Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-13 08:19:43 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve intro

Browse Source 
- Add content
 - Fix grammar and orthography
 - Improve formatting
 - Improve writing
 - Add and update links
This commit is contained in:
Andrew David Wong 2020-08-23 05:57:37 -05:00
parent fe63cd7ce7
commit c542d52b10
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 48 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
introduction/intro.md
View File

@ -1,6 +1,6 @@
---
layout: intro
title: An Introduction to Qubes OS
title: Introduction
permalink: /intro/
redirect_from:
- /tour/
@ -13,58 +13,60 @@ redirect_from:
What is Qubes OS?
-----------------
<div class="row">
<div class="col-lg-12 col-md-12">
<p>Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing. Qubes OS leverages <a href="https://wiki.xen.org/wiki/Xen_Project_Software_Overview">Xen-based virtualization</a> to allow for the creation and management of isolated compartments called <a href="/doc/glossary#qube">qubes</a>.</p>
</div>
</div>
<div class="row">
<div class="col-lg-3 col-md-3 text-left">
<p>Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.</p>
<p>Qubes OS leverages <a href="https://wiki.xen.org/wiki/Xen_Project_Software_Overview">xen-based virtualization</a> to allow for the creation and management of isolated virtual machines called <a href="/doc/glossary#qube">qubes</a>.
Qubes, which are implemented as <a href="/doc/glossary#vm">virtual machines (VMs)</a>, have specific :</p>
<p>These qubes, which are implemented as <a href="/doc/glossary#vm">virtual machines (VMs)</a>, have specific:</p>
<ul>
<li><b>Purposes</b> : with a predefined set of one or many isolated applications, for personal or professional projects, to manage the <a href="/doc/networking/">network stack</a>, <a href="/doc/firewall/">the firewall</a>, or to fulfill other user-defined purposes.</li>
<li><b>Natures</b> : <a href="/doc/standalone-and-hvm/">full-fledged</a> or <a href="/getting-started/#appvms-qubes-and-templatevms">stripped-down</a> virtual machines which are based on popular operating systems such as <a href="/doc/templates/fedora">Fedora</a>, <a href="/doc/templates/debian">Debian</a> or <a href="/doc/windows/">Windows</a>.</li>
<li><b>Levels of trust</b> : from complete to non-existent. All windows are displayed in a unified desktop environment with <a href="https://www.qubes-os.org/getting-started/">unforgeable colored window borders</a> so different security levels are easily identifiable.</li>
<li class="more-bottom"><b>Purposes:</b> with a predefined set of one or many isolated applications, for personal or professional projects, to manage the <a href="/doc/networking/">network stack</a>, <a href="/doc/firewall/">the firewall</a>, or to fulfill other user-defined purposes.</li>
<li class="more-bottom"><b>Natures:</b> <a href="/doc/standalone-and-hvm/">full-fledged</a> or <a href="/getting-started/#appvms-qubes-and-templatevms">stripped-down</a> virtual machines which are based on popular operating systems such as <a href="/doc/templates/fedora">Fedora</a>, <a href="/doc/templates/debian">Debian</a> or <a href="/doc/windows/">Windows</a>.</li>
<li class="more-bottom"><b>Levels of trust:</b> from complete to non-existent. All windows are displayed in a unified desktop environment with <a href="https://www.qubes-os.org/getting-started/">unforgeable colored window borders</a> so different security levels are easily identifiable.</li>
</ul>
</div>
<div class="col-lg-9 col-md-9">
<h3 class="text-center add-bottom">Qubes OS Overview Example</h3>
<img src="/attachment/site/qubesosdiagram.png" class="center-block">
<a href="/attachment/site/qubesosdiagram.png"><img src="/attachment/site/qubesosdiagram.png" class="center-block more-bottom"></a>
</div>
</div>
<div class="alert alert-info" role="alert">
<div class="alert alert-info more-bottom" role="alert">
<i class="fa fa-question-circle"></i>
<b>Note : </b> Head over to the <a href="/doc/glossary/">glossary</a> or the <a href="/faq">FAQ</a> for more information.
<b>Note:</b> See our <a href="/doc/glossary/">glossary</a> and <a href="/faq">FAQ</a> for more information.
