Type: Security-focused desktop OS — compartmentalised VM architecture
Best combined with: Whonix for Tor routing
Technical difficulty: High — not for general users
Clearnet: qubes-os.org
Last verified: March 2026
Onion Address
The Qubes Model
Qubes runs everything in isolated virtual machines called qubes. You might have one qube for personal email, another for work, another for untrusted browsing and another — running Whonix — for anonymous Tor access. Each qube is isolated from the others at the hypervisor level: a compromise in one cannot access data, credentials or processes in another.
This isolation makes Qubes exceptionally resistant to the lateral movement attacks that make most operating systems vulnerable. Malware that enters through a phishing email in your “personal” qube cannot access your work files, your Tor activities or your cryptocurrency wallets in separate qubes.
| Attack vector | Qubes’ response |
|---|---|
| Malware lateral movement | Impossible across qube boundaries |
| Browser exploit | Contained to that qube |
| Tor anonymity (with Whonix) | Network-isolated in Whonix gateway qube |
| Clipboard / file sharing between qubes | Requires explicit user permission per operation |
Who Should Use Qubes
Qubes has a steep learning curve and non-trivial hardware requirements (16GB+ RAM recommended). It is designed for security researchers, investigative journalists, activists in high-risk environments and anyone whose threat model genuinely requires compartmentalisation. For most users, Tails or Whonix without Qubes is sufficient.