Recently, on reddit, there was an interesting discussion ongoing in regards to Qubes OS: “Opinion: I think Qubes is underrated as a day-to-day OS, I use it as my daily driver because the OS’s structure makes me productive, anyone else?”. I guess this topic is worth a blog post to discuss in more details.
Update October 2020:
There is another post on reddit named “Trying Qubes for the first time. And not for security Reasons” which provides an interesting overview on Qubes from a different angle:
“I’m now in a “working from home” situation with a company that’s all in on the Microsoft train. Teams, Office 365, Exchange online. All that stuff. What i didn’t realize initiall is, that qubes allows me to acutally do that work on my private machine with all the screens (3 of them) attached and do it in a seperate, clean environment. So, no more Laptop work for me. Yay on that too.”
First of all, I understand the reputation that Qubes OS has: very nerdy, very complicated to be used, takes a lot of time to get familiar with and not made for daily use. These are all aspects that I would consider to be somehow true – at least for me – nevertheless, I disagree with the statement that Qubes is not made for “daily use”. The author of the reddit post confirmed that as well. I’m using Qubes since years as my primary OS for various tasks and I can confirm that it has great benefits for working in a structured way on different topics as the same time due to its “compartmentalization” aspects.
Let’s discuss some of these aspects below:
- Office / Email / Surfing:
There is hardly a discussion needed in this regard – Qubes enables all these requirements in a very flexible, liberal and secure way: You choose the underlying OS that you want to use as a baseline. The application scope comes on top – and you decide how persistent you want specific features to be. Meaning: You can open Word Docs in a cloned Windows OS VM and delete the VM after each usage. Or you intend to open emails only in specifically locked-down VMs (see further below) etc.
However – the caveat is: you need to do some more clicks than just open it in your standard OS. This aspect comes along with most of the Qubes benefits.
- Compartmentalization enables structured work:
First of all, different projects and topics in your daily work can be separated in different VMs within Qubes: e.g. one VM for programming/coding/scripting work, one for doing online banking, one for accessing websites where login credentials / cookies are needed etc. This is a great feature to focus your work on a specific topic and keep data/information in a consolidated and structured way instead of spreading it across one OS. You can even substitute a full VM with a disposable VM e.g. for online banking. (This of course could lead to additional challenges in case your bank is using fingerprinting methods / statistics during login since disposable VMs bring along a new state and the banking app will potentially reinforce 2FA)
Furthermore, VMs in Qubes can be colored individually: You can color all VMs as red which are somehow not fully trusted, green the ones you trust more due to its locked-down nature (e.g. password manager runs on VM without network access at all.) So coloring can help you to support your brain detecting the criticality of VMs in an easy and quick way. In Qubes, there is no possibility that your private coding efforts will mess around with your tax declaration documents if you don’t want this to happen.
- VMs for messing around:
Everybody knows this situation: You read about something interesting somewhere and would like to play around with it e.g. new application, code etc. Of course your core OS where you do critical tasks is not the right place for doing so. So you can either take a second system / hardware or you can basically virtualize your playground. Or you take Qubes which brings along the virtualization feature with it by default. How? You can quickly start up a VM for a specific topic (e.g. try new program on Linux or even Windows), mess around with the setup without impacting your core apps / VMs and delete it again if needed. This is a huge advantage in comparison with a standard OS without virtualization: You probably remember how you messed up your own OS due to the fact that you wanted to try some new config/app etc. and you impacted your OS stability in the end? Does not happen with Qubes.
- Offline vs Online:
It’s simply a great feeling to know that some of your VMs are not able to talk to any network at all. This starts with your password manager, which has no need to talk to any network unless you are using a cloud-based one (which depends on your threat model whether you intend to use it or not). This ends with VMs where you potentially play around with malicious software that should not talk to your home network or the Internet in general. You can even strip down online capabilities of specific VMs, e.g. your email VM does not need to talk to the Internet in general – it only needs to talk TLS to your mailserver via IMAP, nothing else. Even in case your email VM gets compromised, the adversary would be limited in terms of extracting data from it. In this case it would need to happen through SMTP over TLS via your mailserver – nothing else it possible.
Qubes is not made for serious gaming if you ask me – I never tried it in a detailed way but due to the virtualization setup and the associated hardware constraints, you will most probably feel a strong performance impact. So it’s not worth it. In case you intend to play some minor non-CPU/GPU intensive games, you should be fine though. Ensure to adjust your GPU passthrough configs & VM specs appropriately. Find some interesting discussion here and here
Finally, to summarize this:
I strongly disagree with the statement on the reddit thread: “I have no threat model, no one is after me, no one cares about what I do.” If you have a technical device that processes information, you are in scope of adversaries. This situation gets more severe once you connect that device to the Internet or any network – Qubes is an interesting approach to limit the associated risks appropriately.
Quote from the original reddit thread that I just want to leave here:
“More accurately I would say that Qubes is a hugely compatible emotional fit with my character and values. It puts the least friction in between me and my curiosity to try things out and explore, whether that be new OS’s, snap applications, concepts, languages and frameworks, tools, cloning and building interesting repos, the list goes on. As a compute-toolbox, nothing else comes close to being able to safely stand up disposable environments for the purpose at hand, even if that purpose is as trivial as a browser query. That’s real freedom.”