Qubes is a highly secured Open Source operating system, which allows in creating multiple instances inside the desktop computing environment and helps in browsing trusted and untrusted sites using different virtual machines. Qubes 1 was introduced in September 2012 and later in September 2014, the Qubes team had released the second version, which was equipped to support Windows based applications as well.
The second version was mainly designed to provide strong security to the desktop operations. Functionality of Qubes operating system originates from the Xen technology, so it can run most of the Windows and Linux based applications and utilize most of the Linux drivers. For better hardware compatibility and easy swapping of virtual machines KVM based variant of Qubes Operating System will be released soon.
In Qubes, security is implemented using isolation approach. Virtualization technology is used for the same, which will isolate software programs being run in each virtual machine. Here, the users can host the software / applications in separate but secured and isolated virtual machines. As a result, if one machine gets affected by intruders, the security of other machines will not be under threat.
This approach allows in keeping the data in the computer separate from each other. Two different Qube Operating Systems can be used at the same time for trusted sites like banking and untrusted sites, without compromising on your personal purpose. By default, the operating systems are independent to each other and do not communicate with each other. All isolated Qubes are integrated into a single system and all software programs are isolated in their own separate Qubes. The common attackers like network cards and USB controllers are isolated in their own hardware Qubes, while their functionality is protected through firewalls and USB device management. Also in Qubes, the user assigns each guest the OS with a name and a different border colour.
Qubes operating system has the following features for virtual domain users
Dom0 plays a major role in privileged domains when compared to other domains. It gives direct access to the hardware node over the graphical interfaces such as graphic devices and input devices, so it can control other domains in a particular NetworkVM. It displays the content as from the user desktop and the window-manager allows the user to start and stop applications and manipulate the windows.
AppVMs are the virtual machines used for hosting user applications such as browsers, email client, text editors etc. Each application is assigned with different domain names. Each AppVM has its own custom X server and by default it has 400 MB of RAM.
For installing the OS in your system, it should fulfil the requirements such as system supported hardware virtualization technologies.
Creating loop holes in networking mechanism is the initial step in security attacks. As a result, the network can be isolated in a separated unprivileged virtual machine called Network domain. To enhance the security, an additional Proxy VM can be used for advanced networking configuration.
As per the VM settings, allocation separates disk space for the users in home directory. It allows the software installation and updates to be centralized. Perhaps, encryption can be used to protect the file system so that the storage domain cannot read confidential data owned by other domains.