I think Qubes is the best OS for desktop users, hardened Gentoo looks nice for servers. I would use Qubes over Tails or Liberte any day, but it does meet a different set of goals kind of. Tails when I last looked at it was focused on being a mobile, portable, non-persistent OS for use on a laptop at a coffee shop or similar. It had the primary goal of leaving no forensically recoverable traces behind when you were done using it, and indeed to leave no traces behind at all. Now it has persistence and it is more of a light weight portable security oriented OS from what I can gather. Liberte was pretty similar last I checked, although based on hardened Gentoo, including a unique messaging system and with persistence from the get go. Ubuntu is just a regular Linux distro, based on Debian, blah blah blah. Qubes is a persistent OS (ie: not live) and it wasn't really designed with portability in mind (ie: not meant to be booted from a CD or flash memory stick). Qubes does put a large emphasis on security though, primarily security via isolation. It does this by letting you set security domains, and then by isolating all of your launched applications in a per-security-domain Xen virtual machine. It even isolates your network card and USB hubs, and supports isolation of any hardware that supports it, provided that your CPU has IOMMU or VT-d flags anyway. It has built in systems for best practices, like the ability to quickly open files in completely isolated disposable virtual machines, the ability to quickly set up isolated Tor routing for very strong protection from leaking your IP address or having it stolen by hackers, a state of the art PDF sanitizing system, an isolated GPG system for protecting private keys and plaintexts, etc. Qubes does have some disadvantages though. The primary issue I have with it is that because it uses Xen virtualization as its back end it doesn't provide ASLR for any of its virtual machines. That means that it is potentially easier to hack an application running on Qubes than it is to hack an application running on something like hardened Gentoo. On the other hand it is a lot harder for an attacker to spread from one application to another. So on hardened Gentoo ASLR might make it harder for a hacker to pwn you via a vulnerability in Firefox, but if they do pwn you then you are totally screwed unless you have layered additional security via isolation mechanisms on top of the default configuration. With Qubes it might be a bit easier for an attacker to pwn you via a vulnerability in Firefox, but they wont be able to get to your external IP address because you will be using Qubes preconfigured isolated Tor, and they wont be able to steal your private GPG key or spy on your plaintexts because you will be using Qubes pre-configured isolated GPG. On hardened Gentoo it might be harder for an attacker to pwn you with an exploit in a pdf file, but on Qubes even if they pwn you with such an exploit it wont matter because you will have opened the pdf in a disposable vm, or you will have used Qubes pdf sanitizing technique to neutralize the exploit prior to viewing the content of the pdf. Oh yeah not to mention that unless you are using isolation techniques yourself, if any windowed application is pwnt with hardened Gentoo the attacker can likely keylog everything you type, but Qubes would only let them keylog everything in the security domain that they compromised. Right now the biggest detriment to Qubes security is the lack of Xen support for stuff like ASLR. hopefully over time Xen will support security features like ASLR, and then Qubes will be even more secure. I definitely think Qubes looks like the best choice for a desktop (as in desktop environment, not desktop machine) user though. Honestly I have never particularly been a fan of either Tails or Liberte, they are neat but I don't think they really are particularly exceptional. Qubes is definitely exceptional and it is on the cutting edge of the security via isolation school of thought, and extremely innovative.