Yeah. It's theoretically possible and has been done once, but it's like trying to hack your own matrix. The vast, vast majority of malware will just get stuck.
Funfact, last time I tried to set up a windows VM inside qubes the feature set was very limited due to security vulnerabilities in the xen drivers they use.
And btw he is a scummy who disguise his tutorial to lure 'illiterate tech people' to use his products, he shamelessly said that his website is much better than TOR or Tails when browsing dark web.. That's so disgusting he is tricking these people to pay for his website with glorified vpn.
here is the question.. how can you trust the threat detection works? and how can you trust the validation method of the threat detection to actually work? and how can you trust the validation of the validation method that validates the threat detection? and how can you trust the validation of the validation that validates the validation method that validates the threat detection?
they are both good security OS, but they use completely different security paradigms for different purposes, tails is not very secure if you start loading it up with your normal software, it is meant to do a few tasks and only those tasks without leaking info online, the "protection" from malware and hackers is a tiny attack surface due to the amount of time that it is expected to be running before reset, the and the specifically chosen software that should be run (if you go to install new software on it, this type of security can be compromised) Qubes is good for running arbitrary software and minimizing the effects of an attack if some of that software is compromised. TD;DR: Tails is a bunker, Qubes is a public building with strictly enforced security protocols. while a bunker might be safer, you are limited in what you can do.
Quite an overselling. Qubes is just XEN VMs properly set up with some additional tooling for security and convenience. I used it on my main computer for several years with a few Debian and Windows VMs. If security is a concern I'd definitely suggest it, otherwise it can be a bit cumbersome at times.
You also have to restrict yourself from mixing different aspects of your life within the same browser/container/etc. If you would access work stuff in the same session as private stuff, it can be correlated.
an interesting feature in Qubes is that you have to manually mount USB devices (you can make an exception for mice and keyboards). It’s a good middle ground between disabling USB ports entirely and letting any random USB device have full reign of your system as soon as you plug it in.
@@UNcommonSenseAUSyeah, i feel like that’s the opposite of what you should be doing lol. “Yeah I just added a security bypass for the devices that can execute arbitrary inputs, I’m sure it will be fine”
@@palmberry5576I'm pretty sure the exception is for one of each device to make sure you're able to actually use the OS. It probably doesn't allow just anything that labels itself "keyboard", and when you finish setting up your keyboard and mouse you can turn the setting off.
The way xorg is used in qube os is really cool. Data is copied from the vm to the host so the vm can't even see applications from other vm's. The rpc is also cool so you're able to have your ssh agent running on an isolated vm.
Is not a paranoia is just how decent security entreprise system must works. In our bussines we don't have any direct connection to internet on our Workstations. email/browser/etc. open on a dedicated VM that is hosted in the dedicated server, any file we download are automatically scanned by the server and only then we can open/copy on our computers trough the local network. Moreover the Clipboard work only one way for logical security mesure. If you want a similar level of protection Qos is a very good solution and even better for some case scenarios.
It does matter if the malware grabs any passwords written on that virtual pc, also it could shortcut or attach itsselves to other files thats spread on it too.
Bro, I simply LOVE the way you share content, I almost never have enough time anymore to see you. But every now and again I allow myself to get a zip of your humor. It just NEVER fails. You mean a lot to many good folks. Please, allow yourself to feel proud if you ever read this! ❤😂🎉😊
Had to comment .. In the past 10+ years, I’ve watched a lotttt of TH-cam videos and I have to say yours are some of the best I’ve seen... awesome content and great job on these videos.
I can imagine using it as a virtual Computer running from my 'everyday' os, using it only for super secure web surfing. I wonder if it still secure used like that.
and then you remember that you want to play games, and they need direct hardware access to not choke your FPS and they need to run their rootkit for cheat detection, so the gaming you is basically an admin of all other you. Industry does not want you to be able to do that
This is not exactly true. In Qubes OS you can just create a Windows HVM qube and attach your GPU into it. You will be able to play almost of the games without much performance issues. But those games with anti cheat that blocks Virtual Machines, e.g Valorant and Rainbow Six Siege, you will not be able to play. So isn't perfect but not bad at all.
@@ivanlaplanteproblem with most versions of dual boot is then Windows can write over your qubes disk. Some laptops and desktops make it easy to physically swap out disks, which solves this. You could also boot qubes from USB, leaving the windows disk in place. But most laptops only have one USB bus, so you'll probably lose the USB qube benefits.
what if each app had their own sandbox or container, isolated from outside. and only way it can access your files for example is via open file dialog, so via your strict permission
No, containers use their host system kernel to do what they do which means windows can't run in a container. This runs on virtualization which is typically slower but far more secure than containers.
