Basic question about Qubes

what is the difference betweet QubesOS and sandbox?
Xen hypervisor is virtual machine?

I was asked about this. but I couldn’t answer.

Others can better speak to the details, but here’s my, non-expert, high level view, as I understand it.

Sandboxing is useful for preventing apps from talking to one another within a single OS. This will prevent a malicious app from pilfering my private e2ee messages, for example. In Qubes, virtual machines are restricted in their ability to talk to each other and the user is in control of any data sharing between vms. A vm in Qubes could be nearly any OS and apps within each vm can share data freely. Apps in Qubes vms are not sandboxed by default because compartmentalization of vms is a reasonable degree of security for most threat models.

Xen is a (type 1) hypervisor and is designed to provide isolated virtual machines (for cloud computing). Within Qubes, Xen provides a way to separate hardware from software, which allows one to run a vm without firmware or without directly touching the USB stack, network stack, etc… The Qubes team has created a lot of tools to make (cloud computing focused) Xen workable as an alternative to installing a distro “bare metal” on a PC.


what does it mean type1?

Hypervisors are typically classified into two distinct types, called Type 1 and Type 2. That is not specific to Qubes OS:

1 Like

I understand. it means VM work on hardware not on OS.