Why I won't be using Qubes as my daily driver / Review

This isn’t an in-depth review, just my thoughts after attempting to make QubesOS my daily driver. I used Qubes for about a week, although during that time I spent a good amount of time studying it.

First of all, I really love the concept. The ability to compartmentalize your activities, determine exactly what each VM has access to (especially the ability to restrict network access to a specific VM, which is a huge security advantage), dispose of VMs easily, and plug in devices without compromising the entire system, these are all amazing features.

For me, similar to Tor, Whonix and TailsOS, I know that Qubes is an incredibly useful asset for my security and privacy, but unlike them, I know how I can integrate Qubes into my workflow. (Side note about Tor, Whonix and Tails, I don’t know how I can take advantage of those tools because they’re focused more on anonymity rather than security and lack accessibility and performance, and I am more interested in security).

There’s two major reasons why I won’t be using QubesOS as my daily driver:

1. Performance. Qubes is a huge, and I mean huge resource hog. It’s a black hole for your system resources. I tested Qubes on two machines: Lenovo Thinkpad T570 with a Samsung (860?) SATA SSD, and an Intel NUC 11th gen Core i5-1135G7 with an NVMe SSD and 32GB 3200Mhz RAM. The laptop was hardly usable. The NUC was usable, but struggled to play anything above 1080p videos smoothly. 4k video was next to unplayable. For me, if I can’t play videos at up to 4k smoothly, then I can’t use that operating system for my primary activities, since I spend so much time watching videos.

2. Bluetooth. I looked up how to add bluetooth to Qubes, and I’m aware there is a way to do it, but I was cautioned against it due to the security issues it brings. I’m not willing to risk compromising my entire system just to enable bluetooth, but I can’t imagine using my system without bluetooth. It’s essential for me. I use bluetooth headphones and I can’t imagine being constantly tethered to a computer like a dog on a leash. However, I did try it out and it’s not worth it. Also, although this didn’t happen, because I’m so used to bluetooth headphones, you’d be inclined to get up and walk away with your headphones on, not realizing they’re still connected to your PC. With my little NUC, that could be disastrous.

3. Constant configuration. Now, this isn’t as major as the two mentioned above but still a concern. In the last few days I have actually moved onto Arch Linux for the first time (and loving it). Trust an Arch user when he says QubesOS is difficult to use. Now, I want to say that QubesOS is not difficult to use in the same way other people say it is - I actually find the compartmentalization of AppVMs, TemplateVMs, sys-net, sys-usb, etc…to be intuitive. I get it, that’s how my mind works. The Qubes structure aligns with my brain somehow. But when I say it’s difficult, it’s more about the fact that doing anything takes considerably longer. I find myself creating AppVMs all the time. Also, and this could warrant its own section, apps are very difficult to install. I went through hoops trying to figure out how to install apps, and trying to get it to show up in the quick menu. Again, I’m using Arch now, and apps are super easy to install, even when they’re not in the core repository.

I will probably use QubesOS on this NUC after I upgrade to something else and use it as my “secure” personal PC, but as it stands, I won’t be using it as my daily driver, and that’s sad. If it wasn’t for the issues mentioned above, I would happily use Qubes as my daily driver. And I’m sure that some of you may have fixes for some of the performance issues I mentioned, and maybe for the issues I had with installing apps. But I’ve gone through the troubleshooting and it’s a nightmare. I don’t want to constantly keep trying to fix issues, I want to set it up once and have it work 99% of the time from then on.

Thanks for reading.

Thanks for sharing your experiences with using Qubes. More or less the same quitters already wrote about.
Well, digital world starting from your sys-net and further out is like an open space. And you can’t go there in a swimming suit free to move as on the ground. You need astronaut’s suit if you want to “survive” there, while your movements aren’t as comfortable as on this planet’s surface. And that astronaut’s suit is Qubes.

We need to realize it’s not about the Qubes, but about the space.

I suspect that using Qubes with bluetooth enabled might still be more secure than using a conventional OS with bluetooth. I haven’t looked into everything one would have to do to enable bluetooth on Qubes, so I’m not sure about this. It just seems to me that you would probably still get at least some of the security benefits Qubes provides even after implementing those workarounds.

To illustrate the idea, suppose that on a scale from 0 to 100, where 100 is most secure, Qubes is normally 90, but the bluetooth-enabling workarounds drops it down to 50. Meanwhile, suppose the monolithic OS you’d switch to is 30. So this might be like saying, “I don’t want to lose a whole 40 points of security just to enable bluetooth on Qubes,” so instead you give up 60 points of security by switching to the monolithic OS.

In other words, I worry that this might be a form of the base rate fallacy where the focus is only on the loss of security in the [Qubes]–>[Qubes + bluetooth] case, while ignoring the already-low security of the common [monolithic OS + bluetooth] case.

(Having said that, two physical machines is probably the better strategy here, if your use case allows it: Qubes machine for security-sensitive work and a separate “fun/media” machine with bluetooth for music, videos, games, etc.)