@@mwmm not exactly. You run Docker on a VM and run WCOW. Done, fully operational Windows 10 or 11 on VM- container. The Kernel will be provided by the VM not the host machine.
@@VargVinter that's still running on a virtualized host since that's essentially what a VM does. If you're running a windows host, it supports running a windows docker container, if you're running a Linux host it supports running a Linux host only. WSL2 is still essentially a VM within windows of which you can run Linux containers within. You're going to get severe performance hits by doing this and it isn't the same as running natively on a bare metal host kernel. This doesn't change the fact that containers can only run what's on the host kernel, be it a virtualized or bare metal host.
Honestly thats great opsec to an IT professional. In the day and age where our information is sold its kinda giving the middle finger to google and Microsoft but rather than manualy setting up individual vm's it does it for you.
2 problems: 1) Windows is already converting to this technology. 2) Speculative execution and side channel attacks are working to circumvent Virtualization isolation. Why? Because servers run virtualized apps. Banking servers, etc.
@@camwha5904that would be a mistake, as you'd lose out on basically the whole point of TailsOS, being ram-based. Whonix is a better idea to use in a qube.
Doesn’t matter. Qubes just doesn’t care. The cubes do not read outside of their container. So, If you want you can spin up a cube with chromium and just give Google false data by searching random nonsense.
This is a form of vitualization... like you said. However, this is most closely resembling things like a container system. Similar to what AWS uses, and even Azure and other clouds now
This has been a thing for atleast the last 20 years I've been programming and probably one of the first tools programmers useD to try and break the box (Virtual P.C.)
I used this notorious os for 3 years. Its based on "compartmentalization by virtualizing". Every program runs in an guest OS. Its really pain to set up.
Besides the security / paranoia aspect, it just makes a lot of sense to divide your computer into compartments. I usually have like 5-10 projects open in vs code, files for all of them in different apps (photoshop, unity, xd, etc etc), plus 100s of tabs pertaining to stuff for each project. It’s a huge pain, and I can obviously spin up VMs on my Mac for each project, but it’s baffling to me that there’s not tighter OS integration for that. How do people generally deal with managing multiple projects? Can’t imagine anyone closes all files for one project whenever they need to briefly switch to another one.
I mean, making a DISA STIGd locked down linked clone or something equivalent in nature that will be destroyed and rebuilt from an isolated "master" image works just as well and is just as secure. You could use VMware, Citrix, Oracle, AWS, Azure, or many others to achieve the exact same result.
“The malware will never escape my virtual machine”
right ? ....right?????
@@TheFiretiger20 yep. can't thank them enough for this genius idea. finally freedom from getting hacked like crazy!
Spectre looms in the distance
It will not if you isolate all files linked to it.
Famous last words
"every software can be exploited except my virtualization software"
This is actually fairly true. It's similar to trying to break out of the matrix.
Yeah. It's theoretically possible and has been done once, but it's like trying to hack your own matrix. The vast, vast majority of malware will just get stuck.
Funfact, last time I tried to set up a windows VM inside qubes the feature set was very limited due to security vulnerabilities in the xen drivers they use.
@@Anteksanteri the host and the vm are essentially on the same network
I hacked Harper TH-cam channel through a virtual machine! You better get cubes to stop me!
RAM : *"I'am tired boss"*
256 GB of RAM: Pathetic
@@thenonkiller2999 :3
linux uses barely any ram
If you strip out the GUI and most the Apps.@@ygx6
I had to return to the video to appreciate this
My favorite part about Qubes is not using it.
😂😂
wh
Lol
CAN'T GET HACKED IF I DON'T INTERNET!!!!
Damn bro that’s deep
I'm usually skeptical about men on the internet telling me about os' but he has a very trustworthy beard.
Todd you’re lying again
Todd, I know you are hiding somewhere I will find you
Feminist
And btw he is a scummy who disguise his tutorial to lure 'illiterate tech people' to use his products, he shamelessly said that his website is much better than TOR or Tails when browsing dark web.. That's so disgusting he is tricking these people to pay for his website with glorified vpn.
Undercover coffee, ceramics and pottery boss
Great😂😂😂😂❤
I mean... He likes coffee :)
Everything is a minic
Reordering medical supplies to conflict zones in MENA region. Russia and Ukraine.
That's called the "Zero Trust" policy. That's how proactive threat detection works.
here is the question.. how can you trust the threat detection works? and how can you trust the validation method of the threat detection to actually work? and how can you trust the validation of the validation method that validates the threat detection? and how can you trust the validation of the validation that validates the validation method that validates the threat detection?
