How did I come here?
For more than 20 years, I have been (and still am) teaching IT security and privacy to IT professionals and lawyers. Since about 2010, I became more and more frustrated: having to tell and show ever more sophisticated attack methods and telling of increasing damages. At the same time, the IT used (in my environment, mainly Windows systems) has become more fragile and error-prone, not at least by being overwhelmed by lots of more or less faulty updates.
I would have liked to point out viable alternatives, allowing to build a more robust IT infrastructure. But: Windows is rapidly deteriorating due to facts widely discussed, e.g. Microsoft relying on telemetry for analyzing software faults and more and more focusing on their cloud business. Switching to Linux is often not possible, due to vendor lock-in because of missing software solutions able to replace applications used exclusively on Windows systems. Apart from that, I am not really convinced that Linux is so much more secure than Windows, as it is based on the ancient Unix security model and is, like Windows, a monolithic system, where one successful attack may mean game over. (In the eighties and nineties, I worked mainly on OpenVMS systems, which provided an extremely robust and reliable environment, which I – like many VMS users, still am sadly missing in today’s Windows and Linux world.)
About in 2015, I came upon some papers and blog posts written by Joanna, and there I saw a possibility to change the game: Unlike many more academic approaches, Qubes OS is based on the assumption that most software is faulty and thus can be successfully attacked. So here is a system trying to mitigate the consequences of such attacks by compartmentalizing the technical basis and by providing a means to contain the damage. I tried to install and test it, somewhere around R3.1 or R3.2, and found that it fulfilled its promise of providing a “reasonable security” and still stay usable.
Where am I now?
Currently, Qubes OS is the system that I regularly use for the laptop that I use for teaching, and there I can show my students a viable alternative to the insecure environments most of them are struggling with. It is also easy to show many alternatives to a vulnerable environment, like switching from Microsoft Office to LibreOffice, from Windows to any of quite a number of different Linux flavors, from running Microsoft Ofiice under Windows to running it under Wine on Linux, and so on.
Occasionally, I am still providing support for a security tool based on a Windows environment. Without Qubes OS, I could not do this on this laptop, because Windows 10 ceased to run on this laptop, due to (documented) driver conflicts. As templates and AppVMs running Windows 10 and even 11, there are no problems, and I can even simulate the use of the security tool in a distributed network environment.
Building such a somewhat tricky software structure under Qubes was possible, even for me, who has never really worked with Unix or Linux and thus has only very basic knowledge about this. (In the OpenVMS community, from where I come originally, there was a joke like: “Who thinks, bash was a command language, might even believe Unix was an operating system.” ) Especially the possibility to quickly clone a template in order to have a clean test system was of immense help. Even the migration of my Qubes installation from R4.0.4 to R4.1 went rather smoothly, even for the Windows VMs. The only larger problem came from a Windows 7 VM which was originally created under Qubes R3.2.1 – the jump from there to R4.1 was a bit too long.
Where could / should we go from here?
Currently I see mainly three areas of concern, in ascending order of difficulty:
In order to get a wider acceptance, Qubes OS must help Windows users, who need it most, to migrate from Windows, perhaps via Windows qubes, to a different environment. In the last year, mainly thanks to @jevank and @elliotkillick and several others, great progress has been made in this area. If the current work on providing an
rpm installation kit for QWT 4.1 and documenting installation and use of QWT is finished, most problems currently causing cries for help will be gone.
Flatten the learning curve for installing and using Qubes OS: In order to get used to the environment provided by a meta operating system like Qubes OS, the user has to understand the concepts of using separated virtual machines. While most of the documentation currently provided is extremely good – much better than most of the Linux documentation I have found so far – one has still to read it. The old RTFM saying is something ignored by many (most?) current users. Using preconfigured tools, like @adw proposed, may be helpful, but will need a development effort whose size I cannot estimate. Perhaps some video tutorials might help to gain users not able or willing to read documentation??? Wrinkling out some edges of the UX, like @ninavizz and @marmarta are doing now, might also help a lot.
The third and, in my opinion, most important difficulty obstructing a wider spreading of Qubes OS use is simply that many people do not know that it exists or what it is. If described at all in some PC publications, it is often called “the most secure Linux distribution”. So the reader just thinks: “Why, just one more of the zillion Linux versions – that’s nothing new!” and probably will not have a second look. But how could we reach a larger audience and get them to grasp the idea of a meta operating system and its advantages? I really have no idea, and what I experience in my teaching, even with a security aware audience, makes me rather skeptical.
So far, my two cents. What do you think about it?