From 2d1bf16717954ca3485c909bd659baacc4201cab Mon Sep 17 00:00:00 2001 From: Lukas Date: Fri, 29 Nov 2019 19:32:57 -0600 Subject: [PATCH 1/3] Third update to intro.md I have created another pull request to revise the introduction page. It replaces : #871, which will eventually need to be dropped. This pull request is linked to issue [5357]( https://github.com/QubesOS/qubes-issues/issues/5357). Besides some formatting changes (one line per sentence ; ### Title ###), I have slightly modified the text in the "why" section. Thanks ! --- introduction/intro.md | 271 ++++++++++++++++++------------------------ 1 file changed, 115 insertions(+), 156 deletions(-) diff --git a/introduction/intro.md b/introduction/intro.md index 265fc22e..e7c01383 100644 --- a/introduction/intro.md +++ b/introduction/intro.md @@ -13,166 +13,124 @@ redirect_from: What is Qubes OS? ----------------- -Qubes OS is a security-oriented operating system (OS). The OS is the software -that runs all the other programs on a computer. Some examples of popular -OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and -open-source software (FOSS). This means that everyone is free to use, copy, -and change the software in any way. It also means that the source code is -openly available so others can contribute to and audit it. +
+
+

Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.

+

Qubes OS leverages xen-based virtualization to allow for the creation and management of isolated virtual machines called qubes. + Qubes, which are also referred to as domains or compartments, have specific :

+
    +
  • Purposes : with a predefined set of one or many isolated applications, for personal or professional projects, to manage the network stack, the firewall, or to fulfill other user-defined purposes.
    • +
  • Natures : full-fledged or stripped-down virtual machines which are based on popular operating systems such as Fedora, Debian or Windows.
    • +
  • Levels of trust : from complete to non-existent. All windows are displayed in a unified desktop environment with unforgeable colored window borders so different security levels are easily identifiable.
    • +
+
+
+

