data protection at system level

Monthly, if not weekly, new critical vulnerabilities are published in daily software. Due to such vulnerabilities, any computer may have already turned against its owner. This is not only a cause for concern as far as the computer has access to sensitive data, but also as your own computer becomes a threat to other computers. IT attacks are regularly based on hijacked computers and could become a civil liability trap.

But from time to time there is also good news. One of them is that a new release of the operating system Qubes OS has been released. Qubes OS is an operating system designed on the conceptual basis that your own system is not permanently secure on the Internet due to new security vulnerabilities in any software.

Instead of pulling the network plug and surrendering to the unmanageable risks of the Internet, the developers came up with a new approach. The actual operating system Qubes OS understands itself only as a management interface, which actually does not even provide access to the Internet or other network. The operating system provides only virtual machine management, while maintaining virtualization down to the hardware level. Since the operating system itself has no functionality to communicate with the outside world, there is no need to constantly lock new gates.

Virtual machines are used to work under Qubes OS. Qube’s OS supports Linux templates – currently Fedora 21 is included as a template – but Windows can also be run under Qube’s OS. The special feature is that the virtual computers are always started from a template. The default installation creates 3 virtual computer names “insecure”,”personal” and “bank”. In addition, there are 2 systems that provide the network functions for other virtual systems as “Service VMs”, whereby one system initializes the network card and establishes a connection, while the other only performs as a firewall.

Back to the beginning. If a critical vulnerability becomes known, which affects software used, the Qubes OS user can sleep much better. For example, if a flaw in the web browser has been exploited for a successful attack on one’s computer, the attacker only gets access to this virtual machine until the next virtual restart. As soon as the virtual system restarts, the original template is used again, leaving only a few private folders to the user, whose content is not executed automatically. Even in the case of a malicious file, which has penetrated into your own user folder, this file would have to be executed manually after every virtual startup.

Additional security is provided by various security zones. Thus, the “unsafe” system can be used to surf around even on suspicious websites without risk, while at the same time sensitive information such as access data & pins can be managed in the computer “Bank”, which itself is not allowed to access the Internet, and the emails can be managed in the computer “personally”. Of course, the operating system offers full hard disk encryption with a focus on security and even includes a workaround for secretly manipulating the boot process against the so-called Evil Maid attack.

All in all, Qube’s OS is a very promising system for all those who value IT security. At the present stage -Qubes OS R3.0- the system is already working well. However, if you don’t want to miss the comfort of a Windows environment, don’t want to burn your hands on a Linux command line, or can’t afford a delay due to unplanned maintenance, you should wait with the system change. Hopefully, the development of Qube’s OS will continue to be pushed ahead rapidly, so that the security standard that the system offers with proper handling will be available to less experienced users in the near future. So far, Qube’s OS has been a real insider’s tip for all those who value IT security more than the comfort and stability of a classic operating system.