QubeOS instead of MacOS?

What is safer, QubeOS or MacOS?

Considering that QubeOS is still in testing and that it runs only on certain hardware, for productivity, continuity and security support, I think that MacOS could be safer if used properly, and only as a dedicated machine to do sensitive things like banking.

What do you think?

Mac OS is neither open source nor user auditable - it is functionally a black box on the user’s perspective. You dont know when it phones home or the contents it sends home. It can phone home clandestinely. It can send home any file and pass it off as telemetry.

They also are located in the USA and can be forced to obey lawful request/subpoenas, etc and enable its government to access cloud files, etc…

1 Like

@Kj90
QubesOS security features that MacOS doesn’t have:

  • Certain to not contain any backdoors used by the brand or governments since it’s Open Source
  • High security by compartementalisation which surpasses any antivirus.
  • Disposable VM to open files you don’t trust
  • Separate VM to manage Onion or VPN routing which prevent IP leaks

QubesOS has an amazing security support since its security depends on Xen.

So without a doubt QubesOS is more secured in general, but MacOS should be fine depending on your use case, if you dedicate your pc to banking, you shouldn’t have to fear anything, if you do other things, you should be careful (for example don’t open email documents on it).

Just a side note, I came across this archived discussion from a mailing list. It’s an interesting read.

1 Like

Just go for Debian or Fedora if you just want a reasonably secure computer for banking. Frankly, Qubes is a bit too much unless your actual threat model makes it desirable - which is quite rare.

1 Like

Could even do a distro-morph on Deb to Kicksecure for a hardened setup.

1 Like

You listed all the basic points that I also thought in first place, especially using Linux since years…
But I need to be honest here, maintaining Linux with the bugs and no hardware support is worst in terms of security, maybe QubeOS is more maintained than Debian (for sure) or Fedora, but it’s very bad if you need to use your system with hardware and software not tight, then, when you need to do something urgent and sadly it doesn’t work…

Any laptop out there has temperature issues, and QubeOS will just make it worst.
A Macbook doesn’t have these problems unless you stress them out, the new M1 is wonderful instead, you can even run video editing on the fly and it will be just warm.
The rest is maintained by Apple from HW and SW point of view, on QubeOS is better if you start to pray few Gods…

The price for such device is also ridicously low compared to a laptop that has to run QubeOS…

MacOS is also opensource, probably the majority of it it’s open source, only the GUI and the services on top are not open source.
Going online though, I don’t see the latest versions open source, but I may be wrong, I don’t know the entire backend, maybe they use different names: https://opensource.apple.com/

Linux can have a lot of problems but doesn’t have a lot of security problems.
Of course MacOS has good security too but nothing compared to QubesOS which can protect people from governments which is not a threat for you if you want to do banking stuff.
MacOS isn’t open source, if I follow you logic Windows has a lot of open source code of its OS too, but if you can’t compile it yourself you can’t call it open source because you can’t be sure there are no backdoors.
The truth is, you don’t know what’s running on a Mac, but again, that’s not on your threat model.

2 Likes

Fedora is maintained by the most successful and richest open source company in the world - they also currently dominate the server space, RedHat. There is no tighter OS out there.

You seem to be already sold on the idea of MacOS. Realistically, it should be fine to do banking there.

I have heard from some reputable tech youtuber (probably Level1Techs?) that the underlying BSD of Mac OS is not as well maintained as its iOS counterparts. This could be refering to the x86 architecture and maybe not the M1.

The flip side is M1 is too new and already, new unknown malware has swarmed through the entire ecosystem already. Security researchers have already adept at cracking custom made hardware, meanwhile companies dont fully know how their homegrown silicon works.

Banking. Apple corporate has a control freak mentality. Apple corporate does not want you to lose your money from some kind of fraud. Apple wants you to spend it buying their products. I feel Apple believes you desire to have all their integrated syncing options, which could create a problem with your banking information.

It would be difficult to be worse than Windows. M$ has actually improved some of their Security. I am not the best person to talk to, as I do not have to worry about someone stealing my banking info. I am on Social Security and I am too poor for anyone to make much of an effort.

I am careful about which websites I click on.

EasyOS has an option to burn a version of the OS to a rewrite-able optical disk. Boot to it, use it once. save whatever information you choose, perhaps to a separate USB key. Shut it down. Next boot gives you a whole new version of the OS. EasyOS has built in privacy options, like Boxes. (area to run software which will not affect rest of OS, which Qubes might do better, because it takes advantage of some memory, hardware advantages)

https://www.forum.puppylinux.com/viewforum.php?f=63&i=1

Not sure I would use EasyOS if I was say a banker, or a high finance type. Ten years ago I used a variation of Puppy Linux and re-writable disk when I had a law suit settlement of several hundred thousand dollars. I was then well familiar with Puppy Linux versions as well.

Most codes are broken in practice, not in theory. To which I guess, think awhile about what you intend to do. Think of the consequences of doing that. How to avoid problems.

I am guessing OP realizes most malware, exploits are accomplished by browser opening of website. All it takes is a click to a webpage.

Qubes OS website has a video:

Qubes can be time consuming to implement. Difficult to implement on some hardware. Using to create a safe environment, for banking, requires some thinking, effort.

One of the early implementation of some security software suggested one should use two, exactly matched computers. One that was isolated from internet. Where one could create encrypted items, transferred onto a USB key, or other memory devices. A second computer, which was online, which was used to send encrypted information. Receive information, which was moved over to the Internet isolated computer to be opened. Not that is so relevant when we have options like Virtual Containers, making one computer being like several different in today’s world. But it is something to think on.

It is not just which OS, or which Browser, or which anti-malware, it is how you use your computer that help keep you safe.

