Stories
Slash Boxes
Comments

Dev.SN ♥ developers

No Windows Qubes port due to Win API, architecture

posted by Cactus on Saturday February 22 2014, @05:15PM   Printer-friendly
from the get-outta-my-sandbox dept.

CQ writes:

Qubes-OS, the Security-by-Isolation, VM-based operating system, has concluded that a port to the Windows OS line isn't feasible. In this post, the CEO of Inivisble Things Labs outlines what she had hoped to accomplish with the port and her explaination why it was just not meant to be.

This paper [pdf] contains all the technical bits you need to know, and the explanation on why the Windows APIs and system architecture are not appropriate for the task of creating an isolation system. It also has some interesting (if that's your thing) information on the Windows security model.

Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?

 
This discussion has been archived. No new comments can be posted.
No Windows Qubes port due to Win API, architecture | Log In/Create an Account | Top | 1000 moderator points   | 18 comments | Search Discussion
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by Lagg on Saturday February 22 2014, @05:32PM

    by Lagg (105) on Saturday February 22 2014, @05:32PM (#4959) Homepage Journal
    I don't have much experience with Qubes myself but I do have plenty of experience with this story. It happens often but because it usually amounts to vaporware it doesn't get much coverage. These days we take for granted the wrappers and abstraction over the windows API, hell even Microsoft takes it for granted. But when it comes to things that by nature can't really take advantage of that abstraction it makes writing portable code a gigantic undertaking. It's unfortunate but it's often better to choose to not try to port than do massive rewrites for the sake of a lib that was designed horribly from the very beginning. And that isn't even getting into the things like the plethora of opaque types that Microsoft likes to use. When you're writing a VM or other such things it gets infuriating to only have a vague guarantee that you're passing or dereferencing an address that holds a block of arbitrary bytes.

    and that's just the very tip of the iceberg. I'm not even touching upon the lower, more fundamental design and implementation problems in Windows that the paper talks about. All the above can probably be worked around, but an intentional bug that makes it trivial for a program to bypass your hooks and touch kernel mode? Well, to be quite frank. You're up shit creek and good luck reaching in to pull out a stick to paddle with.
    --
    http://lagg.me [lagg.me]
    9467 6082 8A35 2E1E 2D6B 76C4 5E9A ED56 076F 9E89
    Starting Score:    1  point
    Moderation   +4  
       Insightful=3, Informative=1, Total=4
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5