Post

QubesOS as a daily driver (Updated 2025)

Posted
Preview Image
By Dominik Birk
6 min read

Introduction

If you follow the QubesOS Reddit Feed, you probably have realized that the question around “QubesOS as a Daily Driver” comes up frequently over the last couple of years. These discussions are most probably caused by a) the specific hardware requirements that QubesOS brings along and b) the untraditional way of using it.

Desktop View Qubes Discussions on Reddit

First of all, I understand the reputation that Qubes OS has: very nerdy, very complicated to be used, takes a lot of time to get familiar with etc.. These are all aspects that I would consider to be somehow true, at least for me. Nevertheless, I disagree with the statement that Qubes is not made for “daily use”. I’m using Qubes since years as my primary OS for various tasks (examples) and I can confirm that it has great benefits as well as limitations. But let’s go through some of them step by step.

Discussion

  • Office / Email / Surfing:
    I would say that Qubes fulfills most of the modern office demands by default, be it via a Linux distro of your choice or a Windows VM. You choose the OS that you want to use as a baseline. The application scope comes on top and you decide how persistent you want specific features to be. Meaning: You can open Word Docs in a cloned Windows OS VM and delete the VM after each usage. Or you intend to open emails only in specifically locked-down VMs (see further below) etc. However, the caveat is: you need to do some more clicks than just open it in your standard OS. This aspect comes along with most of the Qubes benefits.

  • Compartmentalization enables structured work:
    It’s great to compartmentalize everything. - First of all, different projects and topics in your daily work can be separated in different VMs within Qubes: e.g. one VM for programming/coding/scripting work, one for doing online banking, one for accessing websites where login credentials / cookies need to persist etc. This is a great feature to focus your work on a specific topic and keep data/information in a consolidated and structured way instead of spreading it across one OS where the context could be mixed and overlap. You can even substitute a full VM with a disposable VM e.g. for online banking. This of course could lead to additional challenges in case your bank is using fingerprinting methods / statistics during login since disposable VMs bring along a new state and the banking app will potentially reinforce 2FA. Additionally, standard login artefacts such as passwords and cookies (trusted device) will not be stored. You need to do a clean login from scratch. The compartmentalization approach is supported with individual colors for VMs in Qubes: You can color all VMs as red which are somehow not fully trusted, green the ones you trust more due to its locked-down nature (e.g. password manager runs on VM without network access at all.) So coloring can help you to support your brain detecting the criticality of VMs in an easy and quick way. In Qubes, there is hardly a possibility that your private coding efforts will mess around with your tax declaration documents and leak your passwords if you don’t want this to happen.

Desktop View Stolen from https://www.qubes-os.org

  • VMs for messing around:
    Everybody knows this situation: You read about something interesting somewhere and would like to play around with it e.g. new application, code etc. Of course your core OS where you do critical tasks is not the right place for doing so. So you can either take a second system / hardware or you can basically virtualize your playground. Or you take Qubes which brings along the virtualization feature with it by default. How? You can quickly start up a VM for a specific topic (e.g. try new program on Linux or even Windows), mess around with the setup without impacting your core apps / VMs and delete it again if needed. This is a huge advantage in comparison with a standard OS without virtualization: You probably remember how you messed up your own OS due to the fact that you wanted to try some new config/app etc. and you impacted your OS stability in the end? Does not happen with Qubes.

  • Offline vs Online:
    I appreciate this feature a lot since it’s simply a great feeling to know that some of your VMs are not able to talk to any network at all. Apps and even complete OS like to talk to 3rd parties due to various reasons e.g. telemetry. We endusers don’t want this under normal circumstances since we are not interested in getting tracked, having our data leaked etc. Qubes provides factual solutions to some core questions: Why does a VM with critical data on it must be connected to the Internet even though there is no need for it? Example: Your password manager by default has no need to talk to any network (unless you are using a cloud-based one which must go along with your personal threat model). Another example is the VM of an infosec researcher which stores and executes potentially malicious software that should not talk to the home network or the Internet in general. You can even strip down online capabilities of specific VMs, e.g. your email VM does not need to talk to the Internet in general - it only needs to talk IMAP/POP3 via TLS to your mailserver, nothing else. Even in case your email VM gets compromised, the adversary would be limited in terms of extracting data from it or build up a connection to a C&C server.

  • Gaming:
    Qubes is not made for serious gaming if you ask me. I never tried it in a detailed way but due to the virtualization setup and the associated hardware constraints, you will most probably feel a strong performance impact. So for me it’s not worth the effort to set it up. In case you intend to play some minor non-CPU/GPU intensive games, you should be fine though. For further details on the gaming on Qubes topic, check out the links below:

Conclusion

If you have a technical device that processes information, you are in scope of adversaries. This situation gets more severe once you connect that device to the Internet or any network. Qubes is an interesting approach to limit the associated risks appropriately. The benefits it could bring to you strongly depend on your way of working and your specific use cases. In case you like separation of data & processing done in a reasonably secure way, QubesOS could be of value to you.

Quote: “More accurately I would say that Qubes is a hugely compatible emotional fit with my character and values. It puts the least friction in between me and my curiosity to try things out and explore, whether that be new OS’s, snap applications, concepts, languages and frameworks, tools, cloning and building interesting repos, the list goes on. As a compute-toolbox, nothing else comes close to being able to safely stand up disposable environments for the purpose at hand, even if that purpose is as trivial as a browser query. That’s real freedom.”

infosec qubes os
This post is licensed under CC BY 4.0 by the author.