Qubes OS

How does Qubes become the most secure operating system today?

By isolation. Qubes is not an ordinary Linux distribution, Qubes is a Xen distribution. Xen is an open source tier 1 (baremetal) hypervisor that runs directly against the hardware. Virtual machines run on top of Xen, each of these virtual machines is the one that provides services to the system. For example, there is a virtual machine that provides access to the network, another virtual machine provides the firewall, another virtual machine dom0 is the one that manages the Xen engine, another virtual machine manages the USB devices, and finally we have the different work environments, with which we can create various levels of reliability.

All this that you are telling me is all Greek to me. In short, if a virtual machine is compromised, it will not affect the rest of the machines, because each machine is isolated from the rest of the system.

Within Qubes, we can run different Linux templates, including Fedora and Debian, and we can also run Windows (I do not recommend it, because it is a severely compromised system).

What are these working environments?

The funny thing about all this, is that we have to re-educate ourselves to use Qubes. The idea is based on having several environments depending on the reliability of each one. For example, we will use the "untrusted" environment for everyday web browsing, we can use the personal environment for accessing password-required websites, and we can use the "work" environment or one created on purpose for the most critical websites such as bank websites. Finally we have an environment called "vault" which does not have Internet access, and in which we should store our files. The working environments are differentiated from each other by the color of their windows, which is customizable. For example, in the default installation the "untrusted" environment has a red window border, the "personal" one is yellow, "work" is blue, and finally the "vault" environment is black.

What does this achieve? That for example, if the "untrusted" environment is compromised, it will not affect the "personal" environment in which we have access to webs with passwords and therefore the access cookies. Or in the same way, if the "untrusted" environment or any other is compromised, it will never have access to our "vault" environment which is where we have the files.

We can create as many environments as we want in just seconds, since these are based on Templates predefined by the system.

How does Qubes achieve privacy?

Through Whonix and the Tor network. Whonix is a Linux distribution configured to use Tor by default, like Tails. Qubes uses a Whonix Template to give access to the Tor network. In case we want privacy, we just have to make use of the whonix machines that Qubes creates by default. We can even configure it so that all Qubes access is through Tor.

What do I need to use Qubes?

A processor and a motherboard that are compatible with Intel's vt-x and vt-d instructions or their AMD equivalents, AMD-V and AMD-Vi.

It's a bit of a pain, because not all computers, especially low-end ones, are compatible, but it's the price to pay for running a "reasonably secure" operating system.

How do you install it?

Well, like any other Linux distribution, it has its graphical wizard and it is not very difficult, but if you have any questions or problems, I will gladly help you.