I think tails is still the best OS as it boots off a usb, runs on memory and deletes everything when you log off. Neat though.
You can run Tails under Qubes
yeah just run tails in qubes then? Problem is tails is purely temporary while qubes allows you to actually use the computer even after a power outage
@@akemihibiki463afik: tails runs all your internet traffic over tor, which will encrypt all your requests and hide your ip adress
they are both good security OS, but they use completely different security paradigms for different purposes, tails is not very secure if you start loading it up with your normal software, it is meant to do a few tasks and only those tasks without leaking info online, the "protection" from malware and hackers is a tiny attack surface due to the amount of time that it is expected to be running before reset, the and the specifically chosen software that should be run (if you go to install new software on it, this type of security can be compromised)
Qubes is good for running arbitrary software and minimizing the effects of an attack if some of that software is compromised.
TD;DR: Tails is a bunker, Qubes is a public building with strictly enforced security protocols. while a bunker might be safer, you are limited in what you can do.
Love this community. I'll definitely try out using tails in Qubes, get the best of both.
Double charactered people's finally got their virtual self😅
😂😂😂
Fascinating
I am soo gonna use it
The random mario maker sound effect caught me of guard
Same
Quite an overselling. Qubes is just XEN VMs properly set up with some additional tooling for security and convenience. I used it on my main computer for several years with a few Debian and Windows VMs. If security is a concern I'd definitely suggest it, otherwise it can be a bit cumbersome at times.
You also have to restrict yourself from mixing different aspects of your life within the same browser/container/etc. If you would access work stuff in the same session as private stuff, it can be correlated.
a bit qubersome *ba dm tss*
Bro your profile name is a dot😂
Are you software architect?
@@revisionconsistency Thanks for the hint. Seems to be something new on YT. I always had a handle but now I had to explicitly set one.
@@gzoechi 😂❤️
an interesting feature in Qubes is that you have to manually mount USB devices (you can make an exception for mice and keyboards). It’s a good middle ground between disabling USB ports entirely and letting any random USB device have full reign of your system as soon as you plug it in.
Well yeah, and if you add a USB device in your host PC whith a mallware which will give nasty commands to your Qubes instances? :)
Exceptions for hid isn't a solution.
@@UNcommonSenseAUSyeah, i feel like that’s the opposite of what you should be doing lol. “Yeah I just added a security bypass for the devices that can execute arbitrary inputs, I’m sure it will be fine”
@@palmberry5576 lol I know rite...
@@palmberry5576I'm pretty sure the exception is for one of each device to make sure you're able to actually use the OS. It probably doesn't allow just anything that labels itself "keyboard", and when you finish setting up your keyboard and mouse you can turn the setting off.
The way xorg is used in qube os is really cool. Data is copied from the vm to the host so the vm can't even see applications from other vm's. The rpc is also cool so you're able to have your ssh agent running on an isolated vm.
Is not a paranoia is just how decent security entreprise system must works.
In our bussines we don't have any direct connection to internet on our Workstations. email/browser/etc. open on a dedicated VM that is hosted in the dedicated server, any file we download are automatically scanned by the server and only then we can open/copy on our computers trough the local network. Moreover the Clipboard work only one way for logical security mesure.
If you want a similar level of protection Qos is a very good solution and even better for some case scenarios.
ok
Quality of service?
What’s Qos
@@GreatTaiwanqubesos
"A reasonably secure OS" lol 😂😂😂
reasonably
@@DoFliesCallUsWalks oops
@@GilchristMcGill 😁
@@DoFliesCallUsWalkshuh😮
@@DoFliesCallUsWalksHuell is happy, yay
I think OpenBSD is also quite secure given the way they keep the base system safe...
It does matter if the malware grabs any passwords written on that virtual pc, also it could shortcut or attach itsselves to other files thats spread on it too.
Bro, I simply LOVE the way you share content, I almost never have enough time anymore to see you. But every now and again I allow myself to get a zip of your humor. It just NEVER fails. You mean a lot to many good folks. Please, allow yourself to feel proud if you ever read this! ❤😂🎉😊
It's crazy how i end up saving every one of your videos for later use. Very useful!
Had to comment .. In the past 10+ years, I’ve watched a lotttt of TH-cam videos and I have to say yours are some of the best I’ve seen... awesome content and great job on these videos.
Dude, I love how calm and relaxed you’ve become again! Keep up whatever you are doing.
Website: "you got hacked"
Qube: "i dont care"
Website; "your gonna get your computer controlled"
Qube: *"I DONT CARE"*
Before docker and virtual environments we had a similar idea in our company but designing and developing it in isolation led to giving up on the idea.