Qubes OS Overview Example

+ +
+
-Why is OS security important? ------------------------------ - -Most people use an operating system like Windows or OS X on their desktop -and laptop computers. These OSes are popular because they tend to be easy -to use and usually come pre-installed on the computers people buy. However, -they present problems when it comes to security. For example, you might -open an innocent-looking email attachment or website, not realizing that -you're actually allowing malware (malicious software) to run on your -computer. Depending on what kind of malware it is, it might do anything -from showing you unwanted advertisements to logging your keystrokes to -taking over your entire computer. This could jeopardize all the information -stored on or accessed by this computer, such as health records, confidential -communications, or thoughts written in a private journal. Malware can also -interfere with the activities you perform with your computer. For example, -if you use your computer to conduct financial transactions, the malware -might allow its creator to make fraudulent transactions in your name. - -Aren't antivirus programs and firewalls enough? ------------------------------------------------ - -Unfortunately, conventional security approaches like antivirus programs -and (software and/or hardware) firewalls are no longer enough to keep out -sophisticated attackers. For example, nowadays it's common for malware -creators to check to see if their malware is recognized by any signature-based -antivirus programs. If it's recognized, they scramble their code until it's -no longer recognizable by the antivirus programs, then send it out. The -best of these programs will subsequently get updated once the antivirus -programmers discover the new threat, but this usually occurs at least a -few days after the new attacks start to appear in the wild. By then, it's -too late for those who have already been compromised. More advanced antivirus -software may perform better in this regard, but it's still limited to a -detection-based approach. New zero-day vulnerabilities are constantly being -discovered in the common software we all use, such as our web browsers, and no -antivirus program or firewall can prevent all of these vulnerabilities from -being exploited. - - -How does Qubes OS provide security? ------------------------------------ - -Qubes takes an approach called **security by compartmentalization**, which -allows you to compartmentalize the various parts of your digital life into -securely isolated compartments called *qubes*. - -This approach allows you to keep the different things you do on your computer -securely separated from each other in isolated qubes so that one qube getting -compromised won't affect the others. For example, you might have one qube for -visiting untrusted websites and a different qube for doing online banking. This -way, if your untrusted browsing qube gets compromised by a malware-laden -website, your online banking activities won't be at risk. Similarly, if -you're concerned about malicious email attachments, Qubes can make it so -that every attachment gets opened in its own single-use [disposable -qube]. In this way, Qubes allows you to do everything on the same physical -computer without having to worry about a single successful cyberattack taking -down your entire digital life in one fell swoop. - -Moreover, all of these isolated qubes are integrated into a single, usable -system. Programs are isolated in their own separate qubes, but all windows are -displayed in a single, unified desktop environment with [unforgeable colored -window borders][getting started] so that you can easily identify windows from -different security levels. Common attack vectors like network cards and USB -controllers are isolated in their own hardware qubes while their functionality -is preserved through secure [networking], [firewalls], and [USB device -management][USB]. Integrated [file] and [clipboard] copy and paste operations -make it easy to work across various qubes without compromising security. The -innovative [Template] system separates software installation from software use, -allowing qubes to share a root filesystem without sacrificing security (and -saving disk space, to boot). Qubes even allows you to sanitize PDFs and images -in a few clicks. Users concerned about privacy will appreciate the -[integration][Qubes-Whonix] of [Whonix] with Qubes, which makes it easy to use -[Tor] securely, while those concerned about physical hardware attacks will -benefit from [Anti Evil Maid]. - - -How does Qubes OS compare to using a "live CD" OS? --------------------------------------------------- - -Booting your computer from a live CD (or DVD) when you need to perform -sensitive activities can certainly be more secure than simply using your main -OS, but this method still preserves many of the risks of conventional OSes. For -example, popular live OSes (such as [Tails] and other Linux distributions) -are still **monolithic** in the sense that all software is still running in -the same OS. This means, once again, that if your session is compromised, -then all the data and activities performed within that same session are also -potentially compromised. - - -How does Qubes OS compare to running VMs in a conventional OS? --------------------------------------------------------------- - -Not all virtual machine software is equal when it comes to security. You may -have used or heard of VMs in relation to software like VirtualBox or VMware -Workstation. These are known as "Type 2" or "hosted" hypervisors. (The -**hypervisor** is the software, firmware, or hardware that creates and -runs virtual machines.) These programs are popular because they're designed -primarily to be easy to use and run under popular OSes like Windows (which -is called the **host** OS, since it "hosts" the VMs). However, the fact -that Type 2 hypervisors run under the host OS means that they're really -only as secure as the host OS itself. If the host OS is ever compromised, -then any VMs it hosts are also effectively compromised. - -By contrast, Qubes uses a "Type 1" or "bare metal" hypervisor called -[Xen]. Instead of running inside an OS, Type 1 hypervisors run directly on the -"bare metal" of the hardware. This means that an attacker must be capable of -subverting the hypervisor itself in order to compromise the entire system, -which is vastly more difficult. - -Qubes makes it so that multiple VMs running under a Type 1 hypervisor can be -securely used as an integrated OS. For example, it puts all of your application -windows on the same desktop with special colored borders indicating the -trust levels of their respective VMs. It also allows for things like secure -copy/paste operations between VMs, securely copying and transferring files -between VMs, and secure networking between VMs and the Internet. - - -How does Qubes OS compare to using a separate physical machine? ---------------------------------------------------------------- - -Using a separate physical computer for sensitive activities can certainly be -more secure than using one computer with a conventional OS for everything, -but there are still risks to consider. Briefly, here are some of the main -pros and cons of this approach relative to Qubes: - -
- Pros + - * Physical separation doesn't rely on a hypervisor. (It's very unlikely - that an attacker will break out of Qubes' hypervisor, but if one were to - manage to do so, one could potentially gain control over the entire system.) - * Physical separation can be a natural complement to physical security. (For - example, you might find it natural to lock your secure laptop in a safe - when you take your unsecure laptop out with you.) +

Features

-
- Cons +
+
+

Strong isolation

+

Isolate software as if they were installed on separate physical machines using PV or HVM virtualization techniques

+
+
+

Templating system

+

Allow qubes called AppVMs to share a root file system without sacrificing security using the innovative Template system

+
+
+

Multiple operating systems

+

Use multiple operating systems at the same time, including Fedora, Debian, or Windows

+
+
+ +
+
+
+

Disposable VMs

+

Create disposable VMs which are spawned quickly and destroyed when closed

+
+
+

Whonix integration

+

Run Tor securely system-wide using Whonix with Qubes

+
+
+

Controller isolation

+

Secure device handling through isolation of network cards and USB controllers

+
+
+ +
+
+
+

Split GPG

+

Utilise Split GPG to store private GPG keys in an AppVM

+
+
+

U2F proxy

+

Operate Qubes U2F proxy to use two-factor authentication

+
+
+

Open-source

+

Users are free to use, copy and modify Qubes OS and are encouraged to do so!

