Applications running in different security domains
|Developer||Invisible Things Lab|
|Source model||Open source (except for Windows Support Tools)|
|Initial release||September 3, 2012|
|Latest release||2.0 / September 26, 2014|
|Update method||Yum (PackageKit)|
|Package manager||RPM Package Manager|
|Kernel type||Hybrid (Xen and Linux)|
|Default user interface||KDE|
|License||Free software licenses
On February 16, 2014, Qubes was selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution.
Qubes Release 2 can also run Windows AppVMs in seamless mode, integrated onto the common Qubes trusted desktop, just like Linux AppVMs. The seamless GUI integration has been introduced in Qubes R2 Beta 3.
Qubes implements a Security by Isolation approach. The assumption is that there can be no perfect, bug-free desktop environment. Such an environment counts millions of lines of code, billions of software/hardware interactions. One critical bug in any of these interactions may be enough for malicious software to take control over a machine.
In order to secure a desktop, a Qubes user should take care of isolating various environments, so that if one of the components get compromised, the malicious software would get access to only the data inside that environment.
In Qubes, the isolation is provided in two dimensions: hardware controllers are isolated into functional domains (GUI, network and storage domains), whereas the user’s digital life is decided in domains with different levels of trust. For instance: work domain (most trusted), shopping domain, random domain (less trusted). Each of those domains is run in a separate virtual machine.
Qubes is not a multi-user system.