VirtualBox Integration
Donate
VirtualBox Licensing Issues, unavailable in Debian main and Debian backports, missing features. Is VirtualBox an Insecure Choice? Arguments for keeping VirtualBox Support.
Whonix VirtualBox versus Other Virtualizers[edit]
Why use VirtualBox over KVM?[edit]
VirtualBox advantages:
- The virtual network interfaces are better encapsulated inside the VM by VirtualBox.
- Virtual network interfaces by VirtualBox: Are invisible on the host using tools such as "
sudo ifconfig".
- Virtual network interfaces by VirtualBox: Are invisible on the host using tools such as "
- corridor leak tested.
- Therefore Whonix VirtualBox has a higher leak-proofness than Whonix KVM.
KVM disadvantages:
- Virtual network interfaces by KVM: Are visible on the host using tools such as "
sudo ifconfig".- KVM: This complicates leak tests because tshark / wireshark on the host can see connections between Whonix-Workstation™ and Whonix-Gateway™.
- KVM: Therefore also leak-testing using corridor on the host cannot be used
. - KVM: A useful host firewall and/or VPN fail closed mechanism (even if Freedom Software) can break Whonix-Workstation KVM network connectivity. References:
- KVM: Undocumented how to use a host VPN (and therefore failing).
- KVM potential solution: Using
hubportto avoid KVM network interfaces being visible on the host operating system
For the opposite viewpoint, see Why Use KVM Over VirtualBox?
Why use VirtualBox over Qubes?[edit]
Qubes issues:
- change Qubes network policy, UpdatesProxy to network disabled by default for better leak-proofness
- disallow setting netvm of whonix-ws to a non whonix-gw
- self-contained Qubes templates including meta scripts (salt) / improve Qubes-Whonix installation usability
- Absence of add UpdateVM setting to qubes-vm-settings feature leads to user confusion which VM will be used as UpdateVM.
- Qubes should keep IP forwarding in VMs with the provides network (Net Qube) disabled by default #7801
- Qubes-Whonix Security Disadvantages
- Tor Browser default screen resolution different between Qubes Debian & Whonix templates versus plain Debian
- Critical usability issues such as Qubes updater claiming no updates are available even though updates are available, see this.
- Other issues.
Qubes non-issues:
- corridor leak-tested.
Whonix VirtualBox Security[edit]
Whonix is primarily focused on protecting a user's IP address / location.
The leak-proofness of a virtualizer matters from the moment of first usage of Whonix since avoiding leaks is the primary goal of Whonix. The resistance of the virtualizer against virtual machine escape only matters once the VM was compromised with advanced malware.
A primary reason Whonix supports VirtualBox is because it is a familiar, cross-platform virtualizer which can attract more users to Freedom Software, Tor and Linux in general. By remaining highly accessible, Whonix:
- Increases the scope of potential growth in the user base.
- Attracts greater attention as a suitable anonymity-focused operation system.
- Increases the likelihood of additional human resources and monetary contributions.
- Allows novice users to easily test Whonix and learn more about security and anonymity practices.
- Improves the relative security and anonymity of Tor / Tor Browser users by offering a virtualized solution.
- See also Arguments for keeping VirtualBox Support.
Whonix in VirtualBox vs Tor / Tor Browser / Torified Applications on the Host
It is recognized that VirtualBox is far from being an ideal software project.
A common refrain of critics is that VirtualBox is "too weak". This is a theoretical concern and does not have any practical implications at present, since Whonix in VirtualBox is actually more secure than running Tor, Tor Browser or torified applications on the host in many cases; see Whonix Track Record against Real Cyber Attacks.
It is safer for them to run Whonix in VirtualBox, rather than continuing to utilize Tor on the host. For example, Whonix helps to protect against future proxy bypass bugs or software which does not honor proxy settings.
The strength of Whonix and virtualization in general is adherence to the security by isolation principle. VirtualBox critics need to objectively consider how many exploits currently exist for VirtualBox and the track record of exploits. Admittedly, virtual machine exploits may become far more problematic in the future, but at present Whonix is considered to provide more security out of the box running in VirtualBox, than not.
Whonix is a poster child for the Isolating Proxy Concept and Security by Isolation.
Many users still default to running Tor on their Windows or Linux host. Whonix is immediately available to this cohort to substantially improve their real world security. Indeed, Whonix is the only up-to-date OS designed to be run inside a VM and paired with Tor, which is actively maintained and developed. Other similar projects like JanusVM are seriously outdated and no longer actively maintained. [1]
Whonix cannot serve all target audiences. "Hardcore" users may prefer to build their own custom hardened solutions, while still profiting from Whonix research and source code. Hardened solutions like the Hardened Gentoo based Whonix-Gateway are more difficult to use and therefore cannot be set as the default installation for Whonix.
VirtualBox missing features[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_missing_features
[edit]
[edit]
VirtualBox Guest Additions ISO Freedom vs Non-Freedom[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Guest_Additions_ISO_Freedom_vs_Non-Freedom
VirtualBox Open Source vs Closed Source[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Open_Source_vs_Closed_Source
VirtualBox Integration[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Integration
Fasttrack[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#Fasttrack
Arguments for keeping VirtualBox Support[edit]
- See Why use VirtualBox over KVM?
- See Why use VirtualBox over Qubes?
- KVM is not available to Windows users.
- Simplicity, as in: VirtualBox has a VM import GUI feature.
- Available to users not owning computer providing hardware virtualization. (KVM requires that. QEMU may or may not but is unsupported.)
- Due to Windows users and simplicity it leads to greater popularity, which in theory attracts more users, developers, auditors, payments, etc and is therefore good for the overall health of the project.
- Some Windows/VirtualBox users experimenting with their first Linux (Whonix) will one day become users who mainly use Linux as their host operating system.
- We have a Whonix Windows Installer which installs VirtualBox Whonix VirtualBox VMs because of these reasons.
VirtualBox Oracle VM VirtualBox Extension Pack[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Oracle_VM_VirtualBox_Extension_Pack
Storage Controller Setting[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#Storage_Controller_Setting
Bugs[edit]
[drm:vmw_host_log [vmwgfx]] ERROR Failed to send log[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#Bugs
[sda] Incomplete mode parameter data / Assuming drive cache: write through[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#Bugs
Core Dump[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#Core_Dump
VirtualBox Bug Reports[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Bug_Reports
What Should Be Included In Bug Report[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Bug_Reports
Resize Issues[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Bug_Reports
Bug Report Draft[edit]
https://www.kicksecure.com/wiki/Dev/VirtualBox#Bug_Report_Draft
See Also[edit]
- VirtualBox
- VirtualBox Testers Only Version
- VirtualBox/Recommended Version
- VirtualBox/Other Versions
- VirtualBox/Guest Additions
- VirtualBox/Troubleshooting
- VirtualBox Generic Bug Reproduction
- VirtualBox/Appliance is not signed
- VirtualBox/Higher Screen Resolution without installing VirtualBox Guest Additions
- Virtualization Platform Security
References[edit]
- ↑
In response to whether JanusVM was safe to use, Roger Dingledine of The Tor Project stated in 2011: "No, not safe. Probably has been unsafe to use for years."
The most watertight privacy operating system in the world.
At
Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!