Qubes OS is different than other operating systems starting right from the kernel. Operating systems such as Windows, Linux, BSD, and OSX are based upon a monolithic kernel, this possess a huge security problem as the monolithic kernel contains over ten million lines of code to operate, and to make the issues worse, most of the code comes from untrusted resources. With so many API’s, it would only take one exploit of the kernel to gain control over the entire system.
Qubes OS, on the other hand, utilizes Xen Hypervisor. This is able to provide a more secured isolation connection between servers, and unlike Monolithic Kernels, Xen Hypervisor only contains a few hundred thousands of lines of code instead of millions. Xen hypervisor also only focusses on the main components of your computer such as CPU scheduling, Memory Management, and your power management. And does not need to utilize 3rd party API’s.
Qubes OS is a Linux version security and open source operating system designed for personal computers and usage and runs everything inside of VM (Virtual Machines).
Xen is a bare metal, Native, hypervisor in which utilizes a microkernel framework and even offers a service that allows you to use multiple operating systems at the same time on a single hosts hardware. This is performed by each of your operating systems are using their own space of the processor and memory as well as other related resources that the operating system needs.
Qubes supports the environments of your favorite operating system such as Microsoft Windows, Linux Distributions, and even Whonix.
(Whonix is a Linux based secured operating system by using Debian and provides the user with privacy, security, and even anonymity from your actions online.)
Qubes also enforces a more secured anonymity for internet connection by utilizing the Tor Network.
When we look at the hypervisor, we see there are two types. The first type is known a “Native” or “Bare Metal”, and our other type is Hosted Hypervisor. With one running directly like a normal operating system would work installed on your computer. This will host the “Guest OS” and the other will run within the Host OS…Just like you installed VM Ware and have 2 Linux distros, 3 Windows, and 1 Apple. Same concept but all running at the same time.
Installation Time;
Like my other articles about a new Operating System, I had to download and install the OS myself on a VM machine. I was able to successfully download Qubes Newest Release “Qubes-R3.0-x86_64-DVD.iso”
You can see a full list of their downloads from the site below;
Qubes-os.org/downloads
Unfortunately, for those who enjoy faster downloads by means of torrents, the Qubes-OS.org website downloads page offers no means of torrent downloads.
After figuring out I have to set my BIOS to accept Intel-VTX Technology, and then configuring my VMWare to use VTX-AMDVT I was finally able to install Qubes OS.
Once the installation was complete and time to reboot the “computer”, I was fascinated and eager to learn and test this operating system out. But my excitement came shortly as I found myself waiting for over 30 minutes during the initial boot up of the system.
Waiting…Waiting….Waiting…
Now that I was finally bypassed the install and booting of the OS, I was greeted with the “Welcome” screen followed by the terms and conditions.
Once I accepted and acknowledged their License Information I was able to create my user account.
And then I was able to set my time and date followed by creating and setting my VM’s for the new machine. I chose to utilize the default option “Create default service VMs.” Just so I can get inside and play around.
And then finally, the login screen. I must say. With the advancing technology, I was hoping for a more “Flashy-Techy” feel, but we are ended up with the image shown below.
So…Now we are in the most secured Operating System in the world, what am I supposed to do? After looking around a bit, I found the task bar to be a similar resembelance. It looks as if though the creators took the Windows feel and applied the Linux functions.
As we can see from the image above, the first box you notice would be the [Dom0] Qubes VM Manager box. This is for advanced users to alter their own versions of the VMs that Qubes will/is hosting. I have set my main computer to Qubes OS, and utilizing one version of Fedora for my network, and another version of Fedora for my systems firewall protection.
So far…The rumors appear to be correct. But let’s test this out.
Now looking at the menu I have pulled up, this does resemble a bit of a Windows interface but with Linux abilities. The highlighted box I have set to is the FireFox web browser. This fully works as if I am using FireFox on a Linux machine. I go onto learning that banking, personal, and the untrusted links are set to protect you and your information from trackers, viruses, and hackers by utilizing their tri-level security in which is setup.
Each time you start a new internet connection, a new VM is setup just for that browsing. This makes things a bit complicated, but also I can see the difficulty of “Hacking” into this machine.
Time to test the vulnerabilities. I booted into another virtual machine known as my “Kali 2.0 Black Box” and loaded up the tools I would use for penetration. My first thought “Do I want to know the designated IP? Or should I use some sort of chat session, cookie cache, or other ways. Since this was supposed to be hard to hack…I cheated a smidge.
After performing vigorous tasks and penetration tests, the task was near impossible. Finally, after breaking into my code bank, there was not a single Linux virus I created. So, time to start writing some scripts. After about an hour of writing a simple Linux virus and sending in the means of an email. I downloaded the virus onto my Qubes system. And sure enough, nothing. The program wouldn’t run, install, operate nothing. It was as if it was an empty .txt file and nothing to do with it. But let’s apply the measures in reverse. I was going to use the same tasks from Kali to Qubes but in reverse. I was soon stopped as my tools and resources where on Kali and not on Qubes. So…Download manager time. After another hour of apt-get install…. And getting the right tools and using DropBox for my viruses, Hacking into Kali was easier than it was hacking into Qubes. I was able to find the location of the IP address. Or so I thought. When I looked the Qubes OS was in another state.
In conclusion, utilizing Qubes OS with a VPN service is extremely hard and practically virus free…For now. There will be a day in which a hacker, government agency, or pentester will develop a software/program in which can hack into Qubes OS. But for now, this has to be one of the safest operating systems.
