Others may expand on this or explain it better than I do, I’ll try nonetheless. (That’s to say, please poke holes in what I say, and please correct any mistake you spot in my reply!)
The two main differences between using Qubes OS and using virtual machines under your regular Linux distibutions are:
Xen runs on bare metal (Type 1), and as such has a significantly smaller attack surface than a Type 2 hypervisor. (Since you mentioned “Type 2” I suppose you’re familiar with their respective pros and cons.)
The operating system that you use to manage the other virtual machines (AdminVM in Qubes OS parlance, dom0 in Xen parlance) is fully isolated from the network and some hardware (e.g. USB controllers, though details do vary). That in itself reduces the attack surface in a series of scenarios that are not typically addressed in a regular Linux distro, or a typicall installation of Fedora 34 (the current dom0 OS).
Additionally Qubes OS implements tooling to manage the policies that regulate communication between VMs, a color-coding system that makes difficult for a given VM to fake the dom0 prompt that some of those policies can trigger (e.g. asking you to authorize a given VM to access a GPG function on another VM in a split-GPG scenario), mechanisms to attach logical or block devices to VMs, etc.
Depending on your needs (as usual) some of that may be beneficial.
Edit: Well and the entire VM template system! It becomes a familiar routine to the point that I forget to mention it, but that’s a piece that can bring a significant amount of convenience and would take significant effort to replicate (unless you’ve got tools I don’t know about!)
Hello,
Thank you so much for your reply.
I’m sure that the Xen Hypervisor is a secure Hypervisor and has more features than type-2 Hypervisor, but does it make sense to run a virtual machine for any application? How strong should our system’s hardware specifications be?
One of Qubes OS’s biggest mistakes is that it uses Fedora. Why Fedora when there are better Linux distributions like Debian, Gentoo and even Slackware? Have you forgotten that Red Hat is the enemy of Xen Hypervisor?
In my opinion, you should use Xen Hypervisor to isolate the operating system itself and the rest of the applications run in a sandbox. The Subgraph OS is on a right track and if it adds Xen Hypervisor, then it becomes the best product.
Hi,
you don’t need a virtual machine for each application. However you could do that. Therefore hardware needs are not as big as you would assume.
One advantage is that the virtual machines itself are based on templates that can be tailored for a specific purpose and reused for different vm’s.
Another advantage are disposables that will be completely destroyed after use and closing them.
One more feature is virtual machine for tor browser
You can also control the network interaction between virtual machines that can be network proxies for each other. I.e. separating work vpn from home usage.
There is in practice nothing more secure than hardware virtualization, which Qubes uses by default. VM escapes are practically non-existent with such a measure.
Apart from virtualization, Qubes provides a great, unified interface, where VMs are shown as normal windows with colorful borders. Also, with easy copy-paste and file transfer, automatic backups, self-destroying VMs and much more.
No, and you don’t have to do it on Qubes (although some people do it). You use VMs as security domains, inside which everything is equally secure. For example, you do everything related to your work in one VM, everything related to your hobby in another, and everything related to your banking in the third one. Extended examples: one, two.
Debian is installed in Qubes by default, along with Fedora. Apart from them, threre are more operating systems, including Gentoo: Templates | Qubes OS.
See also my attempt to explain the feature of Qubes OS in a short pitch.
Most important is to have a lot of RAM. With 8 GB you can already have some compartmentalization, but with 16 it feels much better.
Actually, in Qubes you isolate your AdminVM from everything, including network and USB devices. You never run anything in it. Isn’t it what you mean by “isolate the operating system itself”?
I do not see how network or drivers are isolated in Subgraph OS. See also a related discussion:
I am sorry if I come across as unfriendly, but the breath-taking speed from …
… to dishing out opinions and advice makes me question your motivation. Have you read any of the links posted in this thread?
Then again, three years ago you’ve asked for an updated architecture spec?
Re: Subgraph … the last alpha release was in 2017. The last commits I can see in the repositories is from 2021. I think it’s safe to say at this point that the project is abandoned.
Hello,
Thank you so much for your reply.
The Qubes OS is based on the Fedora. Right?
How about the templates? Should they be downloaded from the Internet? Is it possible to install a virtual machine manually?
Hello,
Thank you so much for your reply.
1- You said VMs are already preinstalled. What does it mean? When you install the Qubes OS, then by default some VMs already there? Which OSes?
2- You said No, and you don’t have to do it on Qubes (although some people do it). You use VMs as security domains,… so, Is the Qubes OS a hardened OS? If yes, then why install a virtual machine?
3- How Qubes OS use both of the Debian and Fedora operating systems simultaneously?
Hello,
Thank you so much.
Do you mean AdminVM is Qubes OS itself? If yes, then how much of the OS? For example, when you install a Linux distribution, then some applications like the Internet browser, LibreOffice, Media player and etc. are part of the distribution.
No, Qubes OS is not based on Fedora, but it uses and incorporates Fedora.
No, the AdminVM is not Qubes OS itself. It is one part of Qubes OS.
No, Qubes OS is not Xen, but it uses and incorporates Xen.
Qubes OS is its own thing. It is not Fedora or Xen, but it uses and incorporates them.
Why does this matter? Because “Ubuntu is based on Debian” is a true statement, and this type of “distro X is based on distro Y” relationship is quite common in the open-source world. So, when people say things like “Qubes is based on Fedora,” there is a real risk that people who are knowledgeable about the open-source world in general will get exactly the wrong idea about the nature of Qubes OS.
Hello,
Thank you so much for your reply.
1- So, the Qubes OS itself has not been hardened. Some Linux distributions are hardened by default.
2- You said “You can have several VMs, some of which are based on Debian and some on Fedora.”, I don’t mean VM, I mean is Qubes OS itself. What kind of Linux is it based on?
3- How many VM templates are there? The Qubes OS is just 6 GB.
4- I meant do you have all these programs (Internet browser, LibreOffice and etc.) in AdminVM?
Why would you need hardening of “Qubes OS itself” if you never run anything in dom0 (AdminVM)?
I explained above that it’s based on Xen. It’s also explained in the FAQ, which I linked and the post of @adw above. Perhaps you could reformulate your question; why exactly you are asking?
There must be a quick way to describe “what is Qubes” for technical people who know what Linux and Xen are. “Qubes OS is its own thing” is not very helpful. FAQ itself says that “more of a “Xen distribution” than a Linux one”, and I think it’s a perfect short-cut in such case. I also linked the FAQ for more information that it’s not simply Xen.
In principle, Ubuntu is getting further and further from Debian, see snaps. “Based on Debian” is not supposed to explain everything, only to give an idea how to start thinking.