Guide to Private and Secure Operating Systems

     by Max Wilbert / Deep Green Resistance

We live inside an unprecedented surveillance state. Government and corporations monitor all non-encrypted digital communications for the purposes of political control and profit.

Political dissidents who wish to challenge capitalism need to learn to use more secure methods for communication, research, and other digital tasks. This guide is aimed at serious dissidents and revolutionaries. It is not aimed at the everyday activist, who will likely find these practices to be overkill.

Privacy vs. Security

It is important to understand that privacy and security are two different things. Privacy is related to anonymity. Security protects from eavesdropping, but does not necessarily anonymize.

To use an analogy: privacy means that the government doesn’t know who sent the message, but can read the contents. Security means they know who sent the message, but cannot read it. This is a simplified understanding, but it’s important to distinguish between the two.

In general, most aboveground activists who are already operating in the public sphere prioritize security. Underground operators and revolutionaries generally prioritize anonymity, since being unmasked and identified is the primary danger.  Of course, this is a generalization. Both security and privacy are important for anyone involved in anti-capitalist resistance.

Note that these tools require some relatively advanced technological skills. However, it’s worth learning to use these tools. Whonix is probably the easiest to use for a beginner.

Operating Systems

An operating system, or OS, is the basic software running on a computing device. Windows and Mac OS are the most common operating systems. However, Linux is the most secure family of operating systems. This guide will look at operating systems for desktop computer use.

The following information is copied from the websites for these projects.

TAILS

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

It is a complete operating system designed to be used from a USB stick or a DVD independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

Tails relies on the Tor anonymity network to protect your privacy online:

  • all software is configured to connect to the Internet through Tor
  • if an application tries to connect to the Internet directly, the connection is automatically blocked for security.

Tor is an open and distributed network that helps defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.

Tor protects you by bouncing your communications around a network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Using Tor you can:

  • be anonymous online by hiding your location,
  • connect to services that would be censored otherwise;
  • resist attacks that block the usage of Tor using circumvention tools such as bridges.

To learn more about Tor, see the official Tor website, particularly the following pages:

  • Tor overview: Why we need Tor
  • Tor overview: How does Tor work
  • Who uses Tor?
  • Understanding and Using Tor — An Introduction for the Layman

Using Tails on a computer doesn’t alter or depend on the operating system installed on it. So you can use it in the same way on your computer, a friend’s computer, or one at your local library. After shutting down Tails, the computer will start again with its usual operating system.

Tails is configured with special care to not use the computer’s hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won’t leave any trace on the computer either of the Tails system itself or what you used it for. That’s why we call Tails “amnesic”.

This allows you to work with sensitive documents on any computer and protects you from data recovery after shutdown. Of course, you can still explicitly save specific documents to another USB stick or external hard-disk and take them away for future use.

https://tails.boum.org/

Whonix

Whonix is a desktop operating system designed for advanced security and privacy. Whonix mitigates the threat of common attack vectors while maintaining usability. Online anonymity is realized via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use. The user is not jeopardized by installing additional applications or personalizing the desktop. Whonix is under active development and is the only operating system designed to be run inside a VM and paired with Tor.

Whonix utilizes Tor’s free software, which provides an open and distributed relay network to defend against network surveillance. Connections through Tor are enforced. DNS leaks are impossible, and even malware with root privileges cannot discover the user’s real IP address. Whonix is available for all major operating systems. Most commonly used applications are compatible with the Whonix design.

https://www.whonix.org/

Qubes OS

Qubes OS is a security-oriented operating system (OS). The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.

Why is OS security important?

Most people use an operating system like Windows or OS X on their desktop and laptop computers. These OSes are popular because they tend to be easy to use and usually come pre-installed on the computers people buy. However, they present problems when it comes to security. For example, you might open an innocent-looking email attachment or website, not realizing that you’re actually allowing malware (malicious software) to run on your computer. Depending on what kind of malware it is, it might do anything from showing you unwanted advertisements to logging your keystrokes to taking over your entire computer. This could jeopardize all the information stored on or accessed by this computer, such as health records, confidential communications, or thoughts written in a private journal. Malware can also interfere with the activities you perform with your computer. For example, if you use your computer to conduct financial transactions, the malware might allow its creator to make fraudulent transactions in your name.

Aren’t antivirus programs and firewalls enough?

