News Insider Threat

New Open-Source OS Will Feature 'Disposable' Virtual Machines

Invisible Things Lab building secure OS that better locks down the VM environment

Kelly Jackson Higgins June 03, 2010

A new open-source operating system will come with the option of creating one-time, disposable virtual machines on the fly as a way to protect against malicious files.

Invisible Things Lab is creating these lightweight, throwaway VMs that work with traditional virtual machines in Qubes, the open-source, Xen-based OS it plans to release in beta later this summer. Qubes was architected to minimize the attack surface in the VM environment.

More Security Insights

White Papers
More >>
Reports
More >>
Webcasts
More >>

Disposable VMs don't provide persistent storage and are launched on a per-document basis to open a PDF, PowerPoint, or music or video file, for instance, according to Joanna Rutkowska, founder and CEO of Invisible Things Lab. They provide a safe sandbox for opening a file or attachment: If a file opened by a disposable VM is infected, the only thing it can hurt is the throwaway VM itself, not any other applications or files.

The disposable VM is clean, and its only purpose is for viewing the file, for instance; then it gets tossed away. "You still run your email client in a 'work' AppVM -- which is not disposable [because] you need to store your email client configuration, archived emails, your documents, etc. -- but you open attachments in disposable VMs," Rutkowska says.

Invisible Things Lab also plans to ultimately release a commercial version of the OS, Qubes Pro, that can run Windows applications using Windows-based application VMs.

"Our goal with Qubes is to make it usable not only by Linux geeks, but also by people like lawyers, doctors, businesspeople, and anybody who is concerned about potential compromise of their data," Rutkowska says. Making Qubes easy to use is one of our two main goals -- the other being exceptional security."

Rutkowska, who announced the disposable VM feature in a blog post this week, says the temporary VMs run under the Xen hypervisor in Qubes. Qubes' architecture helps prevent attacks where malware escapes from a VM and infects other applications or data.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow

Dark Reading Discussions

Start the Discussion


InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.