Qubes uses Xen for isolation as I understand it -- essentially putting different programs in their own specialized, locked down domU. So it's probably much more robust against attack than this approach.
[edit] but I'm not arguing its a better solution for you. Depends on your needs and hardware, etc..
This is really interesting. If you look at what Microsoft is doing with Windows 10 with virtualization based security you can see that the Qubes approach is going to go mainstream within the next year. in addition to moving secrets that are normally stored in the kernel into a separate statically linked trusted OS running in it's own VM (that's currently available in credential guard) they will be running edge in a separate VM as well.
Qubes is ahead of its time and far more versatile than most other solutions at this time.
I probably don't know enough to be talking about these things, but it seems to me that the Qubes OS approach is more complex and less battle tested. User permissions in Linux have been around forever.
Unix permissons by themselves are notoriously not capable of containing and restricting something malicious. The kernel exposes a huge attack surface. That is why it is beter to use VMs, which expose the much smaller hypervisor and provide only simple interface protocols.
drvdevd|9 years ago
[edit] but I'm not arguing its a better solution for you. Depends on your needs and hardware, etc..
youdontknowtho|9 years ago
Qubes is ahead of its time and far more versatile than most other solutions at this time.
rahrahrah|9 years ago
angry_octet|9 years ago