By Tyler W.
September 02, 2020
Distro Hopping (no more)
This is the third article I have written about Qubes (but first for Cyberwise), largely my fascination with it. It was this ‘distro’ that ignited my journey on the security and privacy rabbit hole, and now Qubes is safely entrenched as my operating system of choice. It is not for the fainthearted, but is achievable and one you should consider if you value security and privacy.
What is it?
Without delving too much into the weeds, Qubes allows for various virtual machines to be set up, that operate in isolation, but can communicate with each other where required, using the [Dom-0] as a sort of bridge. While this can seem like a significant inconvenience (which it honestly is not, as the OS is built with cross VM communication in mind) it offers a more than adequate trade off in security. Quite frankly, you will struggle to fine a more secure OS, and this is even Edward Snowden’s OS of choice.
So how does it work, and what is so great about it?
Let’s say that you inadvertently download some malware / virus. In Qubes it is isolated to the at virtual machine, which upon infection, you simply destroy and re-spawn, losing only your files saved to that device. A way to avoid that is to save all files to a virtual machine within Qubes that has no network access. Furthermore, if you receive an email with what you suspect has a malicious file attached, but are not certain, you can open that attachment in to a disposable virtual machine, thereby completely mitigating the risk. Upon closing of the disposable virtual machine it is destroyed, completely, thereby removing any trace of the virtual machine or the files, malicious or not. If the file is ok, then you simply save it to a permanent virtual machine, and read / work on it as desired.
Pretty simpe. Red equals danger, yellow is be aware, green is go!
A further benefit of Qubes is that it has a dedicated air-gapped USB virtual machine (and isolated network virtual machines). Using the above principles, if you inserted an infected USB into your Qubes machine, it could not propagate to infect other virtual machines on the Qubes host operating system, it is entirely isolated. Much the same, if your USB virtual machine became corrupted you would destroy it and spin up another using one of the templates that form the base of the operating system.
Qubes is insanely secure and incredibly customisable. I have virtual machines for every aspect of my online life, so that they are all entirely protected. Once you become familiar with Qubes it really is the ‘only way’. I say this as self-confessed distro hopper. I have tried nearly every variant of Linux out there (although Qubes is not technically a Linux distribution) and ultimately none offer the level of security and privacy that Qubes does.
I have looked at using ParrotSec as my daily driver, but would need containers “veracrypted” away from the main OS to maximise protection, and if anything malicious happened on a pentest my files would be exposed. Not a good outcome. I also looked at a bare-bones Arch install, and only installing the programs I need as I go. This reduces the footprint, and services running in the background, improving security. This is probably what I would recommend to those who are intimidated by Qubes, but to be fair, Arch is quite intimidating itself, and you still have the same issues as any other machine if you became infected. Qubes allows for mistakes, and provides you an in-built eraser (the ability to destroy the VM), of which I know of no other operating system that allows that.
I hear you questioning, why don’t I just use virtual machines from VirtualBox or VMWare to achieve the same outcome as Qubes? Well, there are known exploits where a malicious file, code or actor has been known to escape the sandbox and control the host. Once this happens you are completely pwned, and to the best of my knowledge this cannot happen in Qubes.
An example, my example:
My machine has 32gb of ram, and generally about 4 to 5 of the VM’s running at one. My set up looks a little like this (it is fluid and this is not all of my VMs):
- personal – this is used for personal emails, and browsing, regular ‘safe’ things.
- windows – lets face it, somethings still require Microsoft so I have a HVM dedicated to Windows so I can access the proprietary software as required.
- lab – this is my pentesting machine spun up off a Kali template VM that I created.
- finance – this is used strictly for paying bills and monitoring the share market. No files can be saved to this VM, and no other tools are installed.
- content – this is an entirely offline VM, that I use to write and edit documents. There is nothing of value stored on this VM, and again, has no internet access.
- anon-whonix – a preinstalled VM, that is essentially a TOR gateway. Great for anonymity.
- work – Emails, files and browsing for any work related matters. Entirely isolated and protected from the other VMs
- untrusted – another preinstalled VM that I use for just cruising the net on sites I have not been to before and such.
- downloads – used to download files. Once scanned and accepted as clean, these are transferred the VM needed
- sys-vpn – this is a Qube I set up with my VPN details that is marked a a Qube to provide network. I simply attach this my VM of choice when I desire the extra layer of security of a VPN.
Obviously the preinstalled VM’s of , sys-usb, sys-net and sys-firewall and are used.
Every one of my VM’s can operate independently, as is the nature of the OS, and do not place a massive drag on my resources. When all of them are running it can get sluggish, as the Windows VM has between 4gb and 8gb of ram, as does the lab VM. However, I never have all of them running at once, I am just not that good at multi-tasking so really my computer is normally at half load, at max, but say a quarter being 8gb of ram (and this is the minimum I would recommend even though it can run on 4gb).
If you value your security and privacy, then please do consider this open source project, and if you have any questions about how to set up Qubes, or if it is right for you, then do reach out. Long story short, if you, or anyone you know values privacy / anonymity, and security whilst online then Qubes is something that should definitely be placed on their radar.