Tuesday, November 26, 2013

Windows 7 seamless GUI integration coming to Qubes OS!


Finally, after months of hard work, seamless mode for Windows 7 AppVMs is coming to Qubes OS! The new Windows Support Tools will be released together with the Qubes OS R2 Beta 3, which we plan to release in the next 1-2 weeks. Here is an obligatory screenshot showing a few Windows apps running in seamless mode integrated onto Qubes trusted desktop (note the usual Qubes trusted decorations around each of the Win7 windows):



The seamless mode for Windows AppVMs is not yet as polished as the one we have for Linux AppVMs, because, unlike what we do for Xorg, the Windows GUI agent is not based on composition buffers extraction. This causes some, rather minor, cosmetic problems. For example, when we have two overlapping windows from a Win7 AppVM, and move the top window away, its remaining "shadow" will be visible on the underlying window for the duration of the operation. But generally this all works reasonably good, and you should not really feel any slowness or heaviness compared to Linux AppVMs virtualization. It should be noted that we managed to add this seamless support for Windows AppVMs without any changes to our secure GUI virtualization protocol.

Of course, the usual Qubes integration features, such as secure inter-VM clipboard and file copy also work for Windows AppVMs with the tools installed.

The Qubes Windows Support Tools are proprietary, but they are supposed to be installed only in the Windows 7 VMs, which themselves contain millions of lines of proprietary code already. Besides that, the tools do not introduce any other modifications to the system.

As a special bonus we have also added (and releasing also in R2B3) the support for template-based HVMs. So it will now be possible to do something like this:


qvm-create --hvm work-win7 --template win7-x64 --label green
qvm-create --hvm personal-win7 --template win7-x64 --label purple
qvm-create --hvm testing-win7 --template win7-x64 --label red


... telling Qubes to create three HVM AppVMs based on the same template.

All such template-based AppVMs use the root filesystem from the Template VM, which is shared in a read-only manner, of course, but Qubes makes it look for the AppVMs as if the root filesystem was writable. Just like in case of Linux AppVMs, the actual writes are stored in COW buffers backed by files stored in each of the AppVMs directories. Upon AppVM's reboot, those files are discarded, which reverts the VMs' root filesystems back to that of the template (the “golden image”).

For the above mechanism to make any sense we should configure the OS in the Template VM to use a separate disk for the user's home directory(ies) (e.g. C:\Users in case of Windows). Qubes automatically exposes an additional private disk to each of the AppVMs exactly for this very purpose. Again, just like it has been done for Linux AppVMs for years.

The above feature allows to create lots of Windows AppVMs quickly and with minimal use of disk space, and with an ability to centrally update all the system software in all the AppVMs all at once. Just like for Linux AppVMs.

Users should, however, ensure that their license allows for such instantiating of the OS they use in the template. Note that from the technical point of view the OS is installed, and, in case of Windows, also activated, only once: in the template VM. The installed files are never copied, they are only shared with the running instances of AppVMs. Consult your software licensing lawyer.

10 comments:

Anonymous said...

This is off topic: is Qubes commercially viable? I'd appreciate any insight on that. Who are the customers?

Axon said...

Wow, this looks great! Very impressive. Keep up the good work! :)

Brain said...

Fantastic! I just installed Beta2. Will it be a fairly simple process to upgrade from Beta2 to Beta3?

Thanks for Qubes! It is amazing.

Galland said...

Thanks for the update.
Your company's work, and your blog posts about it, are always so interesting!
I fully trust your approach to maximum security and am very glad to be reading through your sure path to success.

Anonymous said...

Where can i find details about this Qubes Windows Support Tools? I'm worried about having a proprietary component in my operative system

Joanna Rutkowska said...

@anon-who-is-allergic-to-proprietary-software:
If you're worried about using proprietary software you should not use Windows OS in the first place, and so you should not worry about Qubes Windows Support Tools being closed source, because you won't need them anyway!

Kerry Liles said...

Am looking to start playing with Qubes... should I wait for Beta 3 (ie: is the release imminent) or should i just start with Beta 2 and upgrade later? I get the impression that there is no 'upgrade' just a install-over process.

Joanna Rutkowska said...

@Kerry: wait, it's a matter of days.

Kerry Liles said...

@Joanna - thanks! I will wait then and look forward to this new world!

Anonymous said...

You really do amazing work & your understanding of computer security is just mind boggling!

I've been looking at WINE as an escape for the insecure Windows monopoly (I use software for trading that relies on Windows ;^(

I'm very security conscious, after being infected several times by drive by infections. The worst part is never knowing if you have a root kit installed, or not.

I'm now using Lightweight Portable Security (LPS) Linux produced by the U.S. Department of Defense. It's a locked down Linux version on a live CD that has no persistence.

Perhaps it's secure, but it has obvious drawbacks, and it cannot use WINE, for example, to run Windows programs.

I'm looking forward to Version 2 of Cubes.

Best of luck!

Quinn