Software attributes
Other attributes
Systems like Qubes are referred to in academia as Converged Multi-Level Secure (MLS) Systems. Other proposals of similar systems have surfaced and SecureView is a commercial competitor, however Qubes OS is the only system of the kind actively being developed under a FOSS license.
Qubes implements a Security by Isolation approach. The assumption is that there can be no perfect, bug-free desktop environment: such an environment counts millions of lines of code and billions of software/hardware interactions. One critical bug in any of these interactions may be enough for malicious software to take control over a machine.
To secure a desktop a Qubes user takes care to isolate various environments, so that if one of the components gets compromised, the malicious software would get access to only the data inside that environment.
In Qubes, the isolation is provided in two dimensions: hardware controllers can be isolated into functional domains (e.g. network domains, USB controller domains), whereas the user's digital life is divided into domains with different levels of trust. For instance: work domain (most trusted), shopping domain, random domain (less trusted). Each of those domains is run in a separate virtual machine.
Qubes virtual machines, by default, have passwordless root access (e.g. passwordless sudo). UEFI Secure Boot is not supported out of the box, but this is not considered a major security issue. Qubes is not a multiuser system.
