I figure Qubes OS really deserves its own thread as it is a vital privacy tool. Please feel free to add questions and input. Working with Qubes R3 as my main OS. One thing I would like to do is have different VMs connected to different VPN servers. That bit I am comfortable with but the thing I am struggling with is preventing leakage if the VPN cuts out. What is the best way to achieve this? Should I set the Qubes OS firewall so only connections to the VPN server are permitted? Any thoughts? Will post screenshots as I proceed with the install.
Hi driekus and all..... Would you or anyone care to share or want to make a visual guide for setting up Qubes for us newbie non techeess? Some of us feel really non tech or I suppose non smart when trying to understand the Qube's guide. a Simple normal persons beginers guide with screens would be oh so helpful. Thank you any of you smarter people out there that can help the forum and the less smart out there.....
Good idea for thread, and congratulations on taking the plunge. I'll be loading R3 (not yet as my full production machine) soon, so hopefully can comment. @NotNo - I was wondering if it would help, if you haven't used virtual machines much, to do so? Quite a few of the concepts will then become more familiar to you.
Well, it's based on Xen (or in future maybe other hypervisors), with the dom0 being Fedora and guests being Fedora, Debian, Window 7 or Whonix. So you could say it's more about Sandboxing and Virtualisation and could be discussed in that forum! But, having studied and used it for several years, I'd say there's a compelling case for having it here (at least, for interests being expressed here regarding privacy as opposed to the virtualisation techniques), because the combination of security & privacy it provides is rather the point. We regularly talk about the use of VMs in this section of the forum, for example, as vehicles for privacy, and the same is true of the isolating capabilities of Qubes.
I can see why you have that point of view summerheat. My intent of this thread is to concentrate on security and privacy aspects of the OS. For example, the ability to isolate Windows programs and limit the ability of Microsoft to collect data about you that could also be intercepted by three letter agencies. Qubes is likely going to be a major part in maintaining privacy as Microsoft moves towards increased data collection on its customers. In reality this thread could go in many places like many of the threads in the privacy section. The same could be said for Whoinx and Tails threads.
I am not sure I would recommend Qubes for a newbie. I have several years of linux behind me and have found Qubes a challenging OS to work with. I would recommend starting off exploring virutalization using an easy to use linux distro such as Mint. Qubes OS also does work in a VM (despite what they say) , it just is not pretty to work with. Use VMs to make lots of mistakes that are quick to recover from. My classic is using synaptic to uninstall a large number of packages, only made that mistake once.
A good way to start is to understand the requirements for the processor that Johanna described on the Qubes website as it involves acquiring a processor with those capabilities, e.g. VT-x, VT-d, and VT-i something, upon which Qubes incorporates to use the Xen hypervisor. Here is a link to a thread I wrote some time ago about the topic: How to find a notebook with VT-d (IOMMU) support for Qubes OS. Be sure to see Johanna's post and expand the "show quoted text" which is initially hidden on visiting the web page! Note: by now the technology has been surpassed as the date on that post is 8/20/13 - so, get the essentials from there and look for newer technology by searching at the Intel website at ark.intel.com and search for your requirements, as a start. -- Tom
A shame the desktop support not there yet. I have a nice spare Xeon that would handle Qubes VT brilliantly. Still experimenting with my laptop that has VTd but the only way I can experiment is by swapping in a hard drive. R2 has a bug on my system where I seem to loose internet access while R3 has problems with the Windows Tools package. Seems to be getting better which gives me hope that ill get a working system soon.
The problem with the laptops is a lot of the older ones only go up to 8G and have 2 cores. As they recommend, I suspect an SSD would improve the somewhat sluggish load times. I've had success booting off a usb3 external disk. Desktop motherboards are complicated because even if the processor and chipset supports Vt-d, the manufacturer might not have bothered or the Bios doesn't (so the Ark info is not sufficient). I do have a very nice dual Xeon Intel workstation board that does do the job, but that's "taken" at the moment (it already runs a bunch of VMs). My feeling is that a low-power Xeon or two in a workstation/server motherboard probably is the right choice at the moment, but that requires an add-on graphics card. Intel are playing silly b with pricing for cores in the retail i7 line still and many of the retail mobos don't do Vt-d. I'd also like to have the TPM support so that I can experiment with anti-evil-maid. I haven't been able to find an Atom server mobo that does vt-d either. I'll have a try running on a nice silent J1900 4-core, but this is not vt-d. Firejail runs fine by the way, but I think I'm going to focus on getting that running in a Debian template because it's now in the repos, and I'm more familiar with Debian anyway.
