted ( 2295862 )

      Yeah, what coul

      this secure concept, single-user desktop OS

      possibly be?

      In your defense, it's only the 2nd sentence of TFS, can't noone expect you to have that high of an attention span, as it would certainly take you half an hour to read all the way till there.

    • by Natales ( 182136 )
      Really? has the IQ level in Slashdot gone downhill that much that you can't even do a Google search?

      If you frequent this site, you will notice this community is big on privacy, and QubesOS has been for quite some time among the best options out there, since they are the only ones addressing very hard problems, like hard isolation of driver-level components in the OS, such as the USB or the Network subsystems for example. This is particularly good to mitigate against 'evil maid' type attacks and such. The
      • you can't even do a Google search?

        If you weren't so quick to scoff and had actually gone to the announcement page for this "thing" you would realise that there is no mention at all about WHAT IT IS or WHAT IT IS FOR. It dives straight in jargon about the new features.

        It is plain to every professional that if you want people to engage - especially when writing publicity material (such as announcing a new release) that it will answer the readers' questions. The most basic question is WHAT IS THIS THING?

        However it's typical of FOSS that th

  • by Anonymous Coward

    I'm waiting for 3.11 - Qubes for Workgroups.

  • by Anonymous Coward

    Just a few ideas for the Qubes OS...

    Qubes OS needs to use the Mirage OS model for all its master (dom0) and utility VMs (network, VPN, firewall, usb controller/multiplexer, vault, storage, crypto, ...). If there was a way to use the Linux loadable module interfaced easily in the Mirage OS it would allow access a larger number of available/newly updated device drivers. Another possibility is to use minimal kernels like Atom or CoreOs and add the modules as required. Full OS VMs would still be allowed for t

    • by Burz ( 138833 )

      Someone is already trying to get Mirage working with Qubes. Check out the dev mailing list.

      Your UI ideas are interesting. Qubes' UI is already pretty special though. Its a great foundation for accurately portraying what's going on inside the system.

      Qubes 3.1 already has some of the 'USB allocation' capability you mention: This release can pass through a USB mouse from a USB VM to the rest of the system... this means that an infected mouse cannot masquerade as a keyboard and start entering malicious commands

  • Could this run on Raspberry Pi or does that lack some necessary hardware support?
    • by Burz ( 138833 )

      Qubes currently only runs on 64bit x86 CPUs, preferably with IOMMU support. ARM is not yet supported, however the Odyssey framework is designed to allow switching-out the hypervisor or hardware platforms, so it could be made to work.

      Also, a big reason why Qubes runs x86 is that it was envisioned as a way to run Windows and closed-source apps safely under the control of a FOSS hypervisor and virtualized hardware.

      • by Bobo ( 4493993 )

        Also, a big reason why Qubes runs x86 is that it was envisioned as a way to run Windows and closed-source apps safely under the control of a FOSS hypervisor and virtualized hardware.

        That's super cool. Are you associated with the project? Do you have any examples of use-cases in the wild, or anyone using it in production? I could imagine for example a journalism organization or a government body being interested in legacy support for closed-source/Windows applications being very interested in the added security here.

        • by Burz ( 138833 )

          I'm just a user, though I have a small list of enhancements I want to make. The project is not actively documenting use cases, although people do discuss them on the mailing list. There is enough corporate and institutional interest in Qubes to have made the integration of Salt necessary.

  • ..Can I run Enlightenment or XFCE (for example) or am I bound to KDE?
  • good

Never buy what you do not want because it is cheap; it will be dear to you. -- Thomas Jefferson

Working...