And making ur pc suffer if you open to much qubes (if it is not powerful enough)
so we out here making virtual box and os now
Great short man!
You formed an anchor for long form; I like it
Makes me wish I could just go back to the day I started using the Internet for the first time and somehow use cubes back then.
I can imagine using it as a virtual Computer running from my 'everyday' os, using it only for super secure web surfing. I wonder if it still secure used like that.
In this case it is only as safe as your main everyday OS
The Mario Maker sfx scared me lol
Mario Paint
I really like this video. The background music went really well with your style of giving info. I recommend using it more often with your shorts
This is how the android is works also. Each app is encapsulated with it's own virtual machine.
i had a stroke reading the first part
pls fix yo damn grammar
and then you remember that you want to play games, and they need direct hardware access to not choke your FPS and they need to run their rootkit for cheat detection, so the gaming you is basically an admin of all other you. Industry does not want you to be able to do that
This is not exactly true. In Qubes OS you can just create a Windows HVM qube and attach your GPU into it. You will be able to play almost of the games without much performance issues. But those games with anti cheat that blocks Virtual Machines, e.g Valorant and Rainbow Six Siege, you will not be able to play. So isn't perfect but not bad at all.
@@bcz1337Dual boot with a Windows drive for gaming with anti-cheating and a Qubes drive with proper isolation for everything else?
@@ivanlaplanteproblem with most versions of dual boot is then Windows can write over your qubes disk. Some laptops and desktops make it easy to physically swap out disks, which solves this. You could also boot qubes from USB, leaving the windows disk in place. But most laptops only have one USB bus, so you'll probably lose the USB qube benefits.
@@ivanlaplante Dual boot Qubes with any other OS just breaks the entire purpose of their security schema. Just read the Qubes's docs.
@@bcz1337 i might be misunderstanding how dual boot work, will look both
TempleOS is more secure
what if each app had their own sandbox or container, isolated from outside. and only way it can access your files for example is via open file dialog, so via your strict permission
Background song / music: Dylan Sitts - Mirror Moving
qubes more like cubes 🗣🔥🔥🔥🔥
Pubes
@@boardsontt1756hehe pubes
Lubes
bubes(boobs)
@@Difluoroacetamide Rubes🗣🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
Like a specialized container?
Yes
No, containers use their host system kernel to do what they do which means windows can't run in a container.
This runs on virtualization which is typically slower but far more secure than containers.
@@mwmm not exactly. You run Docker on a VM and run WCOW. Done, fully operational Windows 10 or 11 on VM- container. The Kernel will be provided by the VM not the host machine.
@@VargVinter that's still running on a virtualized host since that's essentially what a VM does.
If you're running a windows host, it supports running a windows docker container, if you're running a Linux host it supports running a Linux host only.
WSL2 is still essentially a VM within windows of which you can run Linux containers within.
You're going to get severe performance hits by doing this and it isn't the same as running natively on a bare metal host kernel.
This doesn't change the fact that containers can only run what's on the host kernel, be it a virtualized or bare metal host.
Just don't go around testing viruses and malware with it many can break through your from Virtual machine to your main system
Honestly thats great opsec to an IT professional. In the day and age where our information is sold its kinda giving the middle finger to google and Microsoft but rather than manualy setting up individual vm's it does it for you.
2 problems: 1) Windows is already converting to this technology. 2) Speculative execution and side channel attacks are working to circumvent Virtualization isolation. Why? Because servers run virtualized apps. Banking servers, etc.
nice background beat. link or something, please!
Making a comment here in case someone else can answer
Tails has entered the chat
Run it in a Qube
@@camwha5904that would be a mistake, as you'd lose out on basically the whole point of TailsOS, being ram-based. Whonix is a better idea to use in a qube.
This is actually a cool idea. the persona part.
You know what ignorance and over-caution have in common? Limitation and vulnerability.
They've got different methods of privacy but TailsOS is pretty secure
Tails is for privacy, qubes is for security.
can't wait for SonicOS!
"secure os" *shows chromium*
When?
When?
@@arcticfox037on the thumbnail
Doesn’t matter. Qubes just doesn’t care. The cubes do not read outside of their container. So, If you want you can spin up a cube with chromium and just give Google false data by searching random nonsense.
@@blbezcc it's because the thumbnail is a frame from the video.
I haven't seen many shorts (if any) that have a custom thumbnail.
This is a form of vitualization... like you said. However, this is most closely resembling things like a container system. Similar to what AWS uses, and even Azure and other clouds now
Oh no!
My box has a hole in it!
