Whonix Variants
Donate
Comparison of Whonix in a VM vs Whonix with Physical Isolation with and without virtualized Gateway.
Comparison of Different Whonix Variants[edit]
The security and usability of the Whonix platform is significantly affected by the hardware and virtualization configuration, and whether a Whonix-Custom-Workstation™ is created. Qubes-Whonix™ is currently recommended as providing the best combination of security and usability, although it has
strict hardware requirements
.
Virtualization and Hardware Configurations[edit]
Table: Whonix Platform Comparison
| Variant | Systems | Number of systems | Security | Usability |
|---|---|---|---|---|
| Standard Binary Download | host + VM + VM | 2 | Basic | Easy to redistribute and install |
| Physical Isolation with Bare-metal Gateway | host + VM + host | 3 | Equivalent to the standard binary download | Difficult to install and for advanced users only |
| Physical Isolation with Virtualized Gateway | host + VM + host + VM | 4 | Higher attack surface | Easier to deploy. Four operating systems must be kept updated |
| Physical Isolation without any Virtualization | host + host | 4 | Nearly the same as standard Physical Isolation [1] Without virtual machines, there is no protection against hardware fingerprinting | Difficult to install and for advanced users only |
| Qubes | dom0 + VM + VM | 3 | Better compartmentalization. See: Why use Qubes over other Virtualizers? | Best |
| OneVM (ignore page title)
|
host + VM | 2 | Deprecated | - |
| UniStation | host | 1 | Proof of concept only | - |
Virtual machines can provide the following security-related features:
- Network isolation: Connections can easily be forced through Tor.
- Hardware isolation: Unique hardware serials can be hidden.
- Roll back feature: Users can revert to clean and/or working snapshots.
- Multi-level security: Multiple clones / VMs / Disposables provide significant protection.
In comparison, live CDs provide:
- Non-persistence: This increases safety in the event of a software compromise. [2]
- Anti-forensics capability and plausible deniability: If the computer is powered down and RAM has faded or been wiped, remnants of critical information like encryption keys should be impossible to retrieve.
- Update issues: It is difficult to roll out security updates and maintain a fully up-to-date system.
Operating System Configurations[edit]
Whonix provides multiple operating system options:
- Debian bookworm GNU/Linux: The Default-Download-Version is recommended for most users.
- Other Operating Systems: Windows, FreeBSD, other GNU/Linux, and Android Whonix-Custom-Workstation are possible.
Users should refer to Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation before choosing this option. A number of anonymity protections must be manually configured in Whonix-Custom-Workstation.
Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation[edit]
See Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation. Unless otherwise stated, the documentation and design refers to the Default-Download-Version.
Old Instructions[edit]
Footnotes[edit]
- ↑ For further discussion of this issue, see: More or Less Protection inside a VM?
- ↑ Unless sophisticated and targeted malware manages to leverage the exploit, leading to a compromise of firmware or other persistent systems (like BIOS).
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!