Relative comparison of Qubes OS, and its multiple VM's versus Boxes.

[ggg...@gmail.com]

Boxes being the Sandboxing software available in Linux.  It is my hunch, that the VM's are taking advantage of some hardware feature that insulates them that might be a security hole for Boxes.  I dunno?

Also, as I have not gotten a computer to run Qubes OS, I notice that the App VM seem to be loading a full featured version of a Linux OS.  I am guessing that in reality you guys are using a smallish Limited version of a Linux Distro.  

I was expecting to see some advice about how to uninstall the module that runs the camera, and the microphone.   I know I rarely use them, so it would seem like a good idea.   OR I guess, it is left to the individual with the individual distro. 

I was looking for a list of;  If you want to be secure,   "Never do this."    Another check list, like a pilot uses before taking off, that is what the proper procedure is for some of the types of things one might routinely do with Qubes OS. 

About my hardware deficiency, wait for another month for me to be able to upgrade RAM, and maybe buy a Programming device.   So please be patient with questions that would be obvious if I was running Qubes OS already.

Thanks for replies.

[brenda...@gmail.com]

On Wednesday, February 26, 2020 at 12:18:48 PM UTC, ggg...@gmail.com wrote:

Boxes being the Sandboxing software available in Linux.  It is my hunch, that the VM's are taking advantage of some hardware feature that insulates them that might be a security hole for Boxes.  I dunno?

Background: Boxes is simply a nice front end for KVM and QEMU, which is what most Linux virtualization solutions utilize.

Reasons that Qubes project initially chose Xen over KVM+QEMU (probably better explained on the Qubes website):

1. The hypervisor code baseis substantially smaller in the Xen case. Smaller generally means less security issues.

2. Xen came with better suited vt-d/IOMMU support at the time.

3. When parts of qemu are needed for certain virtualization scenarios, Xen supports sandboxing qemu into stub domains.

4. QEMU has been historically problematic when it comes to security issues, at least relative to Xen or even Xen w/ qemu in a stub domain.

 

Also, as I have not gotten a computer to run Qubes OS, I notice that the App VM seem to be loading a full featured version of a Linux OS.  I am guessing that in reality you guys are using a smallish Limited version of a Linux Distro.  

Generally standard fedora and standard debian come as VM templates under Qubes, yes. With caveats, Qubes also provides slimmer versions of the template distros as well as optional downloads.

 

I was expecting to see some advice about how to uninstall the module that runs the camera, and the microphone.   I know I rarely use them, so it would seem like a good idea.   OR I guess, it is left to the individual with the individual distro. 

Assuming your camera is USB based (generally the case, even for internal camera devices).

Generally, the default installation:

1. Hides all USB devices from dom0, making them unusable.

2. Puts all USB devices into device sandbox called sys-usb (this part is optional, but useful if you want USB devices to work).

 

Generally, you can use command line or the devices widget to assign the devices, including the microphone, to a VM if you choose (some limitations on usbip support being broken for certain device types).

I was looking for a list of;  If you want to be secure,   "Never do this."    Another check list, like a pilot uses before taking off, that is what the proper procedure is for some of the types of things one might routinely do with Qubes OS. 

This would vary by threat model. Without a threat model, a general checklist would be impossible to provide.

 

About my hardware deficiency, wait for another month for me to be able to upgrade RAM, and maybe buy a Programming device.   So please be patient with questions that would be obvious if I was running Qubes OS already.

Good luck!

[Chris Laprise]

On 2/26/20 2:24 PM, brenda...@gmail.com wrote:
>
> On Wednesday, February 26, 2020 at 12:18:48 PM UTC, ggg...@gmail.com wrote:
>
> Boxes being the Sandboxing software available in Linux.  It is my
> hunch, that the VM's are taking advantage of some hardware feature
> that insulates them that might be a security hole for Boxes.  I dunno?
>
>
> Background: Boxes is simply a nice front end for KVM and QEMU, which is
> what most Linux virtualization solutions utilize.
>
> Reasons that Qubes project initially chose Xen over KVM+QEMU (probably
> better explained on the Qubes website):
> 1. The hypervisor code baseis substantially smaller in the Xen case.
> Smaller generally means less security issues.
> 2. Xen came with better suited vt-d/IOMMU support at the time.
> 3. When parts of qemu are needed for certain virtualization scenarios,
> Xen supports sandboxing qemu into stub domains.
> 4. QEMU has been historically problematic when it comes to security
> issues, at least relative to Xen or even Xen w/ qemu in a stub domain.

Don't forget all the Qubes bits that make VMs work in concert: qrexec,
vchan, etc. These form a specially hardened VM management system. The
reason why Qubes Whonix exists, for example, is that other hypervisor
OSes don't have this level of security.

Links on the subject:

https://www.qubes-os.org/faq/#how-does-qubes-os-compare-to-running-vms-in-a-conventional-os

https://www.qubes-os.org/doc/security-critical-code/

Yes. Although the security faq linked above and additional security
guides exist here:

https://www.qubes-os.org/doc/#security-guides

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

[Chris Laprise]

I should have also linked this, which is a guide for devices:

https://www.qubes-os.org/doc/device-handling-security/#usb-security

Finally, reading the ITL blog from 2010 onward provides a lot of Qubes
insight:

https://blog.invisiblethings.org/