</div>
<h2>Features</h2>
<h2 class="more-bottom">Features</h2>
<div class="row more-bottom">
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Strong isolation</h3>
<p>Isolate software as if they were installed on separate physical machines using <a href="/doc/glossary/#pv">PV</a> or <a href="/doc/glossary/#hvm">HVM</a> virtualization techniques</p>
<p>Isolate different pieces of software as if they were installed on separate physical machines using <a href="/doc/glossary/#pv">PV</a> or <a href="/doc/glossary/#hvm">HVM</a> virtualization techniques.</p>
</div>
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Template system</h3>
<p> Allow qubes called <a href="/getting-started/#appvms-qubes-and-templatevms">AppVMs</a> to share a root file system without sacrificing security using the innovative <a href="/doc/templates/">Template system</a></p>
<p>Use <a href="/getting-started/#appvms-qubes-and-templatevms">AppVMs</a> to share a root file system without sacrificing security using the innovative <a href="/doc/templates/">Template system</a>.</p>
</div>
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Multiple operating systems</h3>
<p> Use multiple operating systems at the same time, including <a href="/doc/templates/fedora">Fedora</a>, <a href="/doc/templates/debian">Debian</a>, or <a href="/doc/windows/">Windows</a></p>
<p>Use multiple operating systems at the same time, including <a href="/doc/templates/fedora">Fedora</a>, <a href="/doc/templates/debian">Debian</a>, and <a href="/doc/windows/">Windows.</a></p>
</div>
</div>
<hr class="add-top more-bottom">
<div class="row more-bottom">
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Disposable VMs</h3>
<p>Create <a href="/doc/disposablevm/">disposable VMs</a> which are spawned quickly and destroyed when closed</p>
<h3>DisposableVMs</h3>
<p>Create <a href="/doc/disposablevm/">DisposableVMs</a> on the fly that self-destruct when shut down.</p>
</div>
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Whonix integration</h3>
<p> Run <a href="https://www.torproject.org/">Tor</a> securely system-wide using <a href="/doc/whonix/">Whonix with Qubes</a></p>
<p>Run <a href="https://www.torproject.org/">Tor</a> securely system-wide using <a href="/doc/whonix/">Whonix with Qubes</a>.</p>
</div>
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Controller isolation</h3>
<p>Secure <a href="/doc/device-handling/">device handling</a> through isolation of network cards and USB controllers</p>
<h3>Device isolation</h3>
<p>Secure <a href="/doc/device-handling/">device handling</a> through isolation of network cards and USB controllers.</p>
</div>
</div>
@ -72,50 +74,49 @@ What is Qubes OS?
<div class="row more-bottom">
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Split GPG</h3>
<p>Utilize <a href="/doc/split-gpg/">Split GPG</a> to store private GPG keys in an AppVM</p>
<p>Utilize <a href="/doc/split-gpg/">Split GPG</a> to keep your private keys safe.</p>
</div>
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>U2F proxy</h3>
<p>Operate <a href="/doc/u2f-proxy/">Qubes U2F proxy</a> to use two-factor authentication</p>
<p>Operate <a href="/doc/u2f-proxy/">Qubes U2F proxy</a> to use your two-factor authentication devices without exposing your web browser to the full USB stack.</p>
</div>
<div class="col-lg-4 col-md-4 col-xs-12">
<h3>Open-source</h3>
<p>Users are free to use, copy and modify Qubes OS and <a href="/doc/contributing/">are encouraged to do so!</a></p>
<p>Users are free to use, copy, and modify Qubes OS and <a href="/doc/contributing/">are encouraged to do so!</a></p>
</div>
</div>
<div class="alert alert-info" role="alert">
<div class="alert alert-info more-bottom" role="alert">
<i class="fa fa-question-circle"></i>
<b>Note : </b> Given the technical nature of Qubes OS, prior experience with a Linux distribution such as Ubuntu, Debian or Fedora is advisable.
<b>Note:</b> Given the technical nature of Qubes OS, prior experience with a Linux distribution such as Ubuntu, Debian, or Fedora can be helpful.
</div>
Why Qubes OS ?
--------------
<h2 class="more-bottom">Why Qubes OS?</h2>
<h3>Physical isolation is a given safeguard that the digital world lacks</h3>
<div class="row">
<div class="col-lg-6 col-md-6 text-left">
<p>Throughout their lives, individuals engage in various activities such as going to school, working, voting, taking care of their families or visiting with friends. </p>
<p>These activities are spatially and temporally bound : they happen in isolation of one another, in their own compartments, which often represent an essential safeguard, such as in the case of voting.</p>
<p>In one's digital life, the situation is quite different : each activity, often intertwined with its real-life counterpart, tends to happen on a single computing device.</p>
<p>Throughout our lives, we engage in various activities, such as going to school, working, voting, taking care of our families, and visiting with friends. These activities are spatially and temporally bound: They happen in isolation from one another, in their own compartments, which often represent an essential safeguard, such as in the case of voting.</p>
<p>In our digital lives, the situation is quite different: All of our activities typically happen on a single device. This causes us to worry about whether it's safe to click on a link or install an app.</p>
<p>Qubes removes this worry by allowing us to divide a device into many compartments, much like we divide a physical building into many rooms. Better yet, it allows us to create new compartments whenever we need them and gives us sophisticated tools for using them for different activites and in concert with one another.</p>
</div>
<div class="col-lg-6 col-md-6">
<img src="/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png" height="300" class="center-block">
<a href="/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png"><img src="/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png" height="330" class="center-block more-bottom"></a>
</div>
</div>
<h3>Qubes OS compartmentalizes one's digital life</h3>
<h3>Qubes allows you to compartmentalize your digital life</h3>
<div class="row">
<div class="col-lg-3 col-md-3">
<img src="/attachment/icons/128x128/apps/qubes-logo-icon.png" height="128" class="center-block">
<div class="col-lg-6 col-md-6">
<a href="/attachment/site/qubes-partition-data-flows.jpg"><img src="/attachment/site/qubes-partition-data-flows.jpg" height="450" class="center-block more-bottom"></a>
</div>
<div class="col-lg-9 col-md-9 text-left">
<p> Surprisingly, personal computing devices are not designed to offer means to enforce the same kind of isolation that people enjoy in the physical world.</p>
<p>What if there were an operating system that provided a kind of digital compartmentalization almost as strong as physical isolation?</p>
<p>Qubes OS allows users to compartmentalize various parts of their digital lives into well-isolated compartments.</p>
<div class="col-lg-6 col-md-6 text-left center-block">
<p>Many of us are initially surprised to learn that our devices do not support the kind of secure compartmentalization that our lives demand, and we're disappointed that software vendors rely on generic defenses that repeatedly succumb to new attacks.</p>
<p>In building Qubes, our working assumption is that all software contains bugs. Not only that, but in their stampeding rush to meet deadlines, the world's stressed-out software developers are pumping out new code at a staggering rate &mdash; far faster than the comparatively smaller population of security experts could ever hope to analyse it for vulnerabilities, much less fix everything. Rather than pretend that we can prevent these inevitable vulnerabilities from being exploited, we've designed Qubes under the assumption that they <em>will</em> be exploited. It's only a matter of time until the next zero-day attack.</p>
<p>In light of this sobering reality, Qubes takes an eminently practical approach: confine, control, and contain the damage. It allows you to keep valuable data separate from risky activities, preventing cross-contamination. This means you you can do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop. In fact, Qubes has <a href="https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf">distinct advantages over physical air gaps</a>.</p>
</div>
</div>
@ -123,14 +124,11 @@ Why Qubes OS ?
<div class="row">
<div class="col-lg-12 col-md-12 text-left">
<p>Thanks to Qubes OS, vulnerable or actively targeted individuals such as journalists, political activists, whistleblowers or researchers can enjoy the same benefits of using multiple computing devices at a fraction of the cost and without the associated loss of usability.</p>
<p> It allows users to do everything on the same physical computer without having to worry about a single successful cyberattack taking down their entire digital life in one fell swoop.</p>
<p>Computing should remain an activity where mistakes can be made and where users can explore the web freely, downloading attachments and clicking on links without having to constantly evaluate a myriad of risk factors.</p>
<p>Qubes OS strives to bring back this experience. It creates a place where users can feel safe.</p>
<p>Qubes provides practical, usable security to vulnerable and actively-targeted individuals, such as journalists, activists, whistleblowers, and researchers. Qubes is designed with the understanding that people make mistakes, and it allows you to protect yourself from your own mistakes. It's a place where you can click on links, open attachments, plug in devices, and install software free from worry. It's a place where <em>you</em> have control over your software, not the other way around.</p>
</div>
</div>
<p><img src="/attachment/wiki/GettingStarted/snapshot12.png" alt="snapshot12.png"/></p>
<p><a href="/attachment/wiki/GettingStarted/snapshot12.png"><img src="/attachment/wiki/GettingStarted/snapshot12.png" alt="snapshot12.png"/></a></p>
<hr class="add-top more-bottom">
<div class="row more-bottom">
@ -161,14 +159,12 @@ Why Qubes OS ?
More information
----------------
This page is just a brief introduction to what Qubes is all about, and many
technical details have been omitted here for the sake of presentation.
This page is just a brief introduction to what Qubes is all about, and many technical details have been omitted here for the sake of presentation.
* If you're a current or potential Qubes user, you may want to check out the
[documentation][doc] and the [FAQ][user-faq].
* If you're a developer, there's dedicated [documentation][system-doc]
and an [FAQ][devel-faq] just for you.
* If you're a current or potential Qubes user, you may want to check out the [documentation][doc] and the [user FAQ][user-faq].
* If you're a developer, there's dedicated [developer documentation] and an [developer FAQ][devel-faq] just for you.
* Ready to give Qubes a try? Head on over to the [downloads] page or the [installation guide].
* Need help? Learn more about getting [help and support on our mailing lists and forum][support].
[disposable qube]: /doc/disposablevm/
@ -184,11 +180,12 @@ technical details have been omitted here for the sake of presentation.
[Anti Evil Maid]: /doc/anti-evil-maid/
[Tails]: https://tails.boum.org/
[Xen]: https://www.xenproject.org
[paper-compart]: https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
[doc]: /doc/
[user-faq]: /faq/#users
[system-doc]: /doc/system-doc/
[developer documentation]: /doc/#developer-documentation
[devel-faq]: /faq/#developers
[downloads]: /downloads/
[getting started]: /getting-started/
[installation guide]: /doc/installation-guide/
[support]: /support/