Rocking Qubes on a 2011 laptop (2nd gen Intel i5 (Hyperthreading disabled), 8GB RAM, 128GB SSD) is WAY smoother than you'd think, you can eaisly run up to ~10 VMs without any performance issues, even with a full KDE Plasma desktop which is notorious for being a resource hog
Best parts about it are the control over networking, on a VM for accessing your home network you can limit outgoing connections to just the LAN, or for a vault VM you can cut networking altogether for peace of mind, being able to use DisposableVMs for anything that doesn't need persistent storage eg. browsing the web, and the fact it's just a Type 1 Hypervisor, you can literally run Windows on it if you want
Even for advanced users it can be difficult to use because of it's abstractions like templates, ServiceVMs and the global clipboard, but the wiki is amazingly written, getting you ready in a couple minutes
The pages for advanced users are on par, or even better than Arch Wiki, with pages on practically anything you could ever want to modify on the base system
Before installing you should read the Wiki first. At the end of the day Qubes isn't a silver bullet, but a tool (arguably the best one) for keeping yourself safe, and what good is a tool you don't know how to use?
I use it every day, it is like one mega-OS. Any distro of linux you want - you have. The support is great, forum is very actice and has many helpful guides so that you arent aimlessly looking forever for a solution to your issue. Many popular companies/people use qubes for its security such as MULLVAD and Let's Encrypt. Only thing is that the mirror system is quite slow, yes it is a big download (6GB) but could have better mirror support upon install. Not an issue however, as the main system is wonderful.
Qubes is a good control system, but lacks simplicity and easier control. One could wish that many more operating systems were easy to download so that you could get your own operating system.
Possibly, Windows or Mint. Having difficulty seeing how you can download with usb into the system and how you can generally download from outside into folders. So I probably don't prefer Qubes as it is for experts. But it appeals to one to get a more secure operating system. Couldn't you make it more simple and straightforward. without losing security.
Qubes OS is a unique and intriguing operating system that caught my attention as a tech enthusiast and Linux aficionado. Here's my take on the system, highlighting a few pros and cons.
Pros:
Security Architecture: Qubes OS takes a commendable approach to security, employing a compartmentalized structure with the help of Xen-based virtualization. Each application runs in a separate virtual machine, enhancing overall system security.
Privacy Control: The OS offers robust privacy features, allowing users to create distinct VMs for various tasks. This level of granularity ensures that personal and professional activities remain isolated, contributing to a more private computing experience.
Flexibility and Customization: Qubes OS provides a high degree of flexibility, enabling users to tailor their computing environment to specific needs. The ability to run different operating systems in separate VMs adds an extra layer of customization.
Cons:
Learning Curve: Transitioning to Qubes OS can be challenging for users unfamiliar with the virtualization concept. The learning curve might deter those seeking a more straightforward, traditional operating system experience.
Resource Intensive: Due to its security-focused design, Qubes OS can be resource-intensive, demanding a relatively powerful system to run smoothly. This could limit its accessibility for users with older or less powerful hardware.
Overall Impression:
Qubes OS stands out as a robust and secure operating system with a unique approach to system architecture. Its emphasis on security and privacy is admirable, making it an excellent choice for users who prioritize these aspects in their computing experience. However, the learning curve and resource requirements might pose challenges for those accustomed to more user-friendly and lightweight systems.
In conclusion, Qubes OS is a compelling choice for individuals seeking a highly secure and customizable operating system, provided they are willing to invest the time to learn its intricacies and have the hardware to support its demands.
Qubes OS Isn't a distro, its mostly a Xen hypervisor that sits on top of Fedora and Debian. Qubes OS allows users to have a very secure computer by isolating each application for various purposes. Qubes OS creates qubes or virtual machines that can be used seamlessly. Qubes will sandbox networking and even USB drives. Qubes allows users to setup a VPN or a Whonix qube for added privacy. This OS is very good for anyone that needs extra security.
Qubes OS works alright, but it does have some flaws. Qubes does require a high end machine to run, though it can run on decent hardware. Qubes cannot run games with a good fps. TF2 will run at 5fps on good hardware. It is possible to use GPU pass through with Qubes, but with the nature of Qubes this isn't generally supported. Qubes OS cannot run off of a portable ssd, so you must install Qubes on a dedicated machine. I have tried various ways to make Qubes OS boot off of a portable SSD. Qubes does have limited compatibility with hardware. They do have certified hardware for anyone that is looking to daily drive Qubes OS.
Extremely stable and good operating system, while it is not technically a distribution of Linux, instead being more accurately a distribution of the Xen Hypervisor, which explains the reason hardware compatibility is such an issue.
The default Linux templates which can be used to make VM instances are Debian and Fedora both very stable distros.
I've never had any issues ever when running it on hardware which was certified as compatible with. My daily driver is a X230 with a 3rd gen i7, and 16gb of DDR3 RAM
But I'm considering upgrading to the (as far as I know most powerful certified laptop) which can be found on the offical qubes website, it is some laptop out of NovaCustoms, which has a 12th gen i7 and up to 64gb of DDR4 RAM, so it'll be a massive upgrade on that front. But I will miss the 13 inch form factor and thinkpad keyboard if I do swap over.
Overall the best thing about Qubes is, if configured right your security level is exponentially higher than any other OS. And even with a poor configuration and bad practice you will still be more secure than most simply due the base OS being isolated from the internet, and usb system being sandboxed into its own VM by default.
the only other OS I use for personal computing is Trisquel, but that is normally only for some basic functionally and as a toy cause its fully FOSS, but for all more reasonable use cases I prefer qubes. It simply provides security no other OS can.
The only downside is it will likely take awhile to get used to how copy/pasting works across VMS and having to transfer files from one to the other, but that is more than made up for by the security features.
I highly recommend trying it out if you have access to a x230, or really even anyone that is compatible on the HCL.
Concept seems good but I wasn't able to install it on a test laptop, seems to have a lot of bugs in the installer and severe hardware compatibility limitations, including some very basic issues: it seems wasn't able to write any changes to the partition table, so the first installation said it was complete, but on reboot it couldn't find a boot device. Thereafter it couldn't delete any partitions on the HDD. This seems a very basic bug Maybe with more development it will become a viable option for a desktop, but given the bugs encountered, can't imagine it would be trustworthy enough for production use.