+
+
+ + - * Physical separation can be cumbersome and expensive, since we may have to - obtain and set up a separate physical machine for each security level we - need. - * There's generally no secure way to transfer data between physically - separate computers running conventional OSes. (Qubes has a secure inter-VM - file transfer system to handle this.) - * Physically separate computers running conventional OSes are still - independently vulnerable to most conventional attacks due to their monolithic - nature. - * Malware which can bridge air gaps has existed for several years now and - is becoming increasingly common. -(For more on this topic, please see the paper -[Software compartmentalization vs. physical separation][paper-compart].) +Why Qubes OS ? +-------------- + +

Physical isolation is a given safeguard that the digital world lacks

+ +
+
+

Throughout their lives, individuals engage in various activites such as going to school, working, voting, taking care of their families or visiting with friends.

+

These activites are spatially and temporally bound : they happen in isolation of one another, in their own compartments, which often represent an essential safeguard, such as in the case of voting.

+

In one's digital life, the situation is quite different : each activity, often intertwinded with its real-life counterpart, tends to happen on a single computing device.

+
+
+ +
+
+ +

Qubes OS compartmentalizes one's digital life

+ +
+
+ +
+
+

Suprinsingly, personal computing devices aren't designed to offer means to enforce the same kind of isolation that people enjoy in the physical world.

+

What if there were an operating system that provided a kind of digital compartmentalization almost as strong as physical isolation?

+

Qubes OS allows users to compartmentalize various parts of their digital lives into well-isolated compartments.

+
+
+ +

Made to support vulnerable users

+ +
+
+

Thanks to Qubes OS, vulnerable or actively targeted individuals such as journalists, political activists, whistleblowers or researchers can enjoy the same benefit of using multiple computing devices at a fraction of the cost and without the associated loss of usability.

+

It allows users to do everything on the same physical computer without having to worry about a single successful cyberattack taking down their entire digital life in one fell swoop.

+

Computing should remain a activity where mistakes can be made and where users can explore the web freely, downloading attachements and clicking on links without having to constantly evaluate a miriad of risk factors.

+

Qubes OS strives to bring back this experience. It creates a place where users can feel safe.

+
+
+ +

snapshot12.png

@@ -199,17 +157,18 @@ pros and cons of this approach relative to Qubes:
+ More information ---------------- -This page is just a brief sketch of what Qubes is all about, and many +This page is just a brief introduction to what Qubes is all about, and many technical details have been omitted here for the sake of presentation. * If you're a current or potential Qubes user, you may want to check out the [documentation][doc] and the [FAQ][user-faq]. * If you're a developer, there's dedicated [documentation][system-doc] and an [FAQ][devel-faq] just for you. - * Ready to give Qubes a try? Head on over to the [downloads] page. + * Ready to give Qubes a try? Head on over to the [downloads] page or the [installation guide]. [disposable qube]: /doc/disposablevm/ @@ -232,4 +191,4 @@ technical details have been omitted here for the sake of presentation. [devel-faq]: /faq/#developers [downloads]: /downloads/ [getting started]: /getting-started/ - +[installation guide]: /doc/installation-guide/ From 0033220ac10e7308ca72c61f1b79f25bf5304a29 Mon Sep 17 00:00:00 2001 From: Lukas Date: Sat, 14 Dec 2019 13:16:48 +0100 Subject: [PATCH 2/3] Fix reported spelling errors on intro.md There were a few typos. I corrected them. Hopefully, none remain. --- introduction/intro.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/introduction/intro.md b/introduction/intro.md index e7c01383..df78075e 100644 --- a/introduction/intro.md +++ b/introduction/intro.md @@ -43,7 +43,7 @@ What is Qubes OS?

