CQ writes:
Qubes-OS, the Security-by-Isolation, VM-based operating system, has concluded that a port to the Windows OS line isn't feasible. In this post, the CEO of Inivisble Things Labs outlines what she had hoped to accomplish with the port and her explaination why it was just not meant to be.
This paper [pdf] contains all the technical bits you need to know, and the explanation on why the Windows APIs and system architecture are not appropriate for the task of creating an isolation system. It also has some interesting (if that's your thing) information on the Windows security model.
Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?
(Score: 2, Informative) by pixeldyne on Saturday February 22 2014, @11:29PM
I can't say I'm a big fan of Windows but I'm often involved in virtualisation work. As far as I know the only product resembling chroot/jails is the Parallels Virtuozzo, which is based on an open source "containers" software (it's likely I'm wrong, it's been a while). Virtuozzo was great: it would allow me to run e.g. 10-20 windows 2003 "VMs" on a server with 4gb ram.
There's a similar product (forgot the name) available for free, but it only works with XP.
I'd be delighted if more people developed similar "container"-like virtualisation for Windows.
(Score: 2, Interesting) by lgw on Sunday February 23 2014, @02:31AM
I think this is just the wrong approach. Just run each process in its own VM on a thin hypervisor - don't trust a kernel for anything. Whatever isolation you write, attackers will eventually find flaws in. The bog name hypervisors no doubt still have flaws, but are far past any remotely easy VM escapes.
The big problem with Windows as a guest OS is it's quite heavyweight. Something as light or lighter than XP would be great, though. And it's not like the OS needs to be secure at all when you're basically running one process per VM.
(Score: 2, Insightful) by weilawei on Sunday February 23 2014, @06:04AM
So, we're back to exokernels [osdev.org], which place the userland and kernel on an equal footing. Although, if your suggestion involves a hypervisor, that's actually closer to a microkernel [osdev.org]. At some point, you have to trust SOMETHING, be it the hypervisor, the microcode for the hardware, the actual hardware itself. Saying "don't trust the kernel" isn't an appropriate response, when you suggest replacing the kernel with another piece of software that looks suspiciously like an exo/microkernel.
Unless you're equipped like Chipworks [chipworks.com], you're STILL going to need to make assumptions about the security of many components.
(Score: 5, Informative) by TheRaven on Sunday February 23 2014, @07:46AM
sudo mod me up