'Reasonably-Secure' Operating System: Qubes R3

Last week, the software project announced the official release of Qubes R3

Qubes is an open-source operating system designed to provide strong security for desktop computing usingSecurity by Compartmentalization approach.

Let me quickly recap the main "killer features" of Qubes OS 3.0 compared to the Release 2:

• Qubes is now based on what we call Hypervisor Abstraction Layer (HAL), which decouples Qubes logic from the underlying hypervisor. This will allow us to easily switch the underlying hypervisors in the near future, perhaps even during the installation time, depending on the user needs (think tradeoffs between hardware compatibility and performance vs. security properties desired, such as e.g. reduction of covert channels between VMs, which might be of importance to some users). More philosophically-wise, this is a nice manifestation of how Qubes OS is really "not yet another virtualization system", but rather: a user of a virtualization system (such as Xen).

• We upgraded from Xen 4.1 to Xen 4.4 (now that was really easy thanks to HAL), which allowed for: 1) better hardware compatibility (e.g. UEFI coming soon in 3.1), 2) better performance (e.g. via Xen's libvchan that replaced our vchan). Also, new Qubes qrexec framework that has optimized performance for inter-VM services.

• We introduced officially supported Debian templates.

• And finally: we integrated Whonix templates, which optimize Tor workflows for Qubes.

As explained in our Release Cycle Documentation (something we finally created and been polishing through this 3.0 branch development), there is almost no new features in 3.0 compared to 3.0-rc1, essentially only bugfixes, intermixed with a few minor improvements.

But, while the 3.0 branch was "maturing", and getting bugfixes merged, most of our work has been focused on the 3.1 branch, which is adding a bunch of exciting new features, as indicated on our high-level roadmap, specifically:

1. UEFI support (see this ticket for more info and test images).

2. Live USB edition (preview for which we already released earlier this summer, now it will get merged into the master branch for 3.1)

3. Management/pre-configuration stack: The Big Killer Feature of the upcoming 3.1 release, which will make it easy to provide out of the box configurations for things such as: out of the box Whonix/Tor, or Split GPG, or default USB sandboxing VM, which currently the user must do manually.

We're planning to release the first candidate for 3.1 as early as the end of October, actually.

But development of any serious project is not just adding new features, although that's admittedly the most exciting thing for any developer to do. In R3 we have finally started implementing this golden thought, and the first tangible outcome of this change of attitude is the automated testing framework which we have been using for all the releases in this 3.0 branch already. We hope this results in much more polished, stable code.

Other things we've started to be increasingly prioritizing recently, and only plan to intensify in the coming year are: 1) making Qubes more accessible to people (think easier to get hardware that can run Qubes OS), and 2) easier to use (better UX and UI). I think this is also pretty exciting, actually.

Qubes is a security-oriented operating system (OS). The OS is the software which runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.

Qubes OS 3.0 has been released! [announcement] [download]