Qubes has been my main OS for over five years, and I have found it to be a reliable foundation for software development.
I appreciate the time and skill put into the production of Qubes OS: it is a well tested and carefully documented tool.
At first I had a negative impression of Qubes OS because it seemed to put obstacles between me and what I wanted to get done. But eventually I learned how to use it and gained an understanding of the security problem that it solves. By partitioning the OS into separate domains, a kind of ablative resilience is achieved. If one virtual machine gets compromised, you can just throw it away.
Qubes requires a conceptual grasp of how computer software works. You don’t have to be a programmer to use it, but if you aren’t then expect to spend some time building up the prerequisite knowledge for using Qubes.
Qubes allows for the compartmentalization of many distributions into sandboxed "Qubes". It is probably the best operating system for the privacy conscious and provides superior security when compared to almost any other OS. The most recent versions have made leaps and bounds towards making the UI more pleasing for the average user. Some of the other benefits of Qubes include:
Security: Qubes OS offers strong security features, including compartmentalization of different computing tasks and processes in separate virtual machines. This means that if one application or process is compromised, the damage is limited only to that particular virtual machine, and not to the entire system.
Privacy: Qubes OS is designed with privacy in mind, and provides users with tools to control and manage their personal data. Users can set up separate virtual machines for different types of data and tasks, such as banking, social media, and email, which helps to prevent data leakage and unauthorized access.
Flexibility: Qubes OS is highly customizable, and can be configured to meet the needs of a wide range of users. It supports a variety of virtualization technologies and can run on a wide range of hardware, making it suitable for both personal and professional use.
Open source: Qubes OS is an open-source operating system, which means that its source code is available for anyone to inspect and modify. This provides users with greater transparency and control over their computing environment, as well as the ability to contribute to the development of the operating system.
Community: Qubes OS has a vibrant and active community of users and developers who contribute to its ongoing development and support. This community provides users with access to a wealth of resources, including documentation, forums, and online tutorials.
Well-documented, great community, serious approach to security and privacy.
Were you ever curious but afraid:
– to click on that link in the email,
– to open that email attachment,
– to go to that shady-looking website,
– to install and run that suspicious program or even a virus,
– to insert that USB stick from someone untrusted?
Wth Qubes you do it all securely in a disposable VM and your personal files are safe. The worst thing which might happen is that the disposable VM breaks.
Do you want to be anonymous on the Internet? One of the best modern solutions, Whonix with disposable VM, is available on Qubes OS out of the box. Alternative solution would be Tails, but it’s much less convenient and requires to reboot your system each time.
Were you ever experiencing that something breaks after an update or after installing some software? On Qubes OS only a virtual machine breaks in such cases, and it can be easily, securely backed up and restored with a few clicks. Even if you forgot to make a backup this time it’s possible to restore from automatic backups, which are preconfigured.
Do you feel that your work is not well separated from your personal life on your machine? With Qubes OS, you can have separate, independent VMs for them. You start and stop them independently, they don’t interfere with each other. If one is damaged/compromised, the other one will still be fine. Of course, you can have (much) more than two enclaves like those with a unified, simple interface.
Were you ever been concerned about opening your personal email (controlling numerous online accounts) in the same browser where you go to random websites? Actually, even when the browsers are different it can be a problem on a monolithic OS! On Qubes OS, you open those things in separate VMs, isolated with hardware, not software. It’s often better than physical (air-gap) isolation. Recommended by Snowden.
Are you tired of managing tens of complicated passwords, or using a password manager relying on clipboard security? On Qubes OS, you can save all your passwords as plain text (in a dedicated offline VM) and securely copy them into the necessary fields (in other VMs) whenever needed. No viruses or ransomware will have access to them. You can also combine this approach with a password manager.
Do you prefer a certain GNU/Linux distribution, but something forces you to use another one, or Windows? On Qubes you can run many Linux distributions at the same time with a unified, simple interface. That important Windows program should also work in the corresponding Windows VM.
Do you feel concerned that some software you must run (or Windows itself) sends telemetry or unknown stuff to some servers outside of your control? On Qubes OS, you have a Firewall with a simple GUI enforcing any rules on any VM.
Did you hear stories that cameras or microphones in your laptop can be switched on remotely by malicious actors without your consent? On Qubes OS, you choose which VM has access to the camera and microphone, or you choose none. The Admin VM has no Internet.
Are you tired of entering your super-long root password every time you do something? On Qubes, you don’t need a root password at all, because security is enforced on a lower 1 level, level of hardware isolation. Just type sudo and run whatever you need.
This is the system you need if you require a secured OS. The isolation system with VMs allow to separate casual and secured environment. The netVM and firewall VM allow you to separate some VMs from the internet if you don't link them to any netVM. You can attach some VMs to Tor netVM, so you can be sure no traffic will go out of Tor. The VM management interface is good and the management of the system is not so hard if you read the good documentation. You can also copy some files from VM to VM or from external drives to VMs. In my view the only default is the update / upgrade process which can be a little technical and long. But again the documentation is good and updated.
Quebes is without a doubt the most secure system you can get up to date. But could not make it more simple and easy to make work, for an inexperienced computer user, as I would like to set up Perrot in this system. Can open Qubes, but can not get the network to work on my computer with Qubes ? Have driven a bit to everything and prefer Mint, Perrot. Backbox and Septor. Running Tor Browser works very slowly even though it should be a safe way to be safe. Have instead run through port 9050 which seems effective for firefox and without problems in Mint.
I've noticed the attacks on my system are becoming increasing sophisticated and though I've survived decades in the microelectronic/computer field without appreciable damage through a lot of careful effort it seems only a matter of time before my luck runs out. (And I would suspect a more typical computer user is substantially more susceptible to an attack than me.) For this reason I've switched to Qubes as it is clearly the most secure OS available (versus "Tails" for privacy). The big issue, besides finding compatible hardware, is that its use demands an advanced to expert user to really get the most out of it. If unable to read the documentation, be able to fill in the missing blanks, and take the time to troubleshoot/setup I'd recommend taking another path.
It would be great if the Qubes development team implemented a system check to see what will or will not work on your system before an install. It may be possible to get it to work on the hardware you have and the Qubes forum may help, but it can still take a lot of time and energy too. When it works, it's brilliant.
