VirtualBox Integration

From Whonix
< Dev
Jump to navigation Jump to search
VirtualBox Logo

VirtualBox Licensing Issues, unavailable in Debian main and Debian backports, missing features. Is VirtualBox an Insecure Choice? Arguments for keeping VirtualBox Support.

Whonix VirtualBox versus Other Virtualizers[edit]

Why use VirtualBox over KVM?[edit]

VirtualBox advantages:

  • The virtual network interfaces are better encapsulated inside the VM by VirtualBox.
    • Virtual network interfaces by VirtualBox: Are invisible on the host using tools such as "sudo ifconfig".
  • corridor leak tested.
  • Therefore Whonix VirtualBox has a higher leak-proofness than Whonix KVM.

KVM disadvantages:

For the opposite viewpoint, see Why Use KVM Over VirtualBox?

Why use VirtualBox over Qubes?[edit]

Qubes issues:

Qubes non-issues:

Whonix VirtualBox Security[edit]

Whonix is primarily focused on protecting a user's IP address / location.

The leak-proofness of a virtualizer matters from the moment of first usage of Whonix since avoiding leaks is the primary goal of Whonix. The resistance of the virtualizer against virtual machine escapearchive.org only matters once the VM was compromised with advanced malware.

A primary reason Whonix supports VirtualBox is because it is a familiar, cross-platform virtualizer which can attract more users to Freedom Software, Tor and Linux in general. By remaining highly accessible, Whonix:

  • Increases the scope of potential growth in the user base.
  • Attracts greater attention as a suitable anonymity-focused operation system.
  • Increases the likelihood of additional human resources and monetary contributions.
  • Allows novice users to easily test Whonix and learn more about security and anonymity practices.
  • Improves the relative security and anonymity of Tor / Tor Browser users by offering a virtualized solution.
  • See also Arguments for keeping VirtualBox Support.

Whonix in VirtualBox vs Tor / Tor Browser / Torified Applications on the Host

It is recognized that VirtualBox is far from being an ideal software project.

A common refrain of critics is that VirtualBox is "too weak". This is a theoretical concern and does not have any practical implications at present, since Whonix in VirtualBox is actually more secure than running Tor, Tor Browser or torified applications on the host in many cases; see Whonix Track Record against Real Cyber Attacks.

It is safer for them to run Whonix in VirtualBox, rather than continuing to utilize Tor on the host. For example, Whonix helps to protect against future proxy bypass bugsarchive.org or software which does not honor proxy settingsarchive.org.

The strength of Whonix and virtualization in general is adherence to the security by isolation principle. VirtualBox critics need to objectively consider how many exploits currently exist for VirtualBox and the track record of exploits. Admittedly, virtual machine exploits may become far more problematic in the future, but at present Whonix is considered to provide more security out of the box running in VirtualBox, than not.

Whonix is a poster child for the Isolating Proxy Conceptarchive.org and Security by Isolationarchive.org.

Many users still default to running Tor on their Windows or Linux host. Whonix is immediately available to this cohort to substantially improve their real world security. Indeed, Whonix is the only up-to-date OS designed to be run inside a VM and paired with Tor, which is actively maintained and developed. Other similar projects like JanusVMarchive.org are seriously outdated and no longer actively maintained. [1]

Whonix cannot serve all target audiences. "Hardcore" users may prefer to build their own custom hardened solutions, while still profiting from Whonix research and source code. Hardened solutions like the Hardened Gentoo based Whonix-Gateway are more difficult to use and therefore cannot be set as the default installation for Whonix.

VirtualBox missing features[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_missing_featuresarchive.org

VirtualBox Unavailable in Debian stable and backports due to Debian Stable Security Maintenance Issues[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Unavailable_in_Debian_stable_and_backports_due_to_Debian_Stable_Security_Maintenance_Issuesarchive.org

VirtualBox Unavailable in Debian main due to Licensing Issues[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Unavailable_in_Debian_main_due_to_Licensing_Issuesarchive.org

VirtualBox Guest Additions ISO Freedom vs Non-Freedom[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Guest_Additions_ISO_Freedom_vs_Non-Freedomarchive.org

VirtualBox Open Source vs Closed Source[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Open_Source_vs_Closed_Sourcearchive.org

VirtualBox Integration[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Integrationarchive.org

Fasttrack[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#Fasttrackarchive.org

Arguments for keeping VirtualBox Support[edit]

  • See Why use VirtualBox over KVM?
  • See Why use VirtualBox over Qubes?
  • KVM is not available to Windows users.
  • Simplicity, as in: VirtualBox has a VM import GUI feature.
  • Available to users not owning computer providing hardware virtualization. (KVM requires that. QEMU may or may not but is unsupported.)
  • Due to Windows users and simplicity it leads to greater popularity, which in theory attracts more users, developers, auditors, payments, etc and is therefore good for the overall health of the project.
  • Some Windows/VirtualBox users experimenting with their first Linux (Whonix) will one day become users who mainly use Linux as their host operating system.
  • We have a Dev/Windows Installer|Whonix Windows Installer]] which installs VirtualBox Whonix VirtualBox VMs because of these reasons.

VirtualBox Oracle VM VirtualBox Extension Pack[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Oracle_VM_VