Type: Security-focused desktop operating system
Access: Bare metal installation — dedicated computer required
Account required: No — free download
Clearnet version: qubes-os.org
Open source: Yes — fully audited
Based on: Xen hypervisor + Fedora/Debian templates
Endorsed by: Edward Snowden, security researchers worldwide
Last verified: March 2026
What Is Qubes OS?
Qubes OS is a security-focused desktop operating system that uses hardware-enforced isolation to compartmentalize all computing activity. Instead of running everything on a single operating system where one compromised application can affect everything else, Qubes runs each activity — work, personal use, browsing, sensitive communications — in a separate isolated virtual machine called a qube.
If malware infects your work qube, it cannot access your personal files in another qube. If your browser qube is compromised, it cannot reach your cryptocurrency wallet in a separate qube. If a sensitive communications qube is attacked, the attacker cannot pivot to your everyday computing environment.
This compartmentalization is enforced at the hardware level by the Xen hypervisor — not just software separation that a sophisticated attacker could bypass, but hardware-enforced isolation that prevents qubes from directly accessing each other’s memory, storage or network connections.
Onion Address
Clearnet version: https://qubes-os.org
The Core Concept — Security by Compartmentalization
Traditional operating systems have a fundamental security problem: everything runs in the same environment. A malicious PDF opened in your browser can potentially access your documents, your emails, your passwords and your webcam. Your antivirus software and your banking app run in the same trust environment as the random software you downloaded last week.
Qubes OS’s answer is radical separation. Different activities run in different virtual machines with no shared memory, no shared storage and separate network connections. The isolation is not just software-based — it is enforced by the Xen hypervisor at the hardware level.
| Traditional OS | Qubes OS |
|---|---|
| One environment — everything shares memory | Multiple isolated qubes — hardware separation |
| Malware in browser can access documents | Malware in browser qube cannot reach document qube |
| Compromised app can steal passwords | Compromised app is contained in its qube |
| One mistake affects everything | One mistake affects one qube only |
How Qubes Is Organized
A typical Qubes installation uses several types of qubes:
| Qube Type | Purpose | Example |
|---|---|---|
| AppVM | Where you run applications and do work | work, personal, untrusted browsing |
| TemplateVM | Base images AppVMs are built from — installed software lives here | fedora-39, debian-12, whonix-workstation |
| ServiceVM | Background services — networking, USB, audio | sys-net, sys-usb, sys-firewall |
| DisposableVM | One-time use — opens and disappears after use | Opening untrusted PDFs, one-time browsing |
| ProxyVM | Network routing — used for Whonix Gateway | sys-whonix |
Qubes + Whonix — The Strongest Available Setup
Qubes OS includes official Whonix integration — the Whonix Gateway runs as a ProxyVM and the Whonix Workstation runs as an AppVM template. This combination stacks two independent isolation systems:
- Qubes isolation: Compartmentalizes Whonix from the rest of your computing — your anonymous communications cannot access your personal files or work documents
- Whonix routing: All traffic from the Whonix Workstation routes through the Tor-routing Gateway — no direct internet path exists
- Combined effect: Malware in the Whonix Workstation is contained within it, cannot reach the internet without Tor, and cannot access other qubes on your system
This is the setup Edward Snowden publicly recommended in 2019 for journalists and others with genuine high-stakes security needs. It represents the strongest practical desktop security available to civilian users without government resources.
DisposableVMs — Opening Untrusted Content Safely
One of Qubes OS’s most practically useful features is DisposableVMs — virtual machines that launch, complete one task and then disappear completely, leaving no trace.
Common uses:
- Opening untrusted PDFs: Right-click a PDF → Open in DisposableVM. The PDF opens in an isolated environment. If it contains malicious code, that code executes in the DisposableVM — which then disappears. Your actual system is unaffected.
- Visiting untrusted websites: Open a potentially malicious URL in a DisposableVM. Browse, extract what you need, close the VM. Any drive-by exploit, tracking cookie or fingerprinting code disappears with the VM.
- One-time anonymous browsing: Open a Whonix-based DisposableVM for a single Tor session. When you close it, every trace of the session — cookies, history, temporary files — is permanently gone.
How to Install Qubes OS
- Download the Qubes OS ISO from qubes-os.org/downloads or the .onion address above
- Verify the cryptographic signature — instructions at qubes-os.org/security/verifying-signatures
- Write the ISO to a USB drive using Rufus (Windows), Etcher or dd (Linux/Mac)
- Boot from the USB drive — this requires changing boot order in BIOS/UEFI
- Follow the Qubes installer — similar to standard Linux installation
- Select which qubes to create during setup — the defaults are suitable for most users
- Choose whether to install Whonix templates — recommended for anonymous browsing
- Complete installation — Qubes reboots into its desktop environment
Important: Qubes OS must be installed on a dedicated computer — it cannot run as a virtual machine inside Windows or macOS. It replaces the existing operating system. Do not install on a computer you need for other purposes without first backing up all data.