The Live USB version is an (Alpha) release - i.e. may have bugs. Better to wait for Beta releases. -- Tom
Well after a full day of setup I managed to get Qubes R3 running to a point where I can use it as my daily driver. The beauty if qubes is that you can control the internet access for each VM and from a privacy perspective this is important. You can either whitelist or blacklist. How I have it setup so far: Windows VM with Seamless Mode: Runs the software like office, visio and project. Has only limited whitelisted internet access to a few internal sites. This solves the Windows spying concerns as there is nothing for Windows to connect to. Personal Debian VM: Has my personal files and connection to my cloud server. Limited external access External Browsing VM: For the majority of my browsing Disposable Unsafe VM: For the danger stuff I believe this is relatively secure and does improve general security against intrusion. The bigger gain though is on the privacy front. The programs I use cannot talk back and leak my info. Personally I believe this is the ultimate solution for those who need MS programs to function but value privacy. The drawbacks: It is not user friendly, even for those who have worked with linux in the past. Qubes limits the ability for VMs to communicate with each other. This increases security but increases the headache of using it. I havent been able to get BolehVPN running as of yet. Still a little bit buggy
@driekus - thanks for the report. The other aspect of Qubes is that it inherently isolates data from the different machines, as well as being able to do the work with individual networking environments. I don't find the VM communication that awkward really, and not much worse than what you'd do in the standard VM case. Making it a different procedure at least has you engaging brain first! I did have a problem with the Debian in terms of inter-VM file copy, but haven't investigated. I was also hoping that it would be possible to have Firejail come down to the Debian template since it's now in the repos, but it has some dependencies which will require testing or development repos to be added. I'm also getting interested in containers such as Docker, since these may offer a lighter-weight way to instantiate an application than what you get with a full-scale hypervisor VM combo. For things like browsing, this may actually be what you want, and seems similar to Firejail in a way. Maybe if you have the standard VM environments running in Qubes, the load time aspect is less of an issue.
I have had little problems with Debian inter-VM file copy since moving to the latest R3 build. At this stage now I have a fully functional system minus OpenVPN capabilities. Trying to troubleshoot it now and am sure ill be able to get it up and running. I did like the concept of docker. It is good from a security perspective but wonder how good it is from the privacy perspective. From my understanding it behaves similar to programs such as sandboxie which have some access to the host system albeit in read form. I question whether this increases the possibility of data exfiltration. I may be wrong though. VMs dont have this vulnerability (particularly if setup as standalone). The drawback is that they require greater system resources. The other core disadvantage until Qubes is that switching between programs in different VMs and managing the VMs is inconvenient. For me the resource consumption not too much of an issue. A solid state drive with an i7 and decent amount of RAM can handle it no problem. Although if I can free the cash ill probably get a decent VM machine with PCIe SSD https://www.thinkworkstations.com/products/p50/
Finally got VPN running. VPNs work in Qubes differently to other operating systems. Setting up a VPN in Qubes is done by setting up what Qubes calls a Proxy VM. From that point it is simply a matter of connecting some/all of your other VMs to the proxy VM. The advantage of this system is that allows you to mix between VPN (for external facing) and non VPN for internal facing. You can even set up different VPNs for different VMs. Very very cool.
Had a quick play with Docker in Vmware's Photon. Currently, I think it's more suitable for datacenter apps, although there are ways of hooking the containers up to X for a browser. Also, the load times didn't seem that much better than a standard full Linux kernel, and probably the Qubes usage model will be for fairly long-lived VM lifetimes. I'd guess that the pages for the template VMs would get cached as well, which would accelerate VM load time once going. The Xeon D3 8-core 40W Soc processor looks an interesting desktop base for Qubes, but is still pretty expensive and hasn't been tested as far as I know.
And I thought I was overkill with Xeon E3-1230V3 and 32Gb Ram. My issue running this with Qubes is that I have USB keyboard issues. Still thinking of getting the thinkpad p50 when it comes out. A PCIe SSD should fly with Qubes. I know the Xeon laptop processor is probably a scam but it still should be pretty quick.
I've always ended up dissatisfied with laptops, and I suppose the multi-VM/profile approach is much better suited to a multiscreen desktop environment to arrange it all, I hate scrabbling round on a small screen - even if they have upped the resolution. They also have nasty little fans, and I'd prefer silent or semi-silent if I can do it, which, in a 40W part should be possible in a decent chassis. I'm currently running a dual X5670 rig which is pretty blissful, but I'm not yet ready to switch that over to Qubes. I hate that Intel charge so much for retail-cpu cores beyond 4, and it's good to see that pressure from AMD in the mini-server space is finally causing some movement.
I am definitely a laptop person, more because I need to be mobile than anything. My Server is just running a 40Tb Raid array so nothing too extreme. I went with server architecture mainly because it handles >6 Sata drives better than consumer grade equipment. I also find it significantly more stable running business grade hardware than consumer junk. Id go for the higher grade intel server cpus but as you say the cost is rediculous.
Great article. One thing that impresses me with the reporting on Qubes is that they dont go overboard with the marketing hype. I would say it is one of the most secure operating systems available. It is far more secure than other operating systems that really lay on the marketing hype.
I found out about QubesOS about 2 weeks ago, haven't had the chance to download it yet. But, I am also going to call for a visual guide, even though I am a technical user, I still have no idea how to set it up.
I would recommend playing around with the system to get an idea how to solve the common problems that you might run into. I took baby steps: 1.) Setup Qubes on a virtual machine if your system has the power. Most things should work but be a little buggy 2.) Use the Live USB 3.) Install onto a spare hard drive that you could swap out of your laptop 4.) Switch to Qubes as your main OS The whole process took me about a month from start to finish.