Future Tools: Qubes OS
A reasonably secure operating system for our myriad of identities
We take for granted just how much of our relationship with computers is framed by technology that predates computing. Files, folders, trash bins, and desktops. We’ve used analogies from the physical world to help us comprehend and use the digital.
Yet what if some of these metaphors limit what we can and should do with our tools and technology? Marshall McLuhan argued that each new media uses older media as its content, which is why we still use such phrases, like calling the super computers in our pockets “phones”, as they help us transition into the world enabled by new media.
Maybe one of the benefits of the pandemic is that it provides an historical moment to recognize we’re in that new era. That we can discard some of our training wheels, and take a deeper drive into the world of digital.
In this issue of Future Tools, let’s explore the Qubes operating system, that while focusing on computer security, also illustrates an aspect of digital we tend to ignore or take for granted: that identity is fluid and flourishing.
One of the best arguments in favour of taking cyber security seriously is that it fosters a stronger literacy of computers and digital environments. Understanding how to better protect your systems yields a greater comprehension of what they’re capable of in general.
For example, rather than teach people coding or computer programming, it makes more sense to teach them cybersecurity, which will involve some coding, but will provide a holistic lens by which to see the full potential of the system.
An essential lesson embedded into Qubes OS is the value and potential of virtual machines (VM). Most people regard their computer as a single “machine” because to them that’s what it is. One computer equals one machine. However that is an arbitrary distinction in the digital world. A single computer can theoretically run an unlimited amount of machines, or at least as many machines as there is computational resources and capacity.
A virtual machine, or VM, is a digital machine that runs inside of the computer. In this context, think of it as a unique operating system. In Qubes, each Qube is a VM, or distinct operating system. This makes Qubes a meta operation system in that it is an operation system that runs many operating systems.
One of the benefits of being able to run as many different operating systems or qubes as desired on a single machine, is that it makes it possible to isolate and secure different areas of your life or computing. This is one of the reasons why Qubes OS is considered a secure operating system, and has earned it endorsements from some fairly serious and substantial cyber security experts.
Certainly the appeal of Qubes OS is to isolate your activity from each other so as to lessen any risk or exposure to hacks or spying.
Which brings us back to most people regarding their computer as a single machine. We increasingly live our lives via our computer. Banking, shopping, working, learning, playing, and almost every other kind of human activity. Generally these are all done in the same environment.
If playing a game or surfing the web results in our computer being compromised, all of our activity is then vulnerable. It’s a big reason why hacking is so pervasive and effective, there are a wide range of opportunities to fool people and gain access.
Yet what if you could have a different operating system, or virtual machine, to limit and contain each activity? A qube for your banking, a qube for your gaming, a qube for YouTube, a qube for school, etc. This is the benefit of a meta operation system like Qubes OS.
So Rutkowska flipped the game, this time in favor of the defenders. Four years ago her Warsaw-based firm, Invisible Things Lab, started developing its own operating system known as Qubes. The free open source OS lets users set up a collection of virtual machines on their PC, with a simple central interface to manage each quarantined system. Careful users can keep their personal online activities isolated in one virtual machine, for instance, while they do their work in another, and their banking in a third. (Rutkowska typically runs about 15.) Open a malicious email attachment or click on an infected website and the malware can't break out of that one contaminated container.
If it works as promised, even NSA-level exploits would be contained to a single compartment in Qubes’ architecture, one that could be evaporated and re-created at will. Recovering from even the nastiest hacker attack, in other words, could soon be as easy as waking from a bad dream.
Here’s an image from the Qubes OS site that helps illustrate the relationship between different VMs or operating systems within the Qubes meta OS:
And here’s a quote from their intro page:
Many of us are initially surprised to learn that our devices do not support the kind of secure compartmentalization that our lives demand, and we're disappointed that software vendors rely on generic defenses that repeatedly succumb to new attacks.
