Whonix ™ Variants

From Whonix

Comparison of Different Whonix ™ Variants[edit]

The security and usability of the Whonix ™ platform is significantly affected by the hardware and virtualization configuration, and whether a Whonix-Custom-Workstation ™ is created. Qubes-Whonix ™ is currently recommended as providing the best combination of security and usability, although it has strict hardware requirements.

Virtualization and Hardware Configurations[edit]

Table: Whonix ™ Platform Comparison

Variant Number of systems Security Usability
Standard Binary Download host+VM+VM=3 Basic Easy to redistribute and install
Physical Isolation with Bare-metal Gateway host+VM+host=3 Equivalent to the standard binary download Difficult to install and for advanced users only
Physical Isolation with Virtualized Gateway host+VM+host+VM=4 Higher attack surface Easier to deploy. Four operating systems must be kept updated
Physical Isolation without any Virtualization host+host=2 Nearly the same as standard Physical Isolation. [1] Without virtual machines, there is no protection against hardware fingerprinting Difficult to install and for advanced users only
Qubes dom0+VM+VM=3 Better compartmentalization. See: Why use Qubes over other Virtualizers? Best

Virtual machines can provide the following security-related features:

  • Network isolation: Connections can easily be forced through Tor.
  • Hardware isolation: Unique hardware serials can be hidden.
  • Roll back feature: Users can revert to clean and/or working snapshots.
  • Multi-level security: Multiple clones / VMs / DisposableVMs provide significant protection.

In comparison, live CDs provide:

  • Non-persistence: This increases safety in the event of a software compromise. [2]
  • Anti-forensics capability and plausible deniability: If the computer is powered down and RAM has faded or been wiped, remnants of critical information like encryption keys should be impossible to retrieve.
  • Update issues: It is difficult to roll out security updates and maintain a fully up-to-date system.

Operating System Configurations[edit]

Whonix ™ provides multiple operating system options:

  • Debian buster GNU/Linux: The Default-Download-Version is recommended for most users.
  • Other Operating Systems: Windows, FreeBSD, other GNU/Linux, and Android Whonix-Custom-Workstation ™ are possible.

Info Users should refer to Security Comparison: Whonix ™-Download-Workstation vs. Whonix-Custom-Workstation ™ before choosing this option. A number of anonymity protections must be manually configured in Whonix-Custom-Workstation ™.

There is also a Hardened Gentoo-based Whonix-Gateway ™. This is not recommended as it is outdated, requires a maintainer, and is for experts only.

Security Comparison: Whonix ™-Download-Workstation vs. Whonix ™-Custom-Workstation[edit]

See Security Comparison: Whonix ™-Download-Workstation vs. Whonix-Custom-Workstation ™. Unless otherwise stated, the documentation and design refers to the Default-Download-Version.


  1. For further discussion of this issue, see: More or Less Protection inside a VM?
  2. Unless sophisticated and targeted malware manages to leverage the exploit, leading to a compromise of firmware or other persistent systems (like BIOS).

[advertisement] Looking to Sell Your Company? Contact me.

Want to get involved with Whonix ™? Check out our Contribute page.

https | (forcing) onion
Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png 1024px-Telegram 2019 Logo.svg.png

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.