1. BulletIsn’t Qubes just another Linux distribution after all?

  2. Well, if you really want to call it a distribution, then we’re more of a “Xen distribution”, rather then a Linux one. But Qubes is much more than just Xen packaging -- it has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc, and also its very unique GUI virtualization infrastructure.


  4. BulletWhat is the main concept behind Qubes?

  5. To build security on the “Security by Isolation” principle.


  7. BulletWhat about other approaches to security?

  8. The other two popular approaches are: “Security by Correctness”, and “Security by Obscurity”. We don’t believe any of those two can bring reasonable security today and in the foreseeable future.


  10. BulletBut what about safe languages and formally verified microkernels?

  11. In short: these are non-realistic solutions today. We discuss this more in-depth in our Architecture Specification document.


  13. BulletWhy Qubes uses virtualization?

  14. We believe that today this is the only practically viable approach to implement strong isolation, and, at the same time, provide compatibility with existing applications and drivers.


  16. BulletDoes Qubes run every app in a separate VM?

  17. No! This would not make much sense. Qubes uses VMs to create security domains, such as e.g. ‘work’, ‘personal’, ‘banking’, etc. Typical user would likely need around 5 domains. Very paranoid users, who are high-profile targets. might use around a dozen domains.


  19. BulletWhy Qubes uses Xen, and not e.g. KVM?

  20. In short: we believe the Xen architecture allows to create more secure systems, i.e. with much smaller TCB, which translates to smaller attack surface. We discuss this much more in-depth in our Architecture Specification document.


  22. BulletHow stable is the current Qubes release?

  23. Right now we’re at the beta stage, which means the system is quite mature, but still need some polish, mostly at the UI-level. The system seems stable besides that.


  25. BulletWhen do you anticipate the production quality version to be ready?

  26. Fall 2011.


  28. BulletDo you plan a commercial version of Qubes?

  29. Qubes will always remain an open source project. However we plan to create some commercial extensions to the system in the future. This might include e.g. support for Windows-based AppVMs.


  31. BulletWhat is so special about Qubes GUI virtualization?

  32. We have designed the GUI virtualization subsystem with two primary goals: security and performance. Our GUI infrastructure introduces only about 2,500 lines of C code (LOC) into the privileged domain (Dom0), which is very little, and thus leaves not much space for bugs and potential attacks. At the same time, due to smart use of Xen shared memory our GUI implementation is very efficient, so most virtualized applications really feel like if they were executed natively.


  34. BulletCan I watch movies in AppVMs, e.g. YouTube movies?

  35. Absolutely.


  37. BulletHow about running applications like games that required 3D support.

  38. Those won’t fly. We do not provide OpenGL virtualization for AppVMs. This is mostly a security decision, as implementing such feature would most likely introduce lots of complexity to the GUI virtualization infrastructure. However, Qubes allows for use of accelerated graphics (OpenGL) in Dom0’s Window Manager, so all the fancy desktop effects should still work under Qubes.


  40. BulletHow much disk space do I need for each AppVM?

  41. Every AppVM is created from a so called TemplateVM and they share the root filesystem with the template (in a read-only manner). This means each AppVM needs only disk space for its own private data. This also means that it is possible to update the software for all the AppVMs by just running the update process in the TemplateVM once (one needs to stop all the AppVMs for this, of course).


  43. BulletWho is behind Qubes OS?

  44. Qubes development has been funded by Invisible Things Lab (ITL). Qubes architecture has been designed by Joanna Rutkowska and Rafal Wojtczuk, both from ITL.