Qubes OS: An Operating System Designed For Security

Status
Not open for further replies.
i wont use it, because i dont really understand half of what is written in the article, they lost me at Bare Metal Hypervisor, but what the hell is with the seemingly random picture of the woman with the scarfe around her neck?
 

LORD_ORION

Distinguished
Sep 12, 2007
814
0
18,980
[citation][nom]iam2thecrowe[/nom]i wont use it, because i dont really understand half of what is written in the article, they lost me at Bare Metal Hypervisor, but what the hell is with the seemingly random picture of the woman with the scarfe around her neck?[/citation]

The "bare metal hypervisor" is Xen. In a nutshell, it runs directly on the hardware of the server machine, and that is all it does (you install Xen, and it consumes the whole drive) You then install your operating systems virtually ontop of Xen. To access your operating system, you login to it from another machine using special Xen client software.

As Xen is what runs the amazon elastic cloud, there is need for high security OSes like Qubes for enterprise business applications.
 

FloKid

Distinguished
Aug 2, 2006
416
0
18,780
Life always finds a way. I just wonder if you put a function for a USB and a function for an ethernet port in the same code, won't that start two kernels even if they are isolated and basically give you access to both in the same code? I might not be getting something, but I could see the same program having a hard time accessing all of the other kernels, since they are not in the same process. Could be good I guess, but I can see sorta a way around that if you have other malicious software already running hidden.
 

3-R4Z0R

Distinguished
Dec 29, 2007
7
0
18,510
So this is essentially the same thing as Minix, only that it's been reinventing Minix again (just like about 20 other projects during the last 15 years that have never come as far as EU funded Minix which is even partially POSIX compatible)?
 

nevertell

Distinguished
Oct 18, 2009
335
0
18,780
So what they are doing is sandboxing stuff into partitions using Xen ? WHY?
I am more interested how are they making the transition between the domains, because if they're using IOMMU to have a discrete videocard available to the domains, how are they sharing it between the domains ?

Tom's, you could make an article about virtualizing Windows 7 on top of xen with a normal Ubuntu install in dom0 and have a discreet videocard for windows 7 and use the integrated one for ubuntu/linux, like a sandy bridge igpu and some nvidia/radeon. If you prove that the transition between the domains is fast and easy, this would be AWESOME for regular linux users, as I hate to reboot to play some games. But that way, I could just switch between the domains, at any given time. I mean, RAM is cheap.

 

amigafan

Distinguished
Mar 19, 2011
212
0
18,760
Lol there would be more comments on this particular article but veterans know they'd quickly get decimated with thumbs downs ;)

I won't even bother with mentioning "kitchen" in any context :D
 

DSpider

Distinguished
Jan 10, 2009
531
0
18,980
You know, most viruses come from the internet. You could simply install VirtualBox and download Slitaz (a very small Linux LiveCD distribution - around 30 MB), and use that for your basic browser needs, completely separate from your main OS.

As long as you don't set up shared folders and only share the clipboard, you should be ok.
 

phate

Distinguished
Oct 23, 2009
149
0
18,680
OpenBSD, SELinux, ... this sounds like a vaporware puff piece.

The NSA has been using(and actually wrote much of) SELinux for years, and it seems to be working out for them.
 

LORD_ORION

Distinguished
Sep 12, 2007
814
0
18,980
[citation][nom]phate[/nom]OpenBSD, SELinux, ... this sounds like a vaporware puff piece.The NSA has been using(and actually wrote much of) SELinux for years, and it seems to be working out for them.[/citation]

Except that if you follow the link you can download the beta?
 
G

Guest

Guest
She doesn't say much about microkernels. I would like to know what she thinks about this blog post about OKL4 : http://www.ok-labs.com/blog/entry/microkernels-vs-hypervisors/

By the way, the same people have created a version of L4 that, as I understand it, is formally verified to function exactly as specified, http://www.nicta.com.au/media/previous_releases3/2009_media_releases/world-first_research_breakthrough_promises_safety-critical_software_of_unprecedented_reliability . This should surely help to improve stability and security.
 

JackBlack07

Distinguished
Sep 30, 2007
21
0
18,510
All there doing here is taking the same technology Sun Microsystems used to create Zones and repackaged it with Xen overhead. Look up Solaris 10 Trusted Extenstions .. same stuff..
 

calinkula

Distinguished
Jul 26, 2008
439
0
18,810
This is the same woman who said she had a 100% undetectable virus a few years back. She was challenged at the Black Hat conference that year and wouldn't present it without a large upfront payment.

Do people still take her seriously?
 

dalethepcman

Distinguished
Jul 1, 2010
1,636
0
19,860
[citation][nom]calinkula[/nom]This is the same woman who said she had a 100% undetectable virus a few years back. She was challenged at the Black Hat conference that year and wouldn't present it without a large upfront payment.Do people still take her seriously?[/citation]

I know of a 100% undetectable virus, its called origin. You can download it from EA.
 

dalethepcman

Distinguished
Jul 1, 2010
1,636
0
19,860
[citation][nom]calinkula[/nom]This is the same woman who said she had a 100% undetectable virus a few years back. She was challenged at the Black Hat conference that year and wouldn't present it without a large upfront payment.Do people still take her seriously?[/citation]

I know of a 100% undetectable virus. Its called Origin, you can download it from EA's website.
 

JackBlack07

Distinguished
Sep 30, 2007
21
0
18,510
The typical application for this Os would be secure environments like banking or government. It would be interesting to know if they will submit it for FIPS-140 approval.
 
Status
Not open for further replies.