Qubes OS: Security by Isolation: Financial/Work/Web/Network Stack/...

[smangular]

Qubes seams to be an impressive idea. It makes it easy to keep your Financial in one VM and separate from your other tasks like work, personal, ... It also places the networking stack in a separate unprivileged VM and lets you create disposable VMs. It runs on a Xen baremetal Hypervisor and has support for Windows AppVMs in seamless mode.

What do you think? If your using it now I'm curious about your setup and experiences. One option is to run it from a 32GB USB3 drive but I was also considering building a dedicated machine for it with VT-d VT-x.

Qubes OS
http://qubes-os.org/

In this example, the word processor runs in the “work” domain, which has been assigned the “green” label. It is fully isolated from other domains, such as the “untrusted” domain (assigned the “red” label -- “Watch out!”, “Danger!&#8221😉 used for random Web browsing, news reading, as well as from the "work-web" domain (assigned the "yellow" label), which is used for work-related Web browsing that is not security critical. Apps from different domains run in different AppVMs and have different X servers, filesystems, etc. Notice the different color frames (labels) and VM names in the titlebars. These are drawn by the trusted Window Manager running in Dom0, and apps running in domains cannot fake them:

 

[Chiefcrowe]

First I've heard of it but it sounds very good. Have you tested it out by going to malware sites in an untrusted domain?

have you been running it on a USB? If I had a spare machine, i'd definitely try running it on one of those...

 

[smangular]

It requires a 32GB Flash drive, I had trouble running it in Vmware Workstation so I'm trying the flash drive option now.