The XEN based desktop oriented project designed to be extremely secure has finally reached a stable state and a feature freeze: while the Open Source community version will continue adding new experimental functionalities, a commercial version will be produced from this release, focusing on stability and performance. It currently runs a flavour of Fedora Linux: a new beta will probably be available in 2 months.
Qubes adopts a “Security by Isolation” approach, creating different virtual machines as a mean to generate large-scale “sandboxes” where each application is run. Even the networking and storage subsystems reside on different virtual machines.
The user can then define lightweight Virtual Machines, or AppVMs, which are used to run applications in a different context: work-related software will thus be prevented from interacting with any personal-life application, and vice-versa. Qubes also supports secure copy-and-paste and file sharing between the AppVMs, a mandatory feature for any real-world usage: VMs are seamlessy integrated in the desktop and switching between them is transparent for the user.
New functionalities in the beta version, which is based on Fedora 14 (x64), include:
- A built-in, easy firewall for Virtual Machines in addition to the Firewall VM protecting the entire system
- A redesign of the copy-paste model, which has been made more secure and usable.
- Template-based service VMs, where many “net” and “proxy” Virtual Machines can be created froma common, upgradable template.
A full description of the system can be found in the design reference document.
The installation package and guide is available here: the system can also be installed on an external USB, a quick way to test the new project.
After missing the expected launch at the end of 2010, this announcement tries to foster interest in this niche yet extremely interesting project.