Qubes OS is the perfect operating system for security-conscious users

Qubes OS is the perfect operating system for security-conscious users

The world of Linux distros is chock-full of cool operating systems that bring distinctive features to the table. You’ve got simple and user-friendly Debian-based distros that are easy to configure even for newcomers. Then there’s the bleeding-edge Arch Linux that comes with a do-it-yourself design featuring advanced customization options, though you’ll have to contend with instability issues every once in a while.

Once you venture deep into the rabbit hole, you may come across something as unique as Qubes OS. Designed for users who consider isolation of services their mantra, Qubes OS is a solid distro if you prefer security above all else.

Related

4 amazing operating systems for security-conscious users

Not fond of the vulnerable nature of Windows 11? These four ultra-secure operating systems might just be what the doctor ordered

What’s Qubes OS?

And why should you use it?

Accessing the Qubes OS UI

Powered by the Type-1 Xen hypervisor, Qubes OS provides a highly secure working environment by compartmentalizing all apps and services inside isolated environments. In simple terms, Qubes OS segregates the applications within different compartments called qubes. Each qube contains its own OS template, binaries, and other packages, essentially acting as a completely isolated virtual machine.

By running apps within closed-off environments, Qubes OS ensures that any security breaches or malware attacks inside a qube don’t spread to the other services. Plus, you’re free to modify the apps, OS templates, network stack, IO devices, and firewall settings of the qubes per your needs. If you’re particularly conscious about privacy, you’ll be glad to know that Qubes supports Whonix, a VM-only operating system that combines a hardened Debian kernel with the Tor anonymity network.

Setting up Qubes OS

Creating a bootable drive

The first step to installing Qubes OS involves flashing its ISO file onto a USB drive. We’ve used Balena Etcher for this purpose, but you’re free to use any other image-flashing tool.

  1. Download the latest version of the Qubes OS ISO file from the official website.
  2. If you’ve already configured Balena Etcher, grab its setup.exe file from the official link and use it to install the tool on your PC.
  3. Launch Balena Etcher with admin privileges.
  4. Click on Flash from file and choose the Qubes OS ISO file you downloaded earlier.

    Selecting Qubes OS file in Balena Etcher

  5. Press the Select target button and pick your USB drive.

    Selecting the USB drive in Balena Etcher's UI

  6. Tap Finish and wait for Balena Etcher to prepare the bootable drive.

    Flashing a USB drive with the Qubes OS ISO

Alternatively, you can forgo the bootable drive and upload the Qubes OS ISO to a PXE boot server tool like iVentoy.

Modifying the BIOS settings

Whether you’re using a bootable drive or a PXE server, you’ll need to modify the boot options in your target machine’s BIOS. While you’re at it, remember to enable CPU virtualization and IOMMU Groups, as Qubes OS requires these settings to function properly.

  1. Plug your bootable drive/LAN cable into the target machine and mash the Delete key as it boots up.
  2. Once you’re inside the BIOS, head to the Advanced tab and set USB flash drive/UEFI network as Boot Option #1.

    Setting a USB drive as the Boot option in the BIOS

  3. Next, switch to the Advanced CPU Settings section and enable SVM/Intel VT-x/AMD-V.

    The procedure enable SVM Mode in the Gigabyte Aorus BIOS

  4. The IOMMU option is a bit harder to find, though it’s usually within the Advanced CPU Configuration tab inside AMD CBS or inside the Miscellaneous settings section.

    Enabling IOMMU in the BIOS

  5. Save the changes before exiting the BIOS.

Installing Qubes OS

Once your PC reboots, it will load the Qubes OS installer, and you’re free to proceed with the setup process.

  1. Select the Test media and install Qubes OS option and hit Enter.

    Choosing the Test media and install Qubes OS option

  2. Pick the UI language and tap Continue.

    Choosing the language in the Qubes OS installation wizard

  3. To choose the storage drive for the OS, click on Installation Destination.

    Choosing the Installation Destination Qubes OS installation wizard

  4. Select your preferred drive under the Local Standard Disks option and tap Done.

    Choosing the storage drive in the Qubes OS installation wizard

    For extra security, you can encrypt your storage drive with a Passphrase.

  5. Click on the User creation tab.

    Selection the User Creation tab

  6. Fill in the Full Name, Username, and Password before tapping Done.

    Editing the account credentials in Qubes OS

  7. Press the Begin Installation button and wait for the wizard to set up Qubes OS on your system.

    Click on the Begin Installation button

    Hit Reboot system when the installation process finishes before unplugging the USB drive from your PC.

  8. When the PC boots up, click on the System option.

    Clicking on the System option

  9. Tweak the templates, configuration, and thin pool settings before clicking on Done.

    Modifying the Qubes OS configuration options

  10. Press Finish Configuration to wrap up the Qubes OS installation.

    Finishing the Qubes OS installation

Getting started with Qubes OS

Unlike other Linux distros, Qubes OS can have a rather steep learning curve, especially if you’ve never dealt with virtualization platforms. So, here are some tips to help you get started with the OS:

  • Once you click on the Start, or rather, Qubes button, you’ll notice several cubes containing some pre-installed apps.

    The apps in Qubes OS

  • Certain apps, such as Firefox, may appear on a handful of qubes, though the privileges available to the app tend to vary between different environments.
  • To configure a qube to your liking, click on the Settings button. This will open up a new window, where you can modify everything from the OS template, apps, and I/O devices to the amount of virtual cores and memory allocated to the qube.

    The Qubes settings in Qubes OS

  • If you wish to create an isolated environment, you can do so with the Create New Qube option inside the Qubes Tools section of the Start menu.

    The Create New Qubes option in Qubes OS

  • Speaking of, you can use the Qube Manager option to keep tabs on all the qubes within your system.

    The Qubes Manager in Qubes OS

  • Remember, dom0 is the central qube that governs the operations of all other environments, and you should leave it alone to avoid compromising the security of your system.
  • Finally, the Qubes Template Manager is another useful setting, as it lets you switch, download, and access different operating system templates for your qubes.

Staying one step ahead of malware with Qubes OS

That’s everything you need to know to get started with Qubes OS. If you’re using Qubes solely for security and privacy reasons, I recommend creating a separate qube with the Whonix template and adding hardened firewall rules. However, for those considering a switch to Qubes, keep in mind that the distro runs all your apps inside virtualized environments. As such, you may not get the same level of performance as with other operating systems.

link