[tor-talk] [tor-dev] Porting Tor Browser to the BSDs

WhonixQubes whonixqubes at riseup.net
Tue Apr 14 21:41:30 UTC 2015 

On 2015-04-14 1:05 pm, Apple Apple wrote:
> I'm not too familiar with Whonix. May I ask what it does exactly to 
> protect
> the system from a malicious actor with root level access to the 
> "gateway"
> machine?


Dave's response addresses this. The point is not to absolutely isolate 
the Whonix-Gateway where the Tor process is. Although, the 
Whonix-Gateway does force its own connections through Tor, but not 
secure against root-privileged malware.

Rather, the point is for your user machine (Whonix-Workstation) to be 
securely isolated from reaching the clearnet, getting your real IP or 
MAC address, etc.

You don't want the Tor process to be in the same security domain as the 
user applications, since something malicious or misbehaving can simply 
bypass it in one shot. Tails puts them both in the same general security 
domain, so Tor protection can be bypassed and then it is game over.


> Additionally is there any analysis or guidance on the safe hardware and
> software configuration of virtual machines from the Whonix project?
> 
> As you may be aware, virtual machines are not a security product in and 
> of
> themselves and they are certainly not magic.


The reality of this is somewhat different with Qubes.

This is why I launched the Qubes + Whonix project last year.

The security strength of Qubes VM isolation goes meaningfully beyond 
typical VMs.

More info:  https://www.whonix.org/wiki/Qubes



> Do you suppose that it may be the case that malicious software has a 
> harder
> time gaining root privileges on Tails than breaking out of a badly
> configured virtual machine?


I believe it is probably generally harder to break out of a virtual 
machine than root a Linux distro, like Tails, because hypervisors have a 
more limited attack surface compared to a full monolithic OS.

If you use Qubes, then it is infinitely harder to root the host system.


> Do not forget that hypervisor software has bugs too and generally has
> unrestricted access to the host machine.


Right. But hypervisors are more minimal than a full bloated monolithic 
Linux OS with hundreds of millions of lines of code, so naturally less 
general attack surface exists to exploit.

For a usable system, Qubes currently goes the furthest with secure host 
isolation.

I'm also working to push even further towards building even stronger 
security + anonymity systems in the future.


> May I also ask if Whonix addresses the other key feature of Tails which 
> is
> ensuring that there will be no forensic evidence left behind after 
> usage?


Not at this time.

However, with disk encryption, deleting VMs after usage, and overwriting 
disk space, this same anti-forensics effect can be accomplished with 
Whonix.


WhonixQubes

More information about the tor-talk mailing list