I’m using QubesOS since yesterday so I’m completely new. I really wanted to try this operating system before but opinions about this system were holding me back for a long time. You know, people are saying that QubesOS is slow, unstable, not good for privacy, hard to use etc. I got experience with different operating systems and now I know that I can’t rely on opinions of other people. Only way to get know if system is good or not is to just try it on server or on workstation as daily driver.
I was looking for workstation setup based on virtualization with isolated host from internet. There’s no alternative for QubesOS in terms of security and integration with virtual machines. It would be hard to use any Linux distribution in the same way as QubesOS. In my case I had a strong need for having air-gapped OS for few documents, passwords and keys, also special OS for tor access. I didn’t want to boot up another system every time.
I really appreciate security and privacy of the system but another great thing to me is managing my environment by splitting it into personal, school, dev etc. Of course still I don’t know how to use this functions properly and efficient, I have to learn that.
I hate lack of GPU acceleration. I was worried about that and it was keeping away me from trying QubesOS. With my CPU it’s not problem for usual stuff but I have to try GPU Passthrough for video editing and gaming. With better support for this QubesOS would be perfect for me.
Without hesitation to me, the ability to have separate network flows, for example, some applications in an AppVM with a network tunnel, others with another VPN provider, and others without a tunnel at all. No hassle in the network routes, and all in the same laptop
Xen isolation is the cherry on the cake.
For years, I relied on Tails and Whonix, but neither ever felt like the right fit.
Tails was too restrictive, I couldn’t customize it to suit my workflow. You’re basically forced to stick to the defaults, and enabling persistent storage introduces its own serious risks. There were also real-world deanonymization cases that shook my confidence (like the high-profile incidents around 2017 involving law enforcement).
Whonix was better in some ways, but running it in VirtualBox on a Windows host was a constant headache. The host had to stay online to provide internet access, which felt like a massive attack surface.
Then I discovered Qubes OS, and it honestly felt like a dream come true.
I can run Whonix gateways and workstations without ever worrying about the host being exposed.
I get Tails-like amnesic behavior when I want it, but with full customization and the ability to install whatever apps I need.
Best of all, I can seamlessly work with completely offline VMs right alongside internet connected ones, all on the same machine.
And the flexibility to run any OS in isolated qubes, with strong security guarantees, is unmatched.
Granted, there’s a learning curve especially for those without prior Linux knowledge. Troubleshooting some days can really becomes pain in the ass. But for me, it’s absolutely worth it. No other consumer-oriented OS comes close to offering this level of compartmentalization, control, and genuine privacy and security. Qubes puts the power in the user’s hands in a way nothing else does.
GUI domains are only extra security features, they will not help with regard to performance.
sys-gui is just there to administrate your qubes from a qube, and sys-gui is the same thing but GPU is attache to it to reduce the attack surface of dom0. They are both not there to help performance or GPU passthrough.
Sort of. That’s a fully correct statement, but with Wayland and SR-IOV coming, GPU acceleration and possibly virtualization are coming soon (next 5 years if I had to guess, but it’s exactly that: a guess)
I can’t wait to have this feature. But it’s just that GUI domains are not related to performance. If we get wayland and SR-IOV, it’s not under GUI domains hat.
I’m pretty much on the same page as @Euwiiwueir , @whoami , and @linuxuser1 . Started by installing Qubes as a curiosity… and then got funding for a a project to get Qubes working as a corporate laptop … an ambitious feat when working with Qubes 3.
I started looking at Qubes OS when I wrote a paper about immutable operating systems, but I didn’t use it back then.
Later, I gave it a try because I was building non-practical methods to separate various usage/contexts with a single workstation. The features I like the most are:
The networking that gives absolute control (up to what sys-net is doing within itself) because each netvm is a router we can audit and monitor
That networking allowed me to build complex systems using many VPNs, although it was possible on OpenBSD using multiple routing tables or Linux with ip rules, it was easier to use on Qubes OS
I was starting my freelance activity, being able to separate the systems used for each client and their VPN was a must
Although it’s good for some usages, I found Qubes OS to be bad enough for me in daily use that I needed another computer. I do all the trust required tasks on Qubes OS, and mutimedia (video playing, video post-prod, video games) on the other.
Sandboxing / compartmentalization. Im a big fan of GrapheneOS and its ability to strongly isolate apps. I found myself wanting to do the same for my desktop
The more I thought about it, the more it seemed that the Qubes desktop model made far more sense than standard desktops. Letting SensitiveAppProgram and UntrustedSpyware share common file access is a major security risk.
After the sha1-hulud NPM supply chain attack in September I realised that my dev environment needed to be segregated from the rest of my system so that my personal data wouldn’t be at risk if it happened again. Lo and behold 2 months later we saw the same attack again, only worse.
As a developer I need to be able to npm install ... to get work done and I don’t want to have to worry about getting infected everytime I need to do so.
I looked at some other options but they all paled in comparison to Qubes. After giving it a go I was hooked. I’m never going back to monolithic computing ever again. Qubes is revolutionary!
… an ambitious feat when working with Qubes 3.