CQ writes:
Qubes-OS, the Security-by-Isolation, VM-based operating system, has concluded that a port to the Windows OS line isn't feasible. In this post, the CEO of Inivisble Things Labs outlines what she had hoped to accomplish with the port and her explaination why it was just not meant to be.
This paper [pdf] contains all the technical bits you need to know, and the explanation on why the Windows APIs and system architecture are not appropriate for the task of creating an isolation system. It also has some interesting (if that's your thing) information on the Windows security model.
Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?
(Score: 5, Insightful) by Lagg on Saturday February 22 2014, @05:32PM
and that's just the very tip of the iceberg. I'm not even touching upon the lower, more fundamental design and implementation problems in Windows that the paper talks about. All the above can probably be worked around, but an intentional bug that makes it trivial for a program to bypass your hooks and touch kernel mode? Well, to be quite frank. You're up shit creek and good luck reaching in to pull out a stick to paddle with.
http://lagg.me [lagg.me]
9467 6082 8A35 2E1E 2D6B 76C4 5E9A ED56 076F 9E89