[Whonix-devel] survey: consideration to drop VirtualBox support for Linux users

[M. Edward (Ed) Borasky]

On Wed, Mar 19, 2014 at 8:53 PM, Whonix | Privacy and Anonymity OS
<newblogpost at whonix.org> wrote:
> TLDR:
> As a Linux user(!), would you mind to use Whonix with KVM instead of VirtualBox?

I would prefer kvm! I run Fedora Linux, which doesn't ship VirtualBox
for licensing reasons. VirtualBox is also a lot slower than kvm.

>
> How important is VirtualBox to you, if you could use KVM instead?
See above. As far as I'm concerned VirtualBox is the worst possible
desktop virtualizer out there.

>
> What features in VirtualBox do you believe are superior to KVM?
Really, since Fedora 20 has the latest virt-manager desktop tools,
there's nothing VirtualBox has going for it except for running
pre-existing appliances built for it.

>
> Which things in KVM do you dislike?
It doesn't run on Windows or MacOS X ;-)

>
> Long:
> This one needs user feedback.
>
> First of all, relax. Nothing has been decided yet. I am just thinking aloud. Without the controversy, there can not be real progress.
>
> Maybe it is too early to even think about this yet, because running Whonix in KVM development hasn't finished yet. However, if development continues at current speed, I predict it won't be long until we can open it up for wider testing.
>
> On of Whonix's biggest usability failures is, that no easy, secure and recommend way to get files inside a VM and how to backup from VMs. We only have a list of methods (https://www.whonix.org/wiki/File_Transfer) but none of these is ideal.
>
> Jason just started a very much needed development discussion about this. (https://github.com/Whonix/Whonix/issues/131) I added an overview of current status and thoughts to that thread.
>
> Moreover I tried to come up with usable, yet secure solution, that is.
>
> Windows users:
>
>         - recommend to use USB extensions
>         - they're using lots of closed source software already anyway
>         - they're downloading and blindly trusting VirtualBox in binary form from oracle without gpg verification already anyway, the closed source USB extensions shouldn't make it any worse
>         - we add screenshot / video instructions for installing and using this feature
>         - file transfer question solved

Putty/SCP/SFTP is how I'd do it on a Windows host, ordinary scp/sftp
on a Linux (kvm) host. Of course, with a VirtualBox or VMware host you
can share guest and host files with a couple of mouse clicks.

>
> Linux users:
>
>         - recommend to use KVM over VirtualBox
>         - they're accustomed to using more difficult solutions already anyway
>         - there are reasons for Use KVM Over VirtualBox anyway
>         - if this solution is as simple as it seems, file transfer issue would be solved
>
> Thoughts?

Windows 8 (Professional) and later have something called Client
Hyper-V available as an option. It's a decent virtualizer; not as
sophisticated a UI as VirtualBox or VMware Workstation but adequate
for an 'embedded' security appliance. The only problems I have with it
are:

1. It ties up the WiFi with the guest network. You need a separate
network connection on a laptop if you want to network from both the
host and the guest. And I'm totally clueless as to the security
implications of all of that.
2. It messes up my wireless USB mouse. That's not fatal - if I disable
and enable it in the device manager on the host it works again.