Qubes is the most secure open-source endpoint in the world. It is used to protect anyone who needs to mask their traffic, work with untrustworthy files or anyone with a serious threat model. This system is not for the faint of heart but is a relatively simple transition for linux admins who already are familiar with concepts of virtualization and tor independently. End users without a linux background would be best advised to use TAILS as an alternative as there is more space for technical and operational mistakes in a persistent or semi-persistent environment. If you need a full-time OS to work in a max-security environment, this should be your main candidate.
Qubes has been a great privacy and security focused distro. I would highly recommend this distro if you’re worried about governments and other bad actors spying on your online activities and reporting everything you to do to be held against you.
This distro has been becoming easier to use and not as difficult to use than it use to be a long while back. The forum is active, developers are active, there is a great response time for any patches and bugs to be fixed, the distro is pretty stable, speedy and works flawlessly.
My admiration and gratitude for the Qubes developers.
Beautiful setup for privacy.
I used 4.0 and was put off because suspend was outright drama for me and couldn't get it going on my desktop.
Hoped that 4.1 would correct this but unfortunately in remained the same drama.
I am a FreeBSD user and run separate VM's with puppy as skeleton OS for my internet connections.
From this point of view as a feedback:
1- the documentation I find confusing , codes written in between text. The FreeBSD handbook is very clear in explaining so I hope the team will follow this example layout. Same for the forum.
2- please fix the suspend, I use the desktop around 6 hours a day and don't like to power off and boot again which takes a long time.
3- using 4.1 there was a XEN update and was unable to boot. The solution was too complicated for me to spend time on it and left Qubes for what it was.
I will continue to monitor Qubes forum and website till I see bugs (2 and 3) are improved and go back to Qubes.
All over it is a beautiful setup and definitely the best in security and privacy
First of all, QUBES is a fantastic 'distro' maintained and built by dedicated people and I thank them.
I have to say however that the latest stable version has a ton of bugs. The QUBES forums will show this. 4.0 was stable and, for me, virtually trouble free. The latest release can be painful and require reboots that aren't quick with a system like this. Having said that, I will continue to use QUBES as my daily driver.
Despite the above issues I would highly recommend QUBES and suggest that it is so far ahead of the other distros for security you can't beat it and I am sure that the bugs will get ironed out with updates.
The idea is great. The implementation makes user experience troublesome. Makes one thing of using a type 2 hypervisor with maximally clean host instead.
I do realize that it's more difficult to configure Xen to run smoothly. I personally faced two following difficulties:
1. I tried 4.0 and 4.1 on a machine with 12 GB RAM that had an HDD. The RAM seemed to be enough. But it was extremely slow. I think because it has no SSD. Alright. That's understandable and is mentioned in the system's requirements. By the way, 4.1 seemed to run better and faster.
2. I tried 4.1 on a machine with 16 GB and an NVMe. Well, tried to try it. It failed to boot. It was impossible to set up the machine with NVMe only to have MBR parition / work in Legacy Boot mode. Following the Legacy mode would make it flawless (as I did in the first machine). And it ended up having nothing to boot after the system was installed. I tried a couple of tricks in recovery mode. Nothing really helped. I might be impatient. Sorry! But that's not a good start to me. I have no much time to tinker with making efforts to get it just booting. It's a pity. I really wanted to try it on hardware that meets the requirements.
It does exactly what it sets out to do: provide a secure computing experience. It strikes a good balance between convenience and security which is difficult to do. Resources are also being spent on making GPU pass through and GUI domains more user friendly, this will make Qubes very appealing to a wide audience once they are stable.
A fabulous OS with great features to protect user privacy but at the same time is not compatible with all kinds of hardware. Hence 9 starts instead of 10.
Version: Rating: 10 Date: 2021-12-25 Votes: 0
Absolute fantastic concept and excellent OS!
Only important thing is having compatible hardware.
This is especially true if one really takes the security aspect seriously by e.g. securing the entire boot chain with Secure Boot by e.g. your BIOS should be able to secure Grub and XEN images (if one wants to trust Intel ME).
Same is true for its free alternatives as Libreboot, Coreboot or Google NERF.
I do not want to focus that much on privacy and security as previous posts seem to mix up those topics with attributes not related to Qubes, but to the templates available which IMHO confuses more then it helps, e.g. the post from 2021-11-22 highlights "I only use Windows through Qubes because I want my privacy respected and to not have my info sold to companies to spam me with ads and other creepy behavior.". While this might be true, it related to the whonix Tor gateway and has nothing to to with Qubes OS itself. One could or probably should consider Pi-Hole or such tools for such a purpose.
I also recommend to try to understand the concept of Qubes and Linux in general before deriving a false conclusion on the security and/or privacy of the system as it adds and additional layer of complexity for the virtualization with XEN and probably even more defined by the amount of different templates used as some might use different init system coming along with different risks etc.
Therefore I would suggest one should at least be able to e.g. build its own Linux based on e.g. Gentoo stage 3 to ensure at lease a basic understanding of a Linux OS itself. Otherwise one might feel more secure only because Qubes is more obscure to them then other OS sole due to it increased complexity.
Qubes isn't a distro, but more of a hypervisor implementation that can run many isolated, compartmented distributions. I'm a slackware enthusiast, but am familiar with the two default distributions that are included with the qubes install. If you're up for getting an adequate working knowledge of the debian and fedora distributions then you'll likely enjoy qubes. The generic install includes Whonix (debian based) which appears to have some impressive security credentials. However, Whonix does not yet support Qubes R4.1beta so there are a few noticeable hiccups during routine operation of disposable VMs and updates. But these should be resolved soon. I do enjoy the Qubes implementation and my review will be a 10 once the Whonix-16 compatability issues are addressed. Since the technical depth placed on this software (qubes, whonix, debian, fedora) is great, I have to trust the developers are of high integrity. A good sign is the primary developers don't hide behind monikers. I have gained a good level of trust in them primarily because of their level of participation in responding to issues. These people are sharp.
All this being said, disposable whonix virtual machines rock. I'm expecting to go the long haul on this project. My Slackware VM is almost ready for prime time.
This is the best distro for complete privacy and anonymity. Programs work well and there aren’t a lot of programs installed by default, which is great- you can install more programs from the repositories and add more repositories for even more programs to choose from, customization and such as well. It takes some getting used to and learning, but trust me, it’s worth it! It’s very easy to set up virtual machines for running other operating systems, including Windows. I only use Windows through Qubes because I want my privacy respected and to not have my info sold to companies to spam me with ads and other creepy behavior.