In my experience, these are mainly just initial hurdles that you get over relatively quickly once you settle into a groove with the way you organize and use your VMs and become familiar with how to perform various tasks like installing programs. There’s certainly a learning curve, since the system is different from conventional OSes in some important ways, but the need for constant configuration largely drops off once you have everything set up the way you like (again, in my experience).

@88uhbvpqboufpcez , you definitely make some very good points.

I agree. Qubes OS is the best solution so far that achieves this.

I agree with you on this too. For some use cases, is isn’t enough to assume that the Tor browser isn’t pwned, and it’s nice to keep it inside its own VM.

I cannot agree with you more. I mainly run Qubes OS on laptops, and their fans at “Qubes OS idle” are spinning at a much higher level than other OSes, unfortunately. This unfortunately means that the battery lasts considerably less, too….

Having hardware acceleration disabled by default means the CPU has to work harder. So you win some, you lose some….

Well, depending on how you do it, it can be dangerous, but not if you do it right.

In any case, the fact that the end user doesn’t have an out-of-the-box solution ready to go for Bluetooth is definitely something that needs a bit of work

Wow. Having an Arch user say that Qubes OS is hard is kind of the pot calling the kettle black… (kidding)

You wait until you do a system update and have Xorg break on you (it’s such a cliché, but it’s true!)

I can definitely see where you’re coming from when you say you constantly have to tweak and tinker your install, although to be fair, that’s also the case with Arch, depending on how far down the rabbit hole you want to go….

There’s a lot of work going into how to auto-configure Qubes OS, including every aspect of the VMs, but there’s still a big chunk of work to go in that respect yet….

On a side note, if you end up with a good desktop rice, I look forward to seeing a screenshot

Definitely true. Yes, it’s all in the name of “just in case this thing is malicious”, but it does get tedious sometimes. It’s also very difficult to justify to a new user, especially when they haven’t had the experience of being pwned in the past (or if they weren’t aware that they were pwned, either)…

——-

@enmus is right in saying that it’s a spacesuit, and that you need to pick the right suit for the right space.

Maybe the suit needs to be tweaked….

Either way, that’s very good feedback, and if you have any more, keep it coming!

Regarding your point about security - yes, I did consider this. But it’s not just about bluetooth, it’s also about performance. If bluetooth was the only issue, then I may have given Qubes a chance. If performance was the only issue I may have given it a chance. But it’s both, plus the third issue, that really seals the deal. Also, I intend on continuing to use Qubes, just not as my daily driver. I only have so many computers, one is a windows machine for gaming, the main one I use arch on (my daily driver), and my laptop I currently use Linux Mint but I might either switch to Qubes or Arch.

Also, Linux and particularly Arch are already extremely secure operating systems relative to Windows and Mac. Going from Qubes to Arch is more like going from 90 to 80. Simply not using Windows is a significant security advantage. Also, enabling Bluetooth would not bring Qubes from 90 to 50. It would go from 100 to 0, because it’s a simple matter of “is dom0 compromised or not?”.

Intel NUC 11th gen Core i5-1135G7 with an NVMe SSD and 32GB 3200Mhz RAM. The laptop was hardly usable. The NUC was usable, but struggled to play anything above 1080p…

I have a Intel Nuc 10th gen which runs very well. I’m playing a video on freetube right now in 1080p with multiple VMs open (thunderbird, browser, and others) I’m also using a ultrawide monitor. It’s all working very well. I do have 64gig of ram though. ( I also build my VMs from deb-minimal as needed via @Sven method.

Constant configuration. Now, this isn’t as major as the two mentioned above but still

Usability and security is always a tradeoff. That being said, they are working on making things more user-friendly but you can’t expect it to be at Ubuntu level of experience.

Indubitably, my good sir.

…although Arch is only as “secure” as you make it

Oh god, don’t put bluetooth in dom0…Put it in sys-usb or sys-audio.

In my experience, 1080p isn’t usually a problem. Playing 4k media locally (with MPV or VLC, for example) sort of manages and stutters occasionally, but FreeTube, YouTube and Odysee videos at 4k? FORGET IT…

I will concede that I have been able to play YouTube videos at 4k on my pocket laptops with a very very low resolution (1280x800) without any stuttering, but the fan noise drowned out the speakers, and the laptop became too hot to hold, defeating the point of a pocket laptop…

That would definitely help in load times and buffering.

I would be horrified if Qubes OS started sending my local search terms to Amazon for money

https://www.gnu.org/philosophy/ubuntu-spyware.en.html

without any stuttering, but the fan noise drowned out the speakers

If you are talking about fan noise on the Intel Nuc. Here is what I did that greatly improved it. https://www.reddit.com/r/intelnuc/comments/mst64y/nuc_11_i7_fan_noise_issues_potential_solution/
There is some other suggestions that might help. I didn’t bother with the second one as the first was sufficient.
Product Support Forums - Intel Community

Haha. Not the NUC. I’ve never really had a problem with fan noise on an Intel NUC.

I was talking about the GPD Win Man Intel model. The dual fans are loud and make your hands cold if you hold it, and it feels really uncomfortable.

Freetube is limited to 4gig and plays fine.

