Qubes OS bakes in virty system-level security Invisible Things Lab (ITL), a group of security researchers based in Warsaw, Poland, has announced Qubes 1.0, the first production release of a new desktop operating system designed to provide unprecedented security through the pervasive use of virtualization. "Unfortunately, contrary to common belief, there are no general …
Huh. T'was an honest question, if somewhat provocative, and I get no replies but some kind of pavlovian downvote. Microsoft hates Linux, is currently waging (a losing) patent war against it, and Qubes OS is partly based on Linux. Just to really rattle the hornet's nest, they are working on Windows compatibility.
So.. when does the demand for a hundred bajillion dollars for violation of 235 patents appear on the doorstep of Invisible Things Lab?
Not quite, that was only oriented towards browsers, where this is more like an OS that is a collection of VM's, some of which may or may not include browsers.
Were I to want something like GreenBorder today, I'd go with BitBox.
I might configure up a Qubes OS on a micro-drive for use at internet cafe's, that could be interesting.
If you read more about the security architecture of Qubes I think you'll find that the similarities don't run past cosmetics. GreenBorder was for sandboxing - along the lines of Sandboxie, with the segmentation happening on top of the OS.
Qubes is a different beast all together - with the segmentation happening at the hypervisor level, enforced by hardware level controls, etc.
That's not to say that "[Qubes rulez and GreenBorder is teh suxorz]"... A lot of what Qubes protects against seems to be more theoretical than actual, and I have no reason to doubt the effectiveness of solutions like Sandboxie, but I have been following the Qubes project for quite a while now... even if just as a bit of academic fascination.
They are working on Windows support, and while it has been demonstrated (if you can call a screen shot that) it's not available on this release. Last I heard they were debating on making it available as a point (1.x), vs. major (2.0?) release. There seem to be some pretty significant challenges to doing this - both in working within the security architecture (appears to be satisfied now by changes to the hypervisor) and usability (no secure clipboard to pass info between the VMs, and desktop vs. per-Window display for the Windows VMs) which are still being worked on.
More information on Windows support here: http://theinvisiblethings.blogspot.com/2012/03/windows-support-coming-to-qubes.html
As to other OS support - like a different distro of Linux for the app VMs - I know I've seen that asked before but I can't seen to find anything on it right now on my Mobile.
Someone from Invisible Things is welcome to tell me I'm wrong, but their project doesn't appear to be made for Average Joe or Jane. That said, as a preconfigured, locked down box in a webcafe or library for example, it might well provide the sysadmins with relief from headaches created by distinctly average (or even nefarious above-average) users.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
