Whonix ™ Variants
Comparison of Different Whonix ™ Variants
The security and usability of the Whonix ™ platform is significantly affected by the hardware and virtualization configuration, and whether a Whonix-Custom-Workstation ™ is created. Qubes-Whonix ™ is currently recommended as providing the best combination of security and usability, although it has strict hardware requirements [archive].
Virtualization and Hardware Configurations
Table: Whonix ™ Platform Comparison
|Variant||Systems||Number of systems||Security||Usability|
|Standard Binary Download||host + VM + VM||2||Basic||Easy to redistribute and install|
|Physical Isolation with Bare-metal Gateway||host + VM + host||3||Equivalent to the standard binary download||Difficult to install and for advanced users only|
|Physical Isolation with Virtualized Gateway||host + VM + host + VM||4||Higher attack surface||Easier to deploy. Four operating systems must be kept updated|
|Physical Isolation without any Virtualization||host + host||4||Nearly the same as standard Physical Isolation.  Without virtual machines, there is no protection against hardware fingerprinting||Difficult to install and for advanced users only|
|Qubes||dom0 + VM + VM||3||Better compartmentalization. See: Why use Qubes over other Virtualizers?||Best|
|OneVM [archive] (ignore page title)||host + VM||2||Deprecated.||-|
|UniStation||host||1||Proof of concept only.||-|
Virtual machines can provide the following security-related features:
- Network isolation: Connections can easily be forced through Tor.
- Hardware isolation: Unique hardware serials can be hidden.
- Roll back feature: Users can revert to clean and/or working snapshots.
- Multi-level security: Multiple clones / VMs / DisposableVMs provide significant protection.
In comparison, live CDs provide:
- Non-persistence: This increases safety in the event of a software compromise. 
- Anti-forensics capability and plausible deniability: If the computer is powered down and RAM has faded or been wiped, remnants of critical information like encryption keys should be impossible to retrieve.
- Update issues: It is difficult to roll out security updates and maintain a fully up-to-date system.
Operating System Configurations
Whonix ™ provides multiple operating system options:
- Debian buster GNU/Linux: The Default-Download-Version is recommended for most users.
- Other Operating Systems: Windows, FreeBSD, other GNU/Linux, and Android Whonix-Custom-Workstation ™ are possible.
There is also a Hardened Gentoo-based Whonix-Gateway ™. This is not recommended as it is outdated, requires a contributor, and is for experts only.
Security Comparison: Whonix ™-Download-Workstation vs. Whonix ™-Custom-Workstation
See Security Comparison: Whonix ™-Download-Workstation vs. Whonix-Custom-Workstation ™. Unless otherwise stated, the documentation and design refers to the Default-Download-Version.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)