Isolate software as if they were installed on separate physical machines using PV or HVM virtualization techniques

-

Templating system

+

Template system

Allow qubes called AppVMs to share a root file system without sacrificing security using the innovative Template system

@@ -72,7 +72,7 @@ What is Qubes OS?

Split GPG

-

Utilise Split GPG to store private GPG keys in an AppVM

+

Utilize Split GPG to store private GPG keys in an AppVM

U2F proxy

@@ -80,7 +80,7 @@ What is Qubes OS?

Open-source

-

Users are free to use, copy and modify Qubes OS and are encouraged to do so!

+

Users are free to use, copy and modify Qubes OS and are encouraged to do so!

@@ -97,9 +97,9 @@ Why Qubes OS ?
-

Throughout their lives, individuals engage in various activites such as going to school, working, voting, taking care of their families or visiting with friends.

-

These activites are spatially and temporally bound : they happen in isolation of one another, in their own compartments, which often represent an essential safeguard, such as in the case of voting.

-

In one's digital life, the situation is quite different : each activity, often intertwinded with its real-life counterpart, tends to happen on a single computing device.

+

Throughout their lives, individuals engage in various activities such as going to school, working, voting, taking care of their families or visiting with friends.

+

These activities are spatially and temporally bound : they happen in isolation of one another, in their own compartments, which often represent an essential safeguard, such as in the case of voting.

+

In one's digital life, the situation is quite different : each activity, often intertwined with its real-life counterpart, tends to happen on a single computing device.

@@ -113,7 +113,7 @@ Why Qubes OS ?
-

Suprinsingly, personal computing devices aren't designed to offer means to enforce the same kind of isolation that people enjoy in the physical world.

+

Surprisingly, personal computing devices are not designed to offer means to enforce the same kind of isolation that people enjoy in the physical world.

What if there were an operating system that provided a kind of digital compartmentalization almost as strong as physical isolation?

Qubes OS allows users to compartmentalize various parts of their digital lives into well-isolated compartments.

@@ -123,9 +123,9 @@ Why Qubes OS ?
-

Thanks to Qubes OS, vulnerable or actively targeted individuals such as journalists, political activists, whistleblowers or researchers can enjoy the same benefit of using multiple computing devices at a fraction of the cost and without the associated loss of usability.

+

Thanks to Qubes OS, vulnerable or actively targeted individuals such as journalists, political activists, whistleblowers or researchers can enjoy the same benefits of using multiple computing devices at a fraction of the cost and without the associated loss of usability.

It allows users to do everything on the same physical computer without having to worry about a single successful cyberattack taking down their entire digital life in one fell swoop.

-

Computing should remain a activity where mistakes can be made and where users can explore the web freely, downloading attachements and clicking on links without having to constantly evaluate a miriad of risk factors.

+

Computing should remain an activity where mistakes can be made and where users can explore the web freely, downloading attachments and clicking on links without having to constantly evaluate a myriad of risk factors.

Qubes OS strives to bring back this experience. It creates a place where users can feel safe.

From 0496cc0a6ebf325e9c462c7445887b41d446bd1e Mon Sep 17 00:00:00 2001 From: Lukas Date: Sat, 14 Dec 2019 17:16:30 +0100 Subject: [PATCH 3/3] Update links in intro.md I have corrected broken links, including the first to the Xen project wiki and the one mentioned by Marek. I reviewed other links as well to be sure they are working --- introduction/intro.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/introduction/intro.md b/introduction/intro.md index df78075e..b4f750f4 100644 --- a/introduction/intro.md +++ b/introduction/intro.md @@ -16,8 +16,8 @@ What is Qubes OS?

Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.

-

Qubes OS leverages xen-based virtualization to allow for the creation and management of isolated virtual machines called qubes. - Qubes, which are also referred to as domains or compartments, have specific :

+

Qubes OS leverages xen-based virtualization to allow for the creation and management of isolated virtual machines called qubes. + Qubes, which are also referred to as domains or compartments, have specific :