USB stacks and drivers sand-boxed in an unprivileged VM (experimental at the time of writing).Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d).Based on a secure bare-metal hypervisor (Xen).In release 2, Qubes users can use Windows based AppVMs, which is a beta feature.Ī quick peek into the key architectural features in Qubes OS: The same applicaiton can run simultaneously under different AppVMs as well. The applications in the AppVMs run isolated and copy-pasting is supported between AppVMs. These are very lightweight compartments and can be based on use cases like APPVMs for personal stuff, work, banking shopping etc. Qubes users can define security domains, which in Qubes terminology are called AppVMs. It can also sandbox many system level components like the storage and networking subsystems. The upcoming release 3 will introduce Hypervisor Abstraction Layer (HAL), allowing easy porting to alternative virtualization systems.Īs you might have guessed from the mention of Xen, Qubes uses virtualization technology to separate applications running in the userspace from each other. The second release (in Sep 2014) of the distro surfaced 2 years after the first one. It can run many Linux applications as well as use Linux drivers. Qubes is based on Xen, the X Window System and Linux.
While most of the other distros concentrate on hardening the system, Qubes OS is designed to provide strong security using security by isolation approach. Qubes OS adds to the list of Linux based security oriented desktop computing distros like Whonix and Tails.