Dev.SN

No Windows Qubes port due to Win API, architecture

posted by Cactus on Saturday February 22 2014, @05:15PM   
from the get-outta-my-sandbox dept.

CQ writes:

Qubes-OS, the Security-by-Isolation, VM-based operating system, has concluded that a port to the Windows OS line isn't feasible. In this post, the CEO of Inivisble Things Labs outlines what she had hoped to accomplish with the port and her explaination why it was just not meant to be.

This paper [pdf] contains all the technical bits you need to know, and the explanation on why the Windows APIs and system architecture are not appropriate for the task of creating an isolation system. It also has some interesting (if that's your thing) information on the Windows security model.

Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?

• Its a shame Its a shame (Score: 2, Informative) by pixeldyne on Saturday February 22 2014, @11:29PM

  by pixeldyne (2637) on Saturday February 22 2014, @11:29PM (#5059)

  I can't say I'm a big fan of Windows but I'm often involved in virtualisation work. As far as I know the only product resembling chroot/jails is the Parallels Virtuozzo, which is based on an open source "containers" software (it's likely I'm wrong, it's been a while). Virtuozzo was great: it would allow me to run e.g. 10-20 windows 2003 "VMs" on a server with 4gb ram.

  There's a similar product (forgot the name) available for free, but it only works with XP.

  I'd be delighted if more people developed similar "container"-like virtualisation for Windows.

  Starting Score:	1		point
  Moderation		+1
  Informative=1, Total=1
  Extra 'Informative' Modifier		0
  Total Score:		2

• Re:Its a shame Re:Its a shame (Score: 2, Interesting) by lgw on Sunday February 23 2014, @02:31AM

  by lgw (2836) on Sunday February 23 2014, @02:31AM (#5096)

  I think this is just the wrong approach. Just run each process in its own VM on a thin hypervisor - don't trust a kernel for anything. Whatever isolation you write, attackers will eventually find flaws in. The bog name hypervisors no doubt still have flaws, but are far past any remotely easy VM escapes.

  The big problem with Windows as a guest OS is it's quite heavyweight. Something as light or lighter than XP would be great, though. And it's not like the OS needs to be secure at all when you're basically running one process per VM.

  Parent

  • Re:Its a shame (Score: 2, Insightful) by weilawei on Sunday February 23 2014, @06:04AM

    by weilawei (109) on Sunday February 23 2014, @06:04AM (#5139)

    So, we're back to exokernels [osdev.org], which place the userland and kernel on an equal footing. Although, if your suggestion involves a hypervisor, that's actually closer to a microkernel [osdev.org]. At some point, you have to trust SOMETHING, be it the hypervisor, the microcode for the hardware, the actual hardware itself. Saying "don't trust the kernel" isn't an appropriate response, when you suggest replacing the kernel with another piece of software that looks suspiciously like an exo/microkernel.

    Unless you're equipped like Chipworks [chipworks.com], you're STILL going to need to make assumptions about the security of many components.

    Parent

• Re:Its a shame (Score: 5, Informative) by TheRaven on Sunday February 23 2014, @07:46AM

  by TheRaven (270) on Sunday February 23 2014, @07:46AM (#5152) Journal

  The closest thing to Qubes for Windows (which also predates it, is more mature, and is also available for OS X too) is the Bromium Microvisor. Bromuim was founded by the same people as XenSource and uses the same underlying technology. It lets you run individual IE and MS Office processes in a separate throw-away VM that can write files to some shared space, but has no other state that persists beyond the program's lifetime or can (baring hypervisor bugs) touch the rest of the OS.

  --
  sudo mod me up

  Parent