Qubes OS defines itself modestly as “a reasonably secure operating system.” It might actually be one of the safest operating systems, often used by pros who are most concerned with computer security.
Qubes OS is a free open-source operating system that’s fully security-oriented. It leverages Xen-based virtualization, which allows the user to create, use and delete easily isolated compartments called qubes.
To make it simple to understand, every qube is implemented as a virtual machine that is fully configurable by having specific purpose, nature and level of trust.
SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)
As an example, it is possible to quickly open a lightweight qube for Internet browsing, which will self-destruct when closed. This way, if the user visits fraudulent websites spreading malware, he or she is still safe. Qubes OS also allows the user to simultaneously run multiple operating systems: Windows, Debian and Fedora.
To get the best of Qubes OS, it is, of course, better to make a full installation of it on a computer.
Qubes OS has very specific hardware requirements, in particular the need for IOMMU-based virtualization in the BIOS or UEFI. It also needs 64-bit Intel or AMD processor, 6GB of RAM and 32GB of hard disk free space. It is recommended to have 16GB of RAM and 128GB of SSD free space.
Users without experience with Qubes OS should first go for a virtual machine installation to get the feel and really test it before installing.
Here is a guide to install Qubes OS in VirtualBox, the host being a Windows operating system.
We also need to download the Qubes OS ISO file–stable release (Figure A).
Choose your favorite way of downloading (direct download or via torrent), check the file hash when done, and you’re ready to install.
How to install the virtual machine
Open VirtualBox and choose Machine/New then choose a name for the virtual machine. For our installation, we will call it QubesOS-vm. Change the folder according to your needs, and select Linux / Fedora (64-bit) (Figure B).
Click Next then select the size of the memory (RAM) you wish to be allocated to the virtual machine (Figure C).
Click Next, select Create a Virtual Hard Disk Now, then click Create. Select VDI as the hard disk file type, then click Next.
It’s now up to you to choose between a dynamically allocated virtual hard drive or a fixed-size one. The fixed size option allows you to set a maximum size that will never change on the physical hard drive. The dynamically allocated option will only consume disk storage as it fills up. Eighty gigabytes is generally a good size for this kind of virtual machine, but of course it all depends on your hardware and the space left on it.
SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)
The next step is setting the size of the virtual hard drive (Figure D).
Click Create, and wait for the VirtualBox to finish setting up. The virtual machine environment is now ready.
Right-click on the new virtual machine, and select Settings (Figure E).
Change all the settings according to your needs and hardware. In the System tab tick Enable EFI (special OSes only) (Figure F).
Go to the Storage tab, click the CD ROM image that says Empty in the middle pane, and click on the second CD ROM image on the right pane. Choose Disk File (Figure G).
Select the ISO file, click Open, then click OK.
Configuration is now OK in VirtualBox, except for one parameter we need to activate via the command line of our Windows system. It is called Enable Nested VT-x/AMD-V in the system/processor tab of VirtualBox, but is grayed out and cannot be activated with the GUI.
Quit VirtualBox, and launch a command line by hitting the Windows key of your keyboard and type cmd.exe, then hit the Return key.
In the command prompt, go to your VirtualBox installation folder and type the following (Figure H):
If you are unsure about the name of your virtual machine, the following command will list all your virtual machines by name:
VBoxManage.exe list vms
Relaunch VirtualBox, go once again to your settings to check that the option has indeed been activated (Figure I).
Installation starts and asks for the language for the operating system (Figure J).
Select your language and click Continue.
A new page opens. Feel free to change keyboard layout or language if needed, in addition to the time zone, then click on Installation Destination (Figure K).
Choose the way you want partitioning to be done: automatic or manual. Generally, for a virtual machine, it is best to select automatic partitioning, since we do not have any particular need regarding the virtual hard drive. Also, here is the place to determine if you want the data to be encrypted (Figure L).
Click done, then type your encryption passphrase twice (Figure M).
Click Save Passphrase. The installation brings you back to the menu.
Click Begin Installation.
Click User Creation, then select a username and password (Figure N).
Click Done, and wait for the installation to finish, which can take a few minutes.
You might also want to create a root user account, which you can do by clicking on Root Password aside of User Creation.
Once the installation is done, click Reboot and wait.
After reboot, a new window appears to finish the configuration (Figure O).
Click QUBES OS, then keep the options as ticked in the next menu (Figure P):
Click on Done, then click Finish Configuration.
Qubes OS will now install and configure the default qubes, which will take several minutes depending on your choices.
The login screen appears. Choose your username and type your password (Figure Q).
Once logged in, you can start enjoying Qubes OS (Figure R).
Qubes OS is certainly not the easiest operating system to install. It needs some technical knowledge not only during installation but also for using it. On the other hand, it has been created for people who really care about security, with at least medium computer and internet knowledge.
For those who need more privacy, Qubes OS offers the ability to run the Whonix distribution as qubes and use it for anonymity.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.