In building Qubes, our working assumption is that all software contains bugs. Not only that, but in their stampeding rush to meet deadlines, the world's stressed-out software developers are pumping out new code at a staggering rate — far faster than the comparatively smaller population of security experts could ever hope to analyze it for vulnerabilities, much less fix everything. Rather than pretend that we can prevent these inevitable vulnerabilities from being exploited, we've designed Qubes under the assumption that they will be exploited. It's only a matter of time until the next zero-day attack.
In light of this sobering reality, Qubes takes an eminently practical approach: confine, control, and contain the damage. It allows you to keep valuable data separate from risky activities, preventing cross-contamination. This means you you can do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop. In fact, Qubes has distinct advantages over physical air gaps.
And here’s a relevant argument from their FAQ describing why contemporary antivirus programs and firewalls are insufficient to defend systems from attacks:
Unfortunately, conventional security approaches like antivirus programs and (software and/or hardware) firewalls are no longer enough to keep out sophisticated attackers. For example, nowadays it’s common for malware creators to check to see if their malware is recognized by any signature-based antivirus programs. If it’s recognized, they scramble their code until it’s no longer recognizable by the antivirus programs, then send it out. The best of these programs will subsequently get updated once the antivirus programmers discover the new threat, but this usually occurs at least a few days after the new attacks start to appear in the wild. By then, it’s too late for those who have already been compromised. More advanced antivirus software may perform better in this regard, but it’s still limited to a detection-based approach. New zero-day vulnerabilities are constantly being discovered in the common software we all use, such as our web browsers, and no antivirus program or firewall can prevent all of these vulnerabilities from being exploited.
For many people their operating system is almost sacred. They never question it, rarely think of changing it, and certainly do not treat it as disposable. And yet perhaps they should?
The benefit of a meta operating system is that you can easily dispose, restart, refresh any of the VMs or Qubes that you’re using within it. If something happens to it, no problem, start again.
Elevating the computer user to a higher level of abstraction is incredibly empowering as they’re no longer limited to a single operating system but an effectively infinite supply. No need to tolerate an OS that isn’t working or may be compromised.
Security by isolation is an effective means of managing a world of near infinite threats and potential attacks while still being able to indulge and experience everything the Internet has to offer.
For the average user Qubes OS offers a lot of options to protect their systems and privacy, but more importantly it provides a frame by which they can learn more about computers and operating systems in general. This kind of education and literacy is invaluable, and reflects the knowledge and skills that are necessary in our digital era.
However Qubes is not just about protecting the end user. As a free and open source tool, it can be repurposed and focused on specific applications.
For example, SecureDrop is piloting a workstation using Qubes OS
SecureDrop is an open source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources. It was originally created by the late Aaron Swartz and is now managed by Freedom of the Press Foundation. SecureDrop is available in 20 languages.
In March, Freedom of the Press Foundation will begin to pilot SecureDrop Workstation for Qubes OS with select news organizations. The goal of the project is to make the SecureDrop experience more intuitive, and to decrease the time-on-task for journalists, without compromising security.
With SecureDrop Workstation, journalists can use a single integrated computer to review messages and documents submitted by sources via SecureDrop, and to reply to them.
If we keep in mind that the use of this technology fosters greater literacy and cyber security awareness, then this is a fantastic development when it comes to upgrading the digital skills and capabilities of journalists and news organizations.
Going even further, perhaps use of Qubes OS fosters a different computing culture?
This kind of meta computing certainly encourages people to move past the physical metaphors that have framed computing up to this point, and encourage a more virtual or even galactic conception of computing. Constellations and systems expanding through time?! Got a problem with one of your systems? Send it into a black hole?!
What potential there may be when our metaphors are limitless.
Another good sign in favour of Qubes OS, they’ve recently expanding their community resources:
As with all of the Future Tools we profile in this series, Qubes OS is one that we’ll keep an eye on and use ourselves. It provides a fantastic example of why free and open source tools are inherently educational and empowering.
Finally here’s a great overview produced by the YouTube and TikTok sensation Crypto the Llama: