If the "3D-Acceleration" feature of VirtualBox is activated, running the proof-of-concept code from inside the VM provides the ability to read framebuffers from the host system. In addition, enabling 3D acceleration gives the guest direct access to a large body of additional program code in the VirtualBox host process which it might conceivably be able to use to crash the virtual machine.
Drivers for 3D hardware are generally too complex to be made properly secure and any software which is allowed to access them may be able to compromise the operating system running them. Untrusted guest systems should not be allowed to use VirtualBox's 3D acceleration features, just as untrusted host software should not be allowed to use 3D acceleration. The following features can be removed or disabled without impacting core functionality: The less features enabled, the smaller the attack surface. Qubes-Whonix ™ Hardware Requirements įor Qubes-Whonix ™ hardware requirements, see here.įor an overview on VM security risks in general, see: How secure are Virtual Machines really? Qubes also supports a host of features unavailable in the physically-isolated model, such as: DisposableVMs, a USB VM, secure copy / paste operations between VMs, secure copying and transfers of files between VMs, and sanitization of PDFs and images.įor these reasons, Qubes-Whonix ™ is recommended for the majority of users seeking a higher-security solution. On the other hand, Qubes is relatively easy to install, has fully integrated Whonix ™, and is convenient for most activities. Physical isolation is relatively difficult, still experimental, inconvenient and requires a significant time investment. In summary, the relative merits of physical isolation do not necessarily provide any more protection than Qubes' approach.
Therefore, it is recommended to install Qubes-Whonix ™ if users have suitably modern hardware. The take-home message is that Qubes-Whonix ™ is more secure than the default Whonix ™ configuration using a Type 2 hypervisor like VirtualBox. This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult. Instead of running inside an OS, Type 1 hypervisors run directly on the “bare metal” of the hardware.
If the host OS is ever compromised, then any VMs it hosts are also effectively compromised.īy contrast, Qubes uses a “Type 1” or “bare metal” hypervisor called Xen. However, the fact that Type 2 hypervisors run under the host OS means that they’re really only as secure as the host OS itself.
(The hypervisor is the software, firmware, or hardware that creates and runs virtual machines.) These programs are popular because they’re designed primarily to be easy to use and run under popular OSes like Windows (which is called the host OS, since it “hosts” the VMs).
These are known as “Type 2” or “hosted” hypervisors.
You may have used or heard of VMs in relation to software like VirtualBox or VMware Workstation. Not all virtual machine software is equal when it comes to security. Do not install Qubes inside a virtual machine - Qubes uses its own bare-metal hypervisor (Xen).