Qubes OS is a secure operating system based on Linux and the Xen hypervisor. Use this tag for questions that are Qubes specific and not for generic Linux or Xen questions
Qubes OS is a security-oriented operating system, with a focus on security by compartmentalization, isolating chunks of your digital life into qubes and mitigate other complex attacks where firewalls and antiviruses aren't enough.
It runs on top of Xen Hypervisor and use advanced virtualization features like Intel VT-x with EPT or AMD-V with RVI in conjunction with IOMMU to create security domains like "work", "fun" or "shopping". Each domain is a separated Virtual Machine, and isolated between them but tightly integrated with Qubes-Os graphical interface. Window border colors are used to denote each domain.
To mitigate Layer2 based network attacks, you can use a netvm as the Virtual machine that will bridge connections with Dom0, and route all traffic from AppVm to it's specific netvm gateway. This abstraction also applies to firewalls.
No software is run on Dom0 for security reasons, and since everything works inside virtual machines, attacks that could lead to privilege escalation should not harm the main OS.
Disposable VMs are also an interesting concept of lightweight VM that can be created quickly and which will disappear when it is finished with. There is a list of Templates, used to provide Apps based on well known distributions.
Related Stuff:
