Finally, after months of hard work,
seamless mode for Windows 7 AppVMs is coming to Qubes OS! The new
Windows Support Tools will be released together with the Qubes OS R2
Beta 3, which we plan to release in the next 1-2 weeks. Here is an
obligatory screenshot showing a few Windows apps running in seamless
mode integrated onto Qubes trusted desktop (note the usual Qubes
trusted decorations around each of the Win7 windows):
The
seamless mode for Windows AppVMs is not yet
as polished
as the one we have for Linux AppVMs, because,
unlike what we do for Xorg, the Windows GUI agent is not based on
composition buffers extraction. This
causes some, rather
minor,
cosmetic problems. For example, when we have two overlapping windows from a Win7 AppVM, and move the top window away, its remaining "shadow" will be visible on the underlying window for the duration of the operation. But generally this all works reasonably good, and you
should not really feel
any slowness or heaviness
compared to Linux AppVMs
virtualization. It should be
noted that we managed to add this seamless support for Windows AppVMs
without any changes to our secure GUI virtualization protocol.
Of course, the usual Qubes integration features, such as secure inter-VM clipboard and file copy also work for Windows AppVMs with the tools installed.
The
Qubes Windows
Support
Tools
are proprietary, but they are
supposed to be installed only
in the Windows 7 VMs, which themselves contain millions of lines of
proprietary code already. Besides that, the tools do
not introduce any other modifications to the system.
As a special bonus
we have also added (and releasing also in R2B3) the support for template-based HVMs. So it will now be possible to
do something like this:
qvm-create
--hvm
work-win7 --template
win7-x64 --label
green
qvm-create
--hvm
personal-win7 --template
win7-x64 --label
purpleqvm-create --hvm testing-win7 --template win7-x64 --label red
All such template-based AppVMs use the root filesystem from
the Template VM, which is shared in a read-only manner, of course,
but Qubes makes it look for the AppVMs as if the root filesystem was
writable.
Just like in case of Linux
AppVMs, the actual writes are stored in COW buffers
backed by files stored in each of the AppVMs
directories. Upon AppVM's reboot, those
files
are
discarded, which reverts the VMs' root filesystems back to that of the
template (the “golden image”).
For
the above mechanism to make any
sense we should configure the OS
in the Template VM
to use
a separate disk for the user's home directory(ies)
(e.g. C:\Users
in case of Windows). Qubes automatically exposes an additional
private disk to each of the AppVMs exactly for this very purpose. Again, just like it has been done for Linux AppVMs for years.
The
above feature allows to create lots of Windows AppVMs quickly and
with minimal use of disk space, and
with an ability to centrally
update all the system
software in all the AppVMs all at once. Just
like for Linux AppVMs.
Users
should, however, ensure that their
license allows for such instantiating of the OS they use in the
template. Note that from the
technical point of view the OS is installed, and, in case of
Windows, also activated, only once: in the template VM. The installed
files are never copied, they are only shared with the running instances of AppVMs. Consult your software licensing lawyer.
This is off topic: is Qubes commercially viable? I'd appreciate any insight on that. Who are the customers?
ReplyDeleteWow, this looks great! Very impressive. Keep up the good work! :)
ReplyDeleteFantastic! I just installed Beta2. Will it be a fairly simple process to upgrade from Beta2 to Beta3?
ReplyDeleteThanks for Qubes! It is amazing.
Thanks for the update.
ReplyDeleteYour company's work, and your blog posts about it, are always so interesting!
I fully trust your approach to maximum security and am very glad to be reading through your sure path to success.
Where can i find details about this Qubes Windows Support Tools? I'm worried about having a proprietary component in my operative system
ReplyDelete@anon-who-is-allergic-to-proprietary-software:
ReplyDeleteIf you're worried about using proprietary software you should not use Windows OS in the first place, and so you should not worry about Qubes Windows Support Tools being closed source, because you won't need them anyway!
Am looking to start playing with Qubes... should I wait for Beta 3 (ie: is the release imminent) or should i just start with Beta 2 and upgrade later? I get the impression that there is no 'upgrade' just a install-over process.
ReplyDelete@Kerry: wait, it's a matter of days.
ReplyDelete@Joanna - thanks! I will wait then and look forward to this new world!
ReplyDeleteYou really do amazing work & your understanding of computer security is just mind boggling!
ReplyDeleteI've been looking at WINE as an escape for the insecure Windows monopoly (I use software for trading that relies on Windows ;^(
I'm very security conscious, after being infected several times by drive by infections. The worst part is never knowing if you have a root kit installed, or not.
I'm now using Lightweight Portable Security (LPS) Linux produced by the U.S. Department of Defense. It's a locked down Linux version on a live CD that has no persistence.
Perhaps it's secure, but it has obvious drawbacks, and it cannot use WINE, for example, to run Windows programs.
I'm looking forward to Version 2 of Cubes.
Best of luck!
Quinn