Qubes 4.1 release using virtualization to isolate applications

After almost four years of development Operating Release Systems Qubes 4.1 , implementing the idea of ​​using a hypervisor for strict isolation of applications and OS components (each class of applications and system services are operating in separate virtual machines) . To work you need System with 6 GB of RAM and 64-bit Intel or AMD with support for VT- technologies X C EPT / AMD-V C RVI and VT-D / AMD IOMMU, it is desirable to preserve the GPU Intel (GPU NVIDIA and AMD are not well tested well). The size of the installation image – 6 GB

applications in Qubes are divided into classes depending on the importance of data being processed and solved tasks. Each application class (for example, work, entertainment, banking operations), as well as system services (network subsystem, firewall, work with a storage, USB stack, etc.), work in separate virtual machines, started using Xen hypervisor . At the same time, the specified applications are available within the framework of the same desktop and are allocated for visibility to different colors of the window framing. Each environment has read access to the base root FS and a local storage that does not intersect with repositations of other environments, a special service is used to organize applications.


As a basis for forming virtual environments, the Fedora and Debian packet base can be used, also the community supports templates for Ubuntu, Gentoo and Arch Linux. It is possible to carry out access to applications in a Windows virtual machine, as well as creating virtual machines based on WHONIX to provide anonymous access via TOR. Custom shell is based on XFCE. When the user starts from the application menu, this application starts in a specific virtual machine. The content of virtual environments is determined by the template set.




Basic Changes :

/Media reports.