Unfortunately, conventional security approaches like antivirus programs and (software and/or hardware) firewalls are no longer enough to keep out sophisticated attackers. For example, nowadays it’s common for malware creators to check to see if their malware is recognized by any signature-based antivirus programs. If it’s recognized, they scramble their code until it’s no longer recognizable by the antivirus programs, then send it out. The best of these programs will subsequently get updated once the antivirus programmers discover the new threat, but this usually occurs at least a few days after the new attacks start to appear in the wild. By then, it’s too late for those who have already been compromised. More advanced antivirus software may perform better in this regard, but it’s still limited to a detection-based approach. New zero-day vulnerabilities are constantly being discovered in the common software we all use, such as our web browsers, and no antivirus program or firewall can prevent all of these vulnerabilities from being exploited.

How does Qubes OS provide security?

Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes.

This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.

Moreover, all of these isolated qubes are integrated into a single, usable system. Programs are isolated in their own separate qubes, but all windows are displayed in a single, unified desktop environment with unforgeable colored window borders so that you can easily identify windows from different security levels. Common attack vectors like network cards and USB controllers are isolated in their own hardware qubes while their functionality is preserved through secure networking, firewalls, and USB device management. Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space, to boot). Qubes even allows you to sanitize PDFs and images in a few clicks. Users concerned about privacy will appreciate the integration of Whonix with Qubes, which makes it easy to use Tor securely, while those concerned about physical hardware attacks will benefit from Anti Evil Maid.

How does Qubes OS compare to using a “live CD” OS?

Booting your computer from a live CD (or DVD) when you need to perform sensitive activities can certainly be more secure than simply using your main OS, but this method still preserves many of the risks of conventional OSes. For example, popular live OSes (such as Tails and other Linux distributions) are still monolithic in the sense that all software is still running in the same OS. This means, once again, that if your session is compromised, then all the data and activities performed within that same session are also potentially compromised.

How does Qubes OS compare to running VMs in a conventional OS?

Not all virtual machine software is equal when it comes to security. You may have used or heard of VMs in relation to software like VirtualBox or VMware Workstation. These are known as “Type 2” or “hosted” hypervisors. (The hypervisor is the software, firmware, or hardware that creates and runs virtual machines.) These programs are popular because they’re designed primarily to be easy to use and run under popular OSes like Windows (which is called the host OS, since it “hosts” the VMs). However, the fact that Type 2 hypervisors run under the host OS means that they’re really only as secure as the host OS itself. If the host OS is ever compromised, then any VMs it hosts are also effectively compromised.

By contrast, Qubes uses a “Type 1” or “bare metal” hypervisor called Xen. Instead of running inside an OS, Type 1 hypervisors run directly on the “bare metal” of the hardware. This means that an attacker must be capable of subverting the hypervisor itself in order to compromise the entire system, which is vastly more difficult.

Qubes makes it so that multiple VMs running under a Type 1 hypervisor can be securely used as an integrated OS. For example, it puts all of your application windows on the same desktop with special colored borders indicating the trust levels of their respective VMs. It also allows for things like secure copy/paste operations between VMs, securely copying and transferring files between VMs, and secure networking between VMs and the Internet.

How does Qubes OS compare to using a separate physical machine?

Using a separate physical computer for sensitive activities can certainly be more secure than using one computer with a conventional OS for everything, but there are still risks to consider. Briefly, here are some of the main pros and cons of this approach relative to Qubes:

Pros

  • Physical separation doesn’t rely on a hypervisor. (It’s very unlikely that an attacker will break out of Qubes’ hypervisor, but if one were to manage to do so, one could potentially gain control over the entire system.)
  • Physical separation can be a natural complement to physical security. (For example, you might find it natural to lock your secure laptop in a safe when you take your unsecure laptop out with you.)

 

Cons

  • Physical separation can be cumbersome and expensive, since we may have to obtain and set up a separate physical machine for each security level we need.
  • There’s generally no secure way to transfer data between physically separate computers running conventional OSes. (Qubes has a secure inter-VM file transfer system to handle this.)
  • Physically separate computers running conventional OSes are still independently vulnerable to most conventional attacks due to their monolithic nature.
  • Malware which can bridge air gaps has existed for several years now and is becoming increasingly common.

(For more on this topic, please see the paper Software compartmentalization vs. physical separation.)

Get Qubes

Qubes OS is free to use, can run , and integrates with Whonix for secure web browsing and internet usage via Tor.

https://www.qubes-os.org/

Summary

  • TAILS is a “live” OS that runs from a USB stick or DVD, and can be used to browse anonymously from any computer. It doesn’t save files or history; it is designed mainly for ephemeral use.
  • Whonix is an OS made to run as a virtual machine, and provide security and anonymity for web browsing by routing all connections via the Tor browser.
  • Qubes OS is made to use as a permanent OS, and uses compartmentalization for security. Whonix is automatically installed inside Qubes. Used by Edward Snowden.

 

Leave a Reply

Your email address will not be published. Required fields are marked *