[Throws it out for a new one]
Honeypot?
Like anything technology.
Same vides I got. I'm telling you the feds use these guys to promote vulnerabilities. Tails is the top dog on a yagi
@@Thedude897wdym?
@@Thedude897 that's ridiculous. The Qubes and Tails teams are good friends and share code, and QubesOS is open source.
It is also the same OS used by Edward Snowden for Whistleblowing about US Govt
Good way to describe a Virtual Machine :)
Good short brother very eye catching !
Might make sense to use containers for banking etc.
Ram: *Intense working on opening qube*
I havnt heard that “WOOO” since I played Fancy Pants Adventures on Kongregate games (I think that’s where that was used)
Why does it always make me imagine a cluster of Nintendo GameCubes, where I hear Qubes mentioned.
Trying to set up "QUBES OS" is like trying to set up a hot date for a Friday night!
This has been a thing for atleast the last 20 years I've been programming and probably one of the first tools programmers useD to try and break the box (Virtual P.C.)
Similar to chrome os which runs apps in a sandbox
As SysAdmin: it's not paranoid, Windows already has this function, but disabled by default.
Ok, a years ago we just booted to a live linux from a usb that’s set
I find it funny that this is on my fy page and over this short is an sponsorship about opera😂
So it's just a virtual box like many other virtual boxes - with all features and disadvantages of virtual boxes included.
That sucker is pretty rad! I wanna try it out
Virtualbox: am i a joke to you
The zero trust mentality mixed in with insane RAM.
Paranoid people: Install the most secure OS.
Hardware backdoors: Am I joke to you?
I usually use a virtual machine inside a virtual machine. Most malware doesn't manage to escape one VM.
I thought it was called "environment" like in Python
Radio is legitimately one of the most monitored ways of communication.
I used to do something similar with a linux distro called slax.
Thanks!
Imagine having 128gb of memory just lying around for you to use all the apps you need.
If you’re targeted like that. The hacker will break out of the VM
From the way he explained it, it looks like each time you set up a cube it's a new cube?
@@phoenixwhiler943 it's just a virtual machine, he said it himself. just a second of online time is needed if you're targeted badly enough like that
That's not going to happen unless user is dumb. QubesOS is used by even Edward Snowden, the system which runs the VMs is also pretty secure.
What about when you get a crypto miner in your graphics card firmware because of an app and cube running a infected binary?
gentoo: hold my bear
systemd slice, container, SELinux, nixos...
there is a lot of manner to do it with the overhead of VM
I used this notorious os for 3 years. Its based on "compartmentalization by virtualizing". Every program runs in an guest OS. Its really pain to set up.
Oh I’m sure whatever security this has the government can both crack it and has way better.
Yes virtualization will makes your computer more secure but it will severely reduce performance
at bromium we also do this for windows
This sounds exactly like “VMWare”.
Tails OS: hold my beer
What im really interested in is how they solve the problem with programs that can detect they are in a VirtualBox and work around it anyway.
Tails OS has entered chat
Me launching a qube in a qube 🗿🗿
virtualization =/= security
when you were basically just describing VMs to me i was basically like "dude youre just describing VMs to me"
Until the 3 letter agencies find a 0day that lets them jump hypervisors 😂
Can I call myself *Q*? What better persona to encourage so many weirdos to hack me!!
They’re now finding out about VMs
im not worried about hackers, im worried about the monopolistic and privacy invasive company whose software we have to use
Almost like incognito
Bro is moving every time like even his feet going in motion
well. Virtual machine application sometimes has vulns ,so it can be break.
More than tails? Sounds like kevin brxs idea! Different browsers types per area
ok here me out open a cube then open another cube in that cube
Finally an OS for my multiple personality disorder ☹️🙁😐🙂😀😃😆🤣
Besides the security / paranoia aspect, it just makes a lot of sense to divide your computer into compartments. I usually have like 5-10 projects open in vs code, files for all of them in different apps (photoshop, unity, xd, etc etc), plus 100s of tabs pertaining to stuff for each project.
It’s a huge pain, and I can obviously spin up VMs on my Mac for each project, but it’s baffling to me that there’s not tighter OS integration for that.
How do people generally deal with managing multiple projects? Can’t imagine anyone closes all files for one project whenever they need to briefly switch to another one.
Neovim + tmux :D join the dark side
lol this whole vid goes pretty hard with the beat
I mean, making a DISA STIGd locked down linked clone or something equivalent in nature that will be destroyed and rebuilt from an isolated "master" image works just as well and is just as secure. You could use VMware, Citrix, Oracle, AWS, Azure, or many others to achieve the exact same result.