The release also introduces USB passthrough functionality

Sep 29, 2016 18:40 GMT  ·  By

Today, September 29, 2016, Joanna Rutkowska announced the general availability of the second point release of the Qubes OS 3 stable series of the security-oriented and open-source Linux-based computer operating system.

Qubes OS 3.2 is a maintenance release, which means that it mostly adds general fixes and improvements to various of the distribution's core components and functionalities, including the integrated management infrastructure that was introduced as part of the previous update, Qubes 3.1, allowing users to also manage the "insides" of a virtual machine.

"The principal challenge we faced was how to allow such a tight integration of the management engine software (for which we use Salt) with potentially untrusted VMs without opening a large attack surface on the (complex) management code. We believe we found an elegant solution to this problem, which we’ve implemented in Qubes 3.2," says Joanna Rutkowska in today's announcement.

The new management functionality implemented in Qubes OS 3.2 can also be used for basic system configuration during installation. A graphical application that lets users download Salt recipes to configure various aspects of the OS might land in Qubes OS in one of the next major releases, as part of the upcoming Qubes 4.x series.

USB passthrough support now available

Also new in today's Qubes OS 3.2 release is USB passthrough support, which promises to allow users to attach different USB devices like webcams or Bitcoin hardware wallets to AppVMs. For example, USB passthrough can be used for video conferencing inside Qubes, using software like Skype. However, this implementation opens up the door to malicious USB problems.

"We should also mention that Qubes has long supported the secure virtualization of a certain class of USB devices, specifically mass storage devices (such as flash drives and external hard drives) and, more recently, USB mice. Please note that it is always preferable to use these special, security-optimized protocols when available rather than generic USB passthrough," says Joanna Rutkowska.

Ultimately, Qubes OS 3.2 finally switches to use Xfce 4 as default desktop environment, replacing the KDE Plasma interface, as promised earlier this year, because it was not stable enough for Qubes OS. However, users can feel free to install KDE, as well as the i3 and awesome window managers if they want to. While existing Qubes OS users can upgrade their installation now, newcomers need to download Qubes OS 3.2 via our website.