This article is more than 1 year old
We kick the tires on Qubes 4.1.0 and indeed, it's still a 'reasonably secure' OS
UEFI support adds attractions for the security-minded, GUI goes fully virtual
The Qubes compartmentalised operating system developers have put out version 4.1.0. The new version has experimental support for running the GUI and audio server in their own VMs, and an optional remote-support facility.
The Qubes VM-based operating system modestly calls itself "a reasonably secure operating system". Qubes uses the Xen hypervisor (sometimes under protest) to provide a single desktop environment – now Xfce 4.14 by default – in which separate applications run in their own VMs, with colour-coded window borders so you can tell which is which.
Qubes has been steadily enhanced since the project announced it was going commercial. Version 4 has seen a few patch releases, but 4.1.0 adds some key new functionality.
Qubes 4.1.0 can now be installed on UEFI computers, alongside some other new, but still experimental.
The GUI part of the OS can be run in its own dedicated VM, rather than inside dom0 with the primary management OS, and so can the audio server. There's also an optional remote-support package, not installed by default, that will allow someone else (with a codeword) to take limited remote control of your computer.
Qubes OS 4.1.0 is based around an instance of Fedora 32 running in the dom0
(control) VM of Xen 4.14, which can then start guest "qubes" containing Debian 11, Fedora 34 and the TOR-based Whonix 16. It uses Linux 5.10 as its basis.
You're not limited to the pre-supplied Qube templates: any other OS, including Windows, can be installed in a qube if you wish.
With a few tweaks, it's possible to install Qubes OS under VirtualBox, but as the FAQ says, "it is neither recommended nor supported".
- If you don't like apps touching, Qubes 4.0.1 is a good place to jump in
- Security industry needs to be less trusting to get more secure
- Qubes kicks Xen while it's down after finding 'fatal, reliably exploitable' bug
- Patch Qubes to prevent pwnage via Xen bug
We tried, but a hypervisor inside a hypervisor is not a high-performance proposition and we found the result was all but unusable. The team also advises against dual-booting with other OSes.
There are other OSes designed for the very paranoid, such as Tails, The Amnesic Incognito Live System, but Qubes goes even further, with concepts like disposable VMs, which you can launch just to look at suspicious content and which are then immediately deleted.
Qubes' approach may be a little clunky and require considerable technical nous, but for now, this is the state of the art. ®