Whonix Variants

Comparison of Different Whonix Variants[edit]

The security and usability of the Whonix platform is significantly affected by the hardware and virtualization configuration, and whether a Whonix-Custom-Workstation is created. Qubes-Whonix is currently recommended as providing the best combination of security and usability, although it has strict hardware requirements.

Virtualization and Hardware Configurations[edit]

Table: Whonix Platform Comparison

Name Number of systems Security Usability
Standard Binary Download host+VM+VM=3 Basic Easy to redistribute and install
Physical Isolation with Bare-metal Gateway host+VM+host=3 Equivalent to the standard binary download Difficult to install and for advanced users only
Physical Isolation with Virtualized Gateway host+VM+host+VM=4 Higher attack surface Easier to deploy. Four operating systems must be kept updated
Physical Isolation without any Virtualization host+host=2 Nearly the same as standard Physical Isolation. [1] Without virtual machines, there is no protection against hardware fingerprinting Difficult to install and for advanced users only
Qubes dom0+VM+VM=3 Better compartmentalization. See Why use Qubes over other Virtualizers? Best

Virtual machines can provide the following security-related features:

  • Network isolation: Connections can easily be forced through Tor.
  • Hardware isolation: Unique hardware serials can be hidden.
  • Roll back feature: Users can revert to clean and/or working snapshots.
  • Multi-level security: Multiple clones / VMs / DisposableVMs provide significant protection.

In comparison, live CDs provide:

  • Non-persistence: This increases safety in the event of a software compromise. [2]
  • Anti-forensics capability and plausible deniability: If the computer is powered down and RAM has faded or been wiped, remnants of critical information like encryption keys should be impossible to retrieve.
  • Update issues: It is difficult to roll out security updates and maintain a fully up-to-date system.

Operating System Configurations[edit]

Whonix provides multiple operating system options:

  • Debian stretch GNU/Linux: The Default-Download-Version is recommended for most users.
  • Other Operating Systems: Windows, FreeBSD, other GNU/Linux, and Android Custom-Whonix-Workstations are possible.

There is also a Hardened Gentoo-based Whonix-Gateway. This is not recommended as it is outdated, requires a maintainer, and is for experts only.

Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation[edit]

See Security Comparison: Whonix-Download-Workstation vs. Whonix-Custom-Workstation. Unless otherwise stated, the documentation and design refers to the Default-Download-Version.


  1. For further discussion of this issue, see: More or Less Protection inside a VM?
  2. Unless sophisticated and targeted malware manages to leverage the exploit, leading to a compromise of firmware or other persistent systems (like BIOS).

Random News:

Don't mind having your name connected to Whonix? Follow us on Twitter / Facebook / g+.

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)

Whonix is provided by ENCRYPTED SUPPORT LP. See Imprint.