I'm curious as to why we aren't all running Qubes OS or something like it. Privilege escalation attacks are waaay too easy to carry out now. Even without the baddies getting root they can still view everything in your home directory. With Qubes you can spin up as many VMs as you have RAM for. The easy-to-use installer also ensures that even a complete noob can have proper full-disk crypto.
All VMs are Xen domains, each behind a FirewallVM. The dom0 does not connect to any USB or networking by default. Out of the box you are given network vm and a usb vm. The network vm acts as a gateway to the firewall vm.
It even comes with whonix vm that acts as a tor gateway for a client vm already configured to only send through tor. If tor is down, absolutely no traffic leaks.
Each AppVM can be based on a TemplateVM, meaning that only their home directory takes up space. When you update the software on the templates, all child vms will get the updates after a restart. All clipboards are segregated by VM unless you say to pass it on.
My favorite feature is the disposable VMs. You can spin up a vm in seconds that connects to your tor gateway and has Tor browser ready to go that gets deleted as soon as you shut it down.
I was also thinking of one day making something similar to Qubes OS, but I am pretty happy with Qubes now. I'll probably just maintain Gentoo and Arch templates for Qubes.
I'm not familiar with Qubes. How susceptible is it to people doing the equivalent of running shit as root willy-nilly thus negating the security they were meant to have in the first place?
William Collins
It's insane that this is needed in the first place. Anyway, with your your browser in a jail, accessed via a sandboxed x-server (no leaking via X) you are already doing well for 90% of everyday use I think.
Carter White
i've got nothing to hide qubes is only for pedos anyways
Alexander Kelly
The average user is not running Qubes because it's not Windows, and even if you managed to get them to switch their terrible opsec would make it all pointless: they would just whine when the Os tries to warn them against doing something retarded, and then whine when their retardation fucked over their system.
For an advanced user, Qubes is overkill in some areas and not good enough in others, and at the end of the day the biggest issue remains deciding what software to trust.
Very susceptible, because the easy way would be running everything in the same VM and that defeats the point. The only way you can stop idiot users is with an idiot Os that gives you no root and no freedom, such as iOs, but that's worse than the original problem.
Carson Davis
I've been meaning to try it out for quite some time now actually. I just would like to know if GPU passthrough works properly on it.
Bentley Williams
3.2 works just fine for me but I don't have the hardware that supports 4.0 yet. It's a pretty decent system all around even if it eats all of your ram.
Jason Clark
Qubes doesn't like GPU acceleration, so for now I don't have any real use for it.