1 Like

Thanks.
Fedora as tightest distro it seems a bit wrong… Maybe is the tighest among the most updated distro, that is, comparing Debian stable with Fedora is a no sense, but Fedora with Debian testing probably could be compared.

Security wise, it depends what you implement in the system, as vanilla, in Fedora is about to be just careful, that’s it, there is no AV or any other sort of Anti Malware, just SElinux but it’s meant only to mitigate the malware damage, basically it acts when it’s too late, most of the times.

I only do banking there and obviously just something else, QubeOS could be the best but to be honest, it’s a pain especially on a laptop…
There is also the problem about the safer versions with libreboot etc, they usually run on old hardware or the recent one it’s incredibly expensive, I could probably start with a dedicated desktop, it’s much cheaper, but it’s uncomfortable to have another desktop among all the others :smiley:

Also, if one laptop is now compatible, will they maintain the compatibility? Most probably not, because all these laptops are tested (poorely for my understanding) by the community, and they don’t commit to support that hardware.

Consider your threat assessment?

You may have a much bigger knowledge of computers, Linux, Internet Security than I.

Let me assume, while it might not be true for OP, or other posters here, that I am advising a bit of newcomer to Privacy, Security.

To me, Privacy is first about keeping Malware off my computer, and out of my way while I use the internet. The second part of Privacy, is stopping “Surveillance Capitalism” from dominating my life.

Security also includes Malware, and perhaps stopping the group that one might also call super Watchers from targeting my life.

Google is a Super Watcher, (would it be fair to call them Super Computer Stalkers?) Actually ISP’s happily do the same thing. As does Face Book. But we are mostly only angry with those who are successful in watching us.

Five Eyes, NSA, governments, (I live in US) Whatever my fears of my own government, I doubt if anyone has the ability to stop them. Not only must they employ lots of very competent Network Engineers, Linux programmers, and I only read a few forums on Security. Once things leave my computer, and what I receive back, is surely filtered, perhaps by someone who knows how to split a Geode to see what is inside. I do not think I can beat NSA. And who am I concerned with contacting anyway? That they would want to stop me?

If one is not into learning to be a bit of geek, and spending a bunch of hours at it. I would not start with Qubes OS. If a poster is sorta a knowledgeable Linux person already, please join Qubes and you can probably help some of us implementing Qubes.

I am a bit perplexed by the use of the term “Compatible” When referencing Qubes, (actually any computer which we want to use Linux on) Security in Qubes is intended for us to be as secure as possible by using FOSS, (Free Software which is peer reviewed). A lot of computer hardware has Firmware, requires the use what is called “blobs” Closed source Software which the company which produces the hardware keeps to themselves. We can not be really sure what the blob might do that we do not know.

In using Qubes, one can use the computer which has “Blobs.” If you choose. The few computers which are totally compliant with Qubes, are older computers which have been modified.

It is the manufacturers of hardware who create non-compliant or partially complaint (for using Qubes) computers. Some one just posted on the Qubes forum about the problem of using a particular Video Card. Which is a recent release of a Video card. Obviously the only driver uses blobs. Some Video Card companies are not forthcoming about providing information about how Linux Hardware Developers might create a FOSS Driver either.

Security (If your opponent is a government or the NSA) is also trouble (for us) by companies, like Intel, which has implemented a means to quietly, covertly, change the basic processor Firmware without our knowing. AMD is not any better. They no intention of stopping what they are doing, just make it harder for others to use their hack. (Intel Management Engine)

If all you are concerned about is your own bank account, and you are not Bill Gates type rich, you do not need to worry about that. If you are a bank Executive, or even loan officer who handles lots of others private information. Don’t take advice from me. but do not work from home,

Of course, if you are thinking of using Qubes. Find a computer to install it on. Just play with it for awhile. Until the terminology of Qubes sticks on you like mud, probably you are only guessing what we are talking about. The flip side of that advice being, Don’t just start using Qubes in a real world application where you have some risk or exposure.

I think Qubes is on laptops because we are aware of the security problems of working only from a home connection, as we can easily be homed in on by an ISP. The only Qubes Approved laptops are based on a modified X-230 work slowly. But you do not have to jump in the deep end to discover what you are willing to do, spend your hours learning how to do. See if you can find an older piece of hardware that you can put an Install of Qubes on for awhile. and Play.

There is a long list of things one should avoid doing to maintain security. On my list is Facebook, never go to sketchy sites. Once I found NBC news was blocked by my Security software, when I asked whey they replied it led to a lot of links which were “Click Bait.” and they are correct. Click Bait makes money, and might lead to ones computer being infested by - Something. Porn is a no go.

Not doing some things at the same time can make a difference. Security is not just about which computer, which piece of software on which OS. It is also about choices one makes.

The WWII Germans wrote had their highest level code to send their most important battle strategies. Since is was rarely used, that was a problem for the Allies to break. However. Any major public speech given by Hitler was sent out to all of his troops in this highest level - in theory, unbreakable code. Allies had the word for word text of Hitlers Major speeches from the radio, and then send out in text in other ways,

Encryption is more likely broken in practice, not in theory.

The number of details like this go on and on. and on.

I am sure a lot of folks here want to say I am writing too much, that is dependent on the knowledge level of the reader, which I do not know.

Feel free to critique this. I will be glad to learn of my lack of knowledge.

1 Like

My threat model is pretty simple, I don’t want malwares on my computer :smiley: .
QubeOS could help in many ways, but I need to sort out the HW incompatibility for now…
I opened this thread: Desktop hardware for QubeOS
I also like that I can run VMs there, not only processes NOT in dom-0… That helps also portability, basically my favourite backup solution.