As I see it, once I was (fully) aware of the security threats, whatever OS I was using I tried to tweak it (harden it) as much as possible,
Just before starting to use Qubes I was using Windows as a host with different Linux VMs in a VirtualBOx, and after decades of using it I was desperately trying to make Windows as a host offline, while certain VMs would be online. Sounds familiar?

And then, naturally while exploring if that is feasible, I ran on Qubes…
And out of a box I got all the major tweaks I tried just by installing it…

Yeah it’s meant for different people and has some multimedia and wireless weaknesses it wasn’t originally designed to do. I have problems viewing 4k videos created from my phone.

Aside from that, it’s a daily driver for me and it works smooth on a desktop. After the learning curve, tinkering, and getting used to doing things differently, I’m rarely on this forum for tips anymore. I still tinker doing something new and different and have to go back to the forum. Overall, I heavily appreciate having it.

Are the bluetooth headphones for music only? If so, have you considered pairing them with your phone? It would provide even more freedom of movement than pairing with any computer. And won’t require you to enable bluetooth on qubes.

This is the base rate fallacy thing I was referring to. You’re assuming that:

Qubes+bluetooth=0
Arch+bluetooth=80
Windows+bluetooth=? (probably >0)

But why believe this?

That seems to oversimplify the matter. There are at least two things you could mean by dom0 being compromised:

1. An attacker has control of dom0.
2. The security model is no longer being obeyed, because stuff is being done in dom0 that wasn’t intended.

Merely enabling bluetooth doesn’t imply (1). (In theory, you could do that completely offline in a Faraday cage in the middle of the desert or something to ensure it doesn’t.) It does imply (2), but (2) doesn’t imply that the security of Qubes+bluetooth is less than Arch+bluetooth, let alone less than Windows+bluetooth. You’d need additional premises to support that conclusion.

This. The information that Bluetooth is insecure on Qubes is outdated. You can use it securely if you set up sys-audio.

Ah, yes, the “definitely make heavy use of it” window. I wouldn’t trust myself to offer much of any review of any OS or even basic application or bit of hardware after a week (I don’t, I tend to do “I’ve been using it for months” reviews of stuff).

Well, there’s your problem. If you need GPU acceleration, Qubes isn’t for you. Either use something crappier that supports GPU drivers, or rework your life such that you can deal without lots of video work. Or dual boot (if you’re editing videos with GPU accelerated features), or have another computer without anything security sensitive on it to watch your CrackTube Autoplay videos. A Pi or something should work fine for that, video playback isn’t hard if you’ve got the GPU available.

A good set of bookshelf speakers is better than Bluetooth. If you must suffer through other people nearby, though, and must mangle your audio with the Bluetooth audio codecs, you might try a USB Bluetooth dongle passed through to an audio VM. I just can’t stand how Bluetooth sounds and I’m not motivated by wireless enough to ensure everything is using AAC or AptX or such. Headphones, currently plugged in, just as they’ve been most of my life, and it doesn’t bother me in the slightest.

If you’re willing to work within that which Qubes is and that which Qubes supports, that’s life. It’s boring. There are things it doesn’t do well. Either find other ways to do those things, or don’t do those things.

There’s no way I’m aware of to have “all the modern OS things, But Secure™!” - if you know of one, please share. So I make tradeoffs.

Oh god, don’t put bluetooth in dom0…Put it in sys-usb or sys-audio.

But bluetooth requires dom0 as per this article!

If there’s a way to do it without giving bluetooth access to dom0 then I may rethink using Qubes.

@thewanderer 1080p videos are fine. 4k videos are not. 1440p videos struggle (my current monitor resolution). The ability to play a 4k video smoothly at 30+ frames per second is pretty essential for me, especially considering that I’ll be upgrading to a 4k monitor soon. And come on, it’s 2022, 1080p has been the standard for more than a decade, while CPUs have gotten exponentially better at almost everything. Also, RAM capacity above a certain point has no bearing on how smoothly a video plays. 64GB is no better than 32GB at that. My RAM is 32GB and runs at 3200MHz, the fastest my NUC supports.

In my experience, 1080p isn’t usually a problem. Playing 4k media locally (with MPV or VLC, for example) sort of manages and stutters occasionally, but FreeTube, YouTube and Odysee videos at 4k? FORGET IT…

@alzer89 I want to play youtube videos at 1440p 60fps at least. 4k 60 fps would be nice. But I’m using a pretty fast system (relatively speaking), it should have no trouble running 4k videos. I have tested the NUC on windows 10. I can play at least four 4k 60 fps local videos simultaneously. I also ran a local 4k 60 fps video at 31.25x speed (fastest VLC supports) and it was able to play a second 4k 60 fps video smoothly (videos at 31.25x speed can’t play smoothly for obvious reasons). QubesOS can’t even run one. This is what I mean when I say QubesOS is a black hole for resources, it cripples your resources down so much, a high end system becomes a low end system…5 years ago.

That’s not a solid workaround. I could, and do, play music on my phone. But I use my main OS for many other audio things unrelated to music.

Is this article outdated?: HowTo/BlueTooth - Qubes Rocks! Community wiki