System Requirements
| Component | Minimum | Recommended |
|---|---|---|
| RAM | 6GB | 16GB+ |
| Storage | 32GB SSD | 128GB+ SSD |
| CPU | Intel or AMD with VT-x/AMD-V | Quad-core+ with VT-d/AMD-Vi |
| GPU | Intel integrated GPU — most compatible | Intel integrated — NVIDIA/AMD have driver issues |
| BIOS settings | VT-x and VT-d must be enabled | Secure Boot may need to be disabled |
Hardware compatibility note: Qubes OS does not support all hardware. Before purchasing a computer for Qubes, check the Qubes Hardware Compatibility List at qubes-os.org/hcl. ThinkPads (particularly X and T series) and some Dells are well-documented to work. Apple hardware does not work well with Qubes. NVIDIA discrete GPUs frequently cause issues.
Qubes OS vs. Other Privacy Operating Systems
| Feature | Qubes OS | Tails | Whonix (standalone) |
|---|---|---|---|
| Isolation model | Hardware-enforced VM isolation | Amnesic + Tor routing | Network isolation via dual VM |
| Amnesic | ❌ No — persists | ✅ Yes — resets on shutdown | ❌ No — persists |
| Tor routing | ✅ Via Whonix integration | ✅ All traffic | ✅ All traffic |
| Malware containment | ✅ Strongest — hardware isolation | ⚠️ Session only — resets | ✅ Strong — VM isolation |
| Daily usability | ✅ Full desktop environment | ⚠️ Limited — amnesic | ✅ Full desktop environment |
| Setup complexity | ⚠️ High — steep learning curve | ⚠️ Moderate | ⚠️ High |
| Best for | Ongoing high-security work | One-time high-stakes sessions | Ongoing anonymous work |
Who Should Use Qubes OS
Qubes is appropriate for:
- Investigative journalists who manage sensitive sources and need strong compartmentalization between different stories and contacts
- Security researchers who need to analyze malware in isolated environments without risking their main system
- Lawyers and doctors who need to separate client/patient data from personal computing
- Activists and dissidents in high-risk environments where device seizure and forensic analysis are genuine threats
- Anyone who handles a combination of sensitive and non-sensitive data and needs strong guarantees that the two cannot mix
Qubes is probably overkill for:
- Users who only need anonymous browsing — Tails or Tor Browser is simpler and sufficient
- Users whose primary concern is censorship circumvention rather than malware containment
- Users without technical Linux experience — the learning curve is steep and misconfiguration reduces the security benefits
- Users who need to install specific software that only runs on Windows or macOS
The Learning Curve
Qubes OS is genuinely complex. New users consistently report confusion during the first weeks of use — understanding which qube to use for which activity, how to transfer files between qubes safely, how to install software correctly in templates rather than AppVMs and how to configure networking for specific qubes.
The Qubes documentation is thorough and actively maintained. The community forum at forum.qubes-os.org is responsive and helpful. For users who invest the time to learn the system, the security benefits are substantial. For users who want privacy without the learning curve, Tails provides most of the benefits for one-time sessions with significantly less complexity.
Frequently Asked Questions
Can I use Qubes OS as my daily driver?
Yes — many security researchers and journalists use Qubes OS as their primary operating system. It supports full desktop use including email, document editing, web browsing, video calls and software development. The main limitations are hardware compatibility, the learning curve for new users and occasional performance overhead from running multiple VMs simultaneously.
Does Qubes OS work with my existing hardware?
Check the Hardware Compatibility List at qubes-os.org/hcl before committing. Intel-based ThinkPads are the most consistently well-supported hardware. NVIDIA graphics cards frequently cause issues. Apple hardware (Mac) does not work well with Qubes. AMD CPUs work but have historically had more compatibility issues than Intel — this has improved in recent versions.
How does Qubes handle USB devices?
By default, Qubes routes USB connections through a dedicated sys-usb qube — USB devices are not directly accessible to other qubes. This prevents USB-based attacks where a malicious device could compromise your system. When you plug in a USB drive, you explicitly assign it to a specific qube — giving you control over which qube can access which device.
Can Qubes OS be used without Whonix?
Yes — Whonix is an optional component. Qubes OS provides strong security through compartmentalization regardless of whether Whonix is installed. Install Whonix if you need Tor-routed anonymous browsing as part of your security setup. Skip it if your primary concern is malware containment and compartmentalization rather than network anonymity.
Is Qubes OS endorsed by the Tor Project?
The Tor Project recommends Qubes OS with Whonix for users who need the strongest available setup. Edward Snowden has publicly stated he uses Qubes OS. Security researcher Joanna Rutkowska, who created Qubes OS, has received recognition from the security community for its innovative approach to desktop security. It is widely considered the most security-forward desktop OS available to civilians.