I highly recommend Qubes OS.
Qubes Os is actively been developed to be more user friendly
it is used by many people who need compartamentalized security virtual vm's
there is a learning curb and not for the normal user
although by using Qubes it would advance the user far ahead
it can be eventually be made more user friendly
although they have managed to make it usable up to a point
once you understand it.
Also your pc hardware has to be able to handle virtualization
and speed and enough ram
I would say a minimum of 16 Gigs should be useful,
I currently use 3.0 external hard drive for the install
although they recommend Sata drives which are very
much faster.
for new users who are willing to learn it is best to start off
with ubuntu based distros and eventually move up to Fedora
and practice.
Right now Qubes os uses Debian on which Ubuntu distros are based and also
uses Fedora 33 and Whonix 15 and soon to be upgraded to Qubes Os 4.1
and already a template (os distribution base ) for fedora 34 is available.
As we enter into a worldwide intrusion into our daily lives
os such as Tails, Whonix and now Qubes Os are a security shelter
with dissolving virtual templates to erase any actions where we may
have been.
Just as people shouldn't leave their car doors open or windows open
with the keys in the ignition, so we all must as a world wide community
help one another to secure each other or make our lives more aware
and less open to prying eyes.
hopefully as time goes on Qubes os will be much more friendly to use
by the Windows users which are the majority.
This is a bit difficult to set up and get used to, but it is worth it. The privacy and security you get on Qubes is unmatched, it definitely keeps everything private and your communications safe. Lots of applications to choose from and I agree with others- I can basically say if you’re in a country where the government spies on everything you do and say, this is an excellent distro to get them to butt out of your life.
This is a pretty great distro. It’s stable, secure and protects internet privacy. Others have already covered how good this distro is in detail, but I’d like to say something extra.
In my home country of Venezuela, you probably heard what’s going on here, this has been keeping me safe and my internet browsing private so all of us “anti-regime” people can communicate safely and securely with each other.
I definitely recommend using Qubes, and Edward Snowden uses it too, that’s definitely a good thing I can say.
10 out of 10
Moved from Gentoo to Qubes as I just do no have the time and energy anymore to compile my systems from scratch. I must say, for now after 3 weeks of testing, I'm very happy with Qubes and the smart architecture designed.
In comparison to Gentoo, Qubes requires much less Linux and gcc knowledge and is way more accessible for new users while I would still not recommend it for beginners. At least if the "beginner" is not knowledgeable in operating system architecture and virtualization in general.
Great OS to learn more about XEN and virtualization in general. For understanding operating system elements as kernel, initramfs, init systems and such, I would still recommend Gentoo (or another LFS). In my opinion the best way to learn by far.
One year ago, I installed Qubes on a Purism Librem 13 and have been using it as my daily driver ever since.
At first, my experience with the workflow in Qubes was like entering an alien world. As with anything new and wonderful, once I became better acquainted with it, I was in awe. I’ll be contrarian here and suggest that even non-technical users will be able to get the hang of Qubes and reap its enormous benefits.
Among those benefits, Qubes can be configured (by a pro) to safeguard the average office worker from the most frequent security threats. For emails, all links and attachments can be set to open in an isolated disposable virtual machine (VM), which completely neuters most phishing attacks. Attachments can even be edited and saved in a separate disposable VM, never exposing the user to the open document. Similarly, web browsing in a separate VM limits the effectiveness of drive by downloads.
We all know Qubes for its security, but there are also huge benefits for internet privacy. Qubes makes it easy to obscure tracking by making it effortless to use numerous IP addresses with multiple instances of VPNs and Tor running simultaneously. Qubes can even help users thwart pesky browser fingerprinting by using VMs to create as many different browsers (and fingerprints) as they wish.
Computing is at a crossroads. One path leads to a land of self-determination with reasonably secure computers that users control; the other path ends in dystopia where malware and tracking are just part of the landscape within the walled garden. I hope Qubes is the future we choose.
Note: If you stray from the Qubes Hardware Compatibility List (HLC), you will likely be met with frustration and disappointment. Before you buy hardware, you might want to seek out and study three great videos from 2018 to get a sense of the peculiar workflow in Qubes. Search for Qubes videos from Micah Lee, Konstantin Ryabitsev, and Matty McFatty.
Complex but intensely satisfying from a security perspective. For the first time ever in over 35 years of computer use, I finally feel like I am fully in control of what the computer can and cannot do.
I have been using Linux since 1996, and this is by far the most polished and most engaging distro that I have ever used. I believe that I may finally have found my forever distro! Bravo Qubes-OS team, great job!
Classic distro dance. So funny how people declare that they finally have found a daily driver, the best, or life time distro, and they are so proud of themselves . . . until it fails. Then it is back to the dance once more. Something is fundamentally wrong with this process when users dance literally for years just looking for an OS that works. Try, fail, stumble, fall, and crash. These are the primary distro dance steps.
Version: Rating: 8 Date: 2021-03-18 Votes: 18
I'm running version 4.1 Alpha testing now on a Dell Precision 5520 with Xeon e3-1505m 4-cores 32gb ram Quadro m1200. I have been using this machine since 2018 with various incarnations of Qubes, starting with version 3.1. The qubes experience just keeps getting better with each version. Surprisingly, this Alpha testing version is, thus far, the most compatible and stable on this machine. In the beginning I had to boot Legacy and modify kernel parameters to get qubes to play nice, but now (since 4.03 and beyond) Qubes boots UEFI right out of the starting gate.No mods at all!
Qubes is always a little behind on the compatibility curve when it comes to modern hardware so the best way to start is to look at the HCL page on Qubes website and a pick hardware that shows the level of support you desire.
My previous attempt to use R3 was unsuccessful and I gave up, went back to Ubuntu...... but recently decided to give R4.0.3 a go and while it took time and lots of reading docs and forum posts, success!
If you want to use different Linux distros and even Tor (Whonix) this is a brilliant concept with security baked in. Well done to the Qubes team - I am looking forward to R4.1
Rocking Qubes on a 2011 laptop (2nd gen Intel i5 (Hyperthreading disabled), 8GB RAM, 128GB SSD) is WAY smoother than you'd think, you can eaisly run up to ~10 VMs without any performance issues, even with a full KDE Plasma desktop which is notorious for being a resource hog
Best parts about it are the control over networking, on a VM for accessing your home network you can limit outgoing connections to just the LAN, or for a vault VM you can cut networking altogether for peace of mind, being able to use DisposableVMs for anything that doesn't need persistent storage eg. browsing the web, and the fact it's just a Type 1 Hypervisor, you can literally run Windows on it if you want
Even for advanced users it can be difficult to use because of it's abstractions like templates, ServiceVMs and the global clipboard, but the wiki is amazingly written, getting you ready in a couple minutes
The pages for advanced users are on par, or even better than Arch Wiki, with pages on practically anything you could ever want to modify on the base system
Before installing you should read the Wiki first. At the end of the day Qubes isn't a silver bullet, but a tool (arguably the best one) for keeping yourself safe, and what good is a tool you don't know how to use?
I use it every day, it is like one mega-OS. Any distro of linux you want - you have. The support is great, forum is very actice and has many helpful guides so that you arent aimlessly looking forever for a solution to your issue. Many popular companies/people use qubes for its security such as MULLVAD and Let's Encrypt. Only thing is that the mirror system is quite slow, yes it is a big download (6GB) but could have better mirror support upon install. Not an issue however, as the main system is wonderful.
Qubes is a good control system, but lacks simplicity and easier control. One could wish that many more operating systems were easy to download so that you could get your own operating system.
Possibly, Windows or Mint. Having difficulty seeing how you can download with usb into the system and how you can generally download from outside into folders. So I probably don't prefer Qubes as it is for experts. But it appeals to one to get a more secure operating system. Couldn't you make it more simple and straightforward. without losing security.
Qubes OS is a unique and intriguing operating system that caught my attention as a tech enthusiast and Linux aficionado. Here's my take on the system, highlighting a few pros and cons.
Pros:
Security Architecture: Qubes OS takes a commendable approach to security, employing a compartmentalized structure with the help of Xen-based virtualization. Each application runs in a separate virtual machine, enhancing overall system security.
Privacy Control: The OS offers robust privacy features, allowing users to create distinct VMs for various tasks. This level of granularity ensures that personal and professional activities remain isolated, contributing to a more private computing experience.
Flexibility and Customization: Qubes OS provides a high degree of flexibility, enabling users to tailor their computing environment to specific needs. The ability to run different operating systems in separate VMs adds an extra layer of customization.
Cons:
Learning Curve: Transitioning to Qubes OS can be challenging for users unfamiliar with the virtualization concept. The learning curve might deter those seeking a more straightforward, traditional operating system experience.
Resource Intensive: Due to its security-focused design, Qubes OS can be resource-intensive, demanding a relatively powerful system to run smoothly. This could limit its accessibility for users with older or less powerful hardware.
Overall Impression:
Qubes OS stands out as a robust and secure operating system with a unique approach to system architecture. Its emphasis on security and privacy is admirable, making it an excellent choice for users who prioritize these aspects in their computing experience. However, the learning curve and resource requirements might pose challenges for those accustomed to more user-friendly and lightweight systems.
In conclusion, Qubes OS is a compelling choice for individuals seeking a highly secure and customizable operating system, provided they are willing to invest the time to learn its intricacies and have the hardware to support its demands.
Qubes OS Isn't a distro, its mostly a Xen hypervisor that sits on top of Fedora and Debian. Qubes OS allows users to have a very secure computer by isolating each application for various purposes. Qubes OS creates qubes or virtual machines that can be used seamlessly. Qubes will sandbox networking and even USB drives. Qubes allows users to setup a VPN or a Whonix qube for added privacy. This OS is very good for anyone that needs extra security.
Qubes OS works alright, but it does have some flaws. Qubes does require a high end machine to run, though it can run on decent hardware. Qubes cannot run games with a good fps. TF2 will run at 5fps on good hardware. It is possible to use GPU pass through with Qubes, but with the nature of Qubes this isn't generally supported. Qubes OS cannot run off of a portable ssd, so you must install Qubes on a dedicated machine. I have tried various ways to make Qubes OS boot off of a portable SSD. Qubes does have limited compatibility with hardware. They do have certified hardware for anyone that is looking to daily drive Qubes OS.
Extremely stable and good operating system, while it is not technically a distribution of Linux, instead being more accurately a distribution of the Xen Hypervisor, which explains the reason hardware compatibility is such an issue.
The default Linux templates which can be used to make VM instances are Debian and Fedora both very stable distros.
I've never had any issues ever when running it on hardware which was certified as compatible with. My daily driver is a X230 with a 3rd gen i7, and 16gb of DDR3 RAM
But I'm considering upgrading to the (as far as I know most powerful certified laptop) which can be found on the offical qubes website, it is some laptop out of NovaCustoms, which has a 12th gen i7 and up to 64gb of DDR4 RAM, so it'll be a massive upgrade on that front. But I will miss the 13 inch form factor and thinkpad keyboard if I do swap over.
Overall the best thing about Qubes is, if configured right your security level is exponentially higher than any other OS. And even with a poor configuration and bad practice you will still be more secure than most simply due the base OS being isolated from the internet, and usb system being sandboxed into its own VM by default.
the only other OS I use for personal computing is Trisquel, but that is normally only for some basic functionally and as a toy cause its fully FOSS, but for all more reasonable use cases I prefer qubes. It simply provides security no other OS can.
The only downside is it will likely take awhile to get used to how copy/pasting works across VMS and having to transfer files from one to the other, but that is more than made up for by the security features.
I highly recommend trying it out if you have access to a x230, or really even anyone that is compatible on the HCL.
Concept seems good but I wasn't able to install it on a test laptop, seems to have a lot of bugs in the installer and severe hardware compatibility limitations, including some very basic issues: it seems wasn't able to write any changes to the partition table, so the first installation said it was complete, but on reboot it couldn't find a boot device. Thereafter it couldn't delete any partitions on the HDD. This seems a very basic bug Maybe with more development it will become a viable option for a desktop, but given the bugs encountered, can't imagine it would be trustworthy enough for production use.
Qubes has been my main OS for over five years, and I have found it to be a reliable foundation for software development.
I appreciate the time and skill put into the production of Qubes OS: it is a well tested and carefully documented tool.
At first I had a negative impression of Qubes OS because it seemed to put obstacles between me and what I wanted to get done. But eventually I learned how to use it and gained an understanding of the security problem that it solves. By partitioning the OS into separate domains, a kind of ablative resilience is achieved. If one virtual machine gets compromised, you can just throw it away.
Qubes requires a conceptual grasp of how computer software works. You don’t have to be a programmer to use it, but if you aren’t then expect to spend some time building up the prerequisite knowledge for using Qubes.
Qubes allows for the compartmentalization of many distributions into sandboxed "Qubes". It is probably the best operating system for the privacy conscious and provides superior security when compared to almost any other OS. The most recent versions have made leaps and bounds towards making the UI more pleasing for the average user. Some of the other benefits of Qubes include:
Security: Qubes OS offers strong security features, including compartmentalization of different computing tasks and processes in separate virtual machines. This means that if one application or process is compromised, the damage is limited only to that particular virtual machine, and not to the entire system.
Privacy: Qubes OS is designed with privacy in mind, and provides users with tools to control and manage their personal data. Users can set up separate virtual machines for different types of data and tasks, such as banking, social media, and email, which helps to prevent data leakage and unauthorized access.
Flexibility: Qubes OS is highly customizable, and can be configured to meet the needs of a wide range of users. It supports a variety of virtualization technologies and can run on a wide range of hardware, making it suitable for both personal and professional use.
Open source: Qubes OS is an open-source operating system, which means that its source code is available for anyone to inspect and modify. This provides users with greater transparency and control over their computing environment, as well as the ability to contribute to the development of the operating system.
Community: Qubes OS has a vibrant and active community of users and developers who contribute to its ongoing development and support. This community provides users with access to a wealth of resources, including documentation, forums, and online tutorials.
Well-documented, great community, serious approach to security and privacy.
Were you ever curious but afraid:
– to click on that link in the email,
– to open that email attachment,
– to go to that shady-looking website,
– to install and run that suspicious program or even a virus,
– to insert that USB stick from someone untrusted?
Wth Qubes you do it all securely in a disposable VM and your personal files are safe. The worst thing which might happen is that the disposable VM breaks.
Do you want to be anonymous on the Internet? One of the best modern solutions, Whonix with disposable VM, is available on Qubes OS out of the box. Alternative solution would be Tails, but it’s much less convenient and requires to reboot your system each time.
Were you ever experiencing that something breaks after an update or after installing some software? On Qubes OS only a virtual machine breaks in such cases, and it can be easily, securely backed up and restored with a few clicks. Even if you forgot to make a backup this time it’s possible to restore from automatic backups, which are preconfigured.
Do you feel that your work is not well separated from your personal life on your machine? With Qubes OS, you can have separate, independent VMs for them. You start and stop them independently, they don’t interfere with each other. If one is damaged/compromised, the other one will still be fine. Of course, you can have (much) more than two enclaves like those with a unified, simple interface.
Were you ever been concerned about opening your personal email (controlling numerous online accounts) in the same browser where you go to random websites? Actually, even when the browsers are different it can be a problem on a monolithic OS! On Qubes OS, you open those things in separate VMs, isolated with hardware, not software. It’s often better than physical (air-gap) isolation. Recommended by Snowden.
Are you tired of managing tens of complicated passwords, or using a password manager relying on clipboard security? On Qubes OS, you can save all your passwords as plain text (in a dedicated offline VM) and securely copy them into the necessary fields (in other VMs) whenever needed. No viruses or ransomware will have access to them. You can also combine this approach with a password manager.
Do you prefer a certain GNU/Linux distribution, but something forces you to use another one, or Windows? On Qubes you can run many Linux distributions at the same time with a unified, simple interface. That important Windows program should also work in the corresponding Windows VM.
Do you feel concerned that some software you must run (or Windows itself) sends telemetry or unknown stuff to some servers outside of your control? On Qubes OS, you have a Firewall with a simple GUI enforcing any rules on any VM.
Did you hear stories that cameras or microphones in your laptop can be switched on remotely by malicious actors without your consent? On Qubes OS, you choose which VM has access to the camera and microphone, or you choose none. The Admin VM has no Internet.
Are you tired of entering your super-long root password every time you do something? On Qubes, you don’t need a root password at all, because security is enforced on a lower 1 level, level of hardware isolation. Just type sudo and run whatever you need.
This is the system you need if you require a secured OS. The isolation system with VMs allow to separate casual and secured environment. The netVM and firewall VM allow you to separate some VMs from the internet if you don't link them to any netVM. You can attach some VMs to Tor netVM, so you can be sure no traffic will go out of Tor. The VM management interface is good and the management of the system is not so hard if you read the good documentation. You can also copy some files from VM to VM or from external drives to VMs. In my view the only default is the update / upgrade process which can be a little technical and long. But again the documentation is good and updated.
Quebes is without a doubt the most secure system you can get up to date. But could not make it more simple and easy to make work, for an inexperienced computer user, as I would like to set up Perrot in this system. Can open Qubes, but can not get the network to work on my computer with Qubes ? Have driven a bit to everything and prefer Mint, Perrot. Backbox and Septor. Running Tor Browser works very slowly even though it should be a safe way to be safe. Have instead run through port 9050 which seems effective for firefox and without problems in Mint.
I've noticed the attacks on my system are becoming increasing sophisticated and though I've survived decades in the microelectronic/computer field without appreciable damage through a lot of careful effort it seems only a matter of time before my luck runs out. (And I would suspect a more typical computer user is substantially more susceptible to an attack than me.) For this reason I've switched to Qubes as it is clearly the most secure OS available (versus "Tails" for privacy). The big issue, besides finding compatible hardware, is that its use demands an advanced to expert user to really get the most out of it. If unable to read the documentation, be able to fill in the missing blanks, and take the time to troubleshoot/setup I'd recommend taking another path.
It would be great if the Qubes development team implemented a system check to see what will or will not work on your system before an install. It may be possible to get it to work on the hardware you have and the Qubes forum may help, but it can still take a lot of time and energy too. When it works, it's brilliant.
Qubes is the most secure open-source endpoint in the world. It is used to protect anyone who needs to mask their traffic, work with untrustworthy files or anyone with a serious threat model. This system is not for the faint of heart but is a relatively simple transition for linux admins who already are familiar with concepts of virtualization and tor independently. End users without a linux background would be best advised to use TAILS as an alternative as there is more space for technical and operational mistakes in a persistent or semi-persistent environment. If you need a full-time OS to work in a max-security environment, this should be your main candidate.
Qubes has been a great privacy and security focused distro. I would highly recommend this distro if you’re worried about governments and other bad actors spying on your online activities and reporting everything you to do to be held against you.
This distro has been becoming easier to use and not as difficult to use than it use to be a long while back. The forum is active, developers are active, there is a great response time for any patches and bugs to be fixed, the distro is pretty stable, speedy and works flawlessly.
My admiration and gratitude for the Qubes developers.
Beautiful setup for privacy.
I used 4.0 and was put off because suspend was outright drama for me and couldn't get it going on my desktop.
Hoped that 4.1 would correct this but unfortunately in remained the same drama.
I am a FreeBSD user and run separate VM's with puppy as skeleton OS for my internet connections.
From this point of view as a feedback:
1- the documentation I find confusing , codes written in between text. The FreeBSD handbook is very clear in explaining so I hope the team will follow this example layout. Same for the forum.
2- please fix the suspend, I use the desktop around 6 hours a day and don't like to power off and boot again which takes a long time.
3- using 4.1 there was a XEN update and was unable to boot. The solution was too complicated for me to spend time on it and left Qubes for what it was.
I will continue to monitor Qubes forum and website till I see bugs (2 and 3) are improved and go back to Qubes.
All over it is a beautiful setup and definitely the best in security and privacy
First of all, QUBES is a fantastic 'distro' maintained and built by dedicated people and I thank them.
I have to say however that the latest stable version has a ton of bugs. The QUBES forums will show this. 4.0 was stable and, for me, virtually trouble free. The latest release can be painful and require reboots that aren't quick with a system like this. Having said that, I will continue to use QUBES as my daily driver.
Despite the above issues I would highly recommend QUBES and suggest that it is so far ahead of the other distros for security you can't beat it and I am sure that the bugs will get ironed out with updates.
The idea is great. The implementation makes user experience troublesome. Makes one thing of using a type 2 hypervisor with maximally clean host instead.
I do realize that it's more difficult to configure Xen to run smoothly. I personally faced two following difficulties:
1. I tried 4.0 and 4.1 on a machine with 12 GB RAM that had an HDD. The RAM seemed to be enough. But it was extremely slow. I think because it has no SSD. Alright. That's understandable and is mentioned in the system's requirements. By the way, 4.1 seemed to run better and faster.
2. I tried 4.1 on a machine with 16 GB and an NVMe. Well, tried to try it. It failed to boot. It was impossible to set up the machine with NVMe only to have MBR parition / work in Legacy Boot mode. Following the Legacy mode would make it flawless (as I did in the first machine). And it ended up having nothing to boot after the system was installed. I tried a couple of tricks in recovery mode. Nothing really helped. I might be impatient. Sorry! But that's not a good start to me. I have no much time to tinker with making efforts to get it just booting. It's a pity. I really wanted to try it on hardware that meets the requirements.
It does exactly what it sets out to do: provide a secure computing experience. It strikes a good balance between convenience and security which is difficult to do. Resources are also being spent on making GPU pass through and GUI domains more user friendly, this will make Qubes very appealing to a wide audience once they are stable.
A fabulous OS with great features to protect user privacy but at the same time is not compatible with all kinds of hardware. Hence 9 starts instead of 10.
Project: Qubes OS Version: Rating: 10 Date: 2021-12-25 Votes: 0
Absolute fantastic concept and excellent OS!
Only important thing is having compatible hardware.
This is especially true if one really takes the security aspect seriously by e.g. securing the entire boot chain with Secure Boot by e.g. your BIOS should be able to secure Grub and XEN images (if one wants to trust Intel ME).
Same is true for its free alternatives as Libreboot, Coreboot or Google NERF.
I do not want to focus that much on privacy and security as previous posts seem to mix up those topics with attributes not related to Qubes, but to the templates available which IMHO confuses more then it helps, e.g. the post from 2021-11-22 highlights "I only use Windows through Qubes because I want my privacy respected and to not have my info sold to companies to spam me with ads and other creepy behavior.". While this might be true, it related to the whonix Tor gateway and has nothing to to with Qubes OS itself. One could or probably should consider Pi-Hole or such tools for such a purpose.
I also recommend to try to understand the concept of Qubes and Linux in general before deriving a false conclusion on the security and/or privacy of the system as it adds and additional layer of complexity for the virtualization with XEN and probably even more defined by the amount of different templates used as some might use different init system coming along with different risks etc.
Therefore I would suggest one should at least be able to e.g. build its own Linux based on e.g. Gentoo stage 3 to ensure at lease a basic understanding of a Linux OS itself. Otherwise one might feel more secure only because Qubes is more obscure to them then other OS sole due to it increased complexity.
Qubes isn't a distro, but more of a hypervisor implementation that can run many isolated, compartmented distributions. I'm a slackware enthusiast, but am familiar with the two default distributions that are included with the qubes install. If you're up for getting an adequate working knowledge of the debian and fedora distributions then you'll likely enjoy qubes. The generic install includes Whonix (debian based) which appears to have some impressive security credentials. However, Whonix does not yet support Qubes R4.1beta so there are a few noticeable hiccups during routine operation of disposable VMs and updates. But these should be resolved soon. I do enjoy the Qubes implementation and my review will be a 10 once the Whonix-16 compatability issues are addressed. Since the technical depth placed on this software (qubes, whonix, debian, fedora) is great, I have to trust the developers are of high integrity. A good sign is the primary developers don't hide behind monikers. I have gained a good level of trust in them primarily because of their level of participation in responding to issues. These people are sharp.
All this being said, disposable whonix virtual machines rock. I'm expecting to go the long haul on this project. My Slackware VM is almost ready for prime time.
This is the best distro for complete privacy and anonymity. Programs work well and there aren’t a lot of programs installed by default, which is great- you can install more programs from the repositories and add more repositories for even more programs to choose from, customization and such as well. It takes some getting used to and learning, but trust me, it’s worth it! It’s very easy to set up virtual machines for running other operating systems, including Windows. I only use Windows through Qubes because I want my privacy respected and to not have my info sold to companies to spam me with ads and other creepy behavior.
I highly recommend Qubes OS.
Qubes Os is actively been developed to be more user friendly
it is used by many people who need compartamentalized security virtual vm's
there is a learning curb and not for the normal user
although by using Qubes it would advance the user far ahead
it can be eventually be made more user friendly
although they have managed to make it usable up to a point
once you understand it.
Also your pc hardware has to be able to handle virtualization
and speed and enough ram
I would say a minimum of 16 Gigs should be useful,
I currently use 3.0 external hard drive for the install
although they recommend Sata drives which are very
much faster.
for new users who are willing to learn it is best to start off
with ubuntu based distros and eventually move up to Fedora
and practice.
Right now Qubes os uses Debian on which Ubuntu distros are based and also
uses Fedora 33 and Whonix 15 and soon to be upgraded to Qubes Os 4.1
and already a template (os distribution base ) for fedora 34 is available.
As we enter into a worldwide intrusion into our daily lives
os such as Tails, Whonix and now Qubes Os are a security shelter
with dissolving virtual templates to erase any actions where we may
have been.
Just as people shouldn't leave their car doors open or windows open
with the keys in the ignition, so we all must as a world wide community
help one another to secure each other or make our lives more aware
and less open to prying eyes.
hopefully as time goes on Qubes os will be much more friendly to use
by the Windows users which are the majority.
This is a bit difficult to set up and get used to, but it is worth it. The privacy and security you get on Qubes is unmatched, it definitely keeps everything private and your communications safe. Lots of applications to choose from and I agree with others- I can basically say if you’re in a country where the government spies on everything you do and say, this is an excellent distro to get them to butt out of your life.
This is a pretty great distro. It’s stable, secure and protects internet privacy. Others have already covered how good this distro is in detail, but I’d like to say something extra.
In my home country of Venezuela, you probably heard what’s going on here, this has been keeping me safe and my internet browsing private so all of us “anti-regime” people can communicate safely and securely with each other.
I definitely recommend using Qubes, and Edward Snowden uses it too, that’s definitely a good thing I can say.
10 out of 10
Moved from Gentoo to Qubes as I just do no have the time and energy anymore to compile my systems from scratch. I must say, for now after 3 weeks of testing, I'm very happy with Qubes and the smart architecture designed.
In comparison to Gentoo, Qubes requires much less Linux and gcc knowledge and is way more accessible for new users while I would still not recommend it for beginners. At least if the "beginner" is not knowledgeable in operating system architecture and virtualization in general.
Great OS to learn more about XEN and virtualization in general. For understanding operating system elements as kernel, initramfs, init systems and such, I would still recommend Gentoo (or another LFS). In my opinion the best way to learn by far.
One year ago, I installed Qubes on a Purism Librem 13 and have been using it as my daily driver ever since.
At first, my experience with the workflow in Qubes was like entering an alien world. As with anything new and wonderful, once I became better acquainted with it, I was in awe. I’ll be contrarian here and suggest that even non-technical users will be able to get the hang of Qubes and reap its enormous benefits.
Among those benefits, Qubes can be configured (by a pro) to safeguard the average office worker from the most frequent security threats. For emails, all links and attachments can be set to open in an isolated disposable virtual machine (VM), which completely neuters most phishing attacks. Attachments can even be edited and saved in a separate disposable VM, never exposing the user to the open document. Similarly, web browsing in a separate VM limits the effectiveness of drive by downloads.
We all know Qubes for its security, but there are also huge benefits for internet privacy. Qubes makes it easy to obscure tracking by making it effortless to use numerous IP addresses with multiple instances of VPNs and Tor running simultaneously. Qubes can even help users thwart pesky browser fingerprinting by using VMs to create as many different browsers (and fingerprints) as they wish.
Computing is at a crossroads. One path leads to a land of self-determination with reasonably secure computers that users control; the other path ends in dystopia where malware and tracking are just part of the landscape within the walled garden. I hope Qubes is the future we choose.
Note: If you stray from the Qubes Hardware Compatibility List (HLC), you will likely be met with frustration and disappointment. Before you buy hardware, you might want to seek out and study three great videos from 2018 to get a sense of the peculiar workflow in Qubes. Search for Qubes videos from Micah Lee, Konstantin Ryabitsev, and Matty McFatty.
Classic distro dance. So funny how people declare that they finally have found a daily driver, the best, or life time distro, and they are so proud of themselves . . . until it fails. Then it is back to the dance once more. Something is fundamentally wrong with this process when users dance literally for years just looking for an OS that works. Try, fail, stumble, fall, and crash. These are the primary distro dance steps.
Complex but intensely satisfying from a security perspective. For the first time ever in over 35 years of computer use, I finally feel like I am fully in control of what the computer can and cannot do.
I have been using Linux since 1996, and this is by far the most polished and most engaging distro that I have ever used. I believe that I may finally have found my forever distro! Bravo Qubes-OS team, great job!
Project: Qubes OS Version: Rating: 8 Date: 2021-03-18 Votes: 18
I'm running version 4.1 Alpha testing now on a Dell Precision 5520 with Xeon e3-1505m 4-cores 32gb ram Quadro m1200. I have been using this machine since 2018 with various incarnations of Qubes, starting with version 3.1. The qubes experience just keeps getting better with each version. Surprisingly, this Alpha testing version is, thus far, the most compatible and stable on this machine. In the beginning I had to boot Legacy and modify kernel parameters to get qubes to play nice, but now (since 4.03 and beyond) Qubes boots UEFI right out of the starting gate.No mods at all!
Qubes is always a little behind on the compatibility curve when it comes to modern hardware so the best way to start is to look at the HCL page on Qubes website and a pick hardware that shows the level of support you desire.
My previous attempt to use R3 was unsuccessful and I gave up, went back to Ubuntu...... but recently decided to give R4.0.3 a go and while it took time and lots of reading docs and forum posts, success!
If you want to use different Linux distros and even Tor (Whonix) this is a brilliant concept with security baked in. Well done to the Qubes team - I am looking forward to R4.1
TUXEDO
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
Advertisement
Star Labs
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
Copyright (C) 2001 - 2024 Atea Ataroa Limited. All rights reserved. All trademarks are the property of their respective owners. Privacy policy. Change privacy settings. DistroWatch.com is hosted at Copenhagen.