Tuesday, August 30, 2011

Interview about Qubes OS

Here is a recent interview with me for Tom's Hardware, where I talk about Qubes, why virtualization alone does not automatically bring much security, and why we need it for secure systems anyway, and all that kind of stuff. Nothing really new, but still might be of interest to some readers.

As for Qubes Beta 2 release -- it really is coming, but we've faced recently some very nasty, race-condition-related problems with new Xen (we bravely switched to Xen 4.1 in Beta 2) that seem to occur on machines with very fast SSDs and we're currently trying to see if we can solve them, or should we instead revert back to Xen 3.4 that we used previously in Beta 1. Except for that, Beta 2 is mostly ready, so we should be releasing it within coming weeks.

9 comments:

Anonymous said...

Where can i donate money to the project?

Anonymous said...

You talk about Remote Attestation in the interview. are you planning to enable Remote Attestation in Qubes in the future? OR is it already enabled and I didn't find it?

Joanna Rutkowska said...

@Anon #1: Thanks for the interest, but we currently do not accept money donation. Instead, however, we would love to accept code/patches contributions!

@Anon #2: No, currently there is no support for TPM in Qubes. To support it we would need to use either Trusted GRUB or tboot to implement some form of trusted boot (so, SRTM, or DRTM). This is planned for post-1.0 version.

Scott said...

1)How would Qubes fair in an LTSP environment. Could it be used as a thin client? Could it be used as the Host LTSP server? How would that effect each part?

2)Have you already gotten windows virtual machine support working? I know you said that would probably be part of your enterprise support. What are some of the hurdles you are faced with this?

Joanna Rutkowska said...

@Scott:

1) Qubes could be used as a thin client, but not as a server.

2) Windows support will be considered only after we release Qubes 1.0, so next year the latest.

Anonymous said...

Hello Joanna, I just finished reading your interview on THG.
It is inspiring. Your work is inspiring. Makes me wish I could do it too.
Best of luck to you, your team and Qubes OS.
Walter

J.C. Denton said...

Long time gone... and we at tron-delta are yet pretty excited to try out the final release (when it arives). Keep the good work going on, please! Personally I hope abstraction from the underlying OS (distribution) is still an aim to achieve. :-]

leoku said...

Great work, Joanna! I have read Qubes OS PDF and interview several times, and I like it very much.

I have been using Windows User Account Control for sometime, and I use Parental Controls (yeah, laugh please!) to help internet security using RunAs command. Though it works for me, it is in no way comparable with your solution. Parental Control has the activity report for me to review, which is good.

I only hope Microsoft, VMWare or Apple can hear you.

Anonymous said...

If I understand correctly, if one were to create an operating system kernel or hypervisor on x86, they would require STM support for SMM code to be safely contained. But isn't SMI handling code already confined to system firmware, ACPI, option ROMs? What if they were added to the [DS]RTM and somehow made immutable? Wouldn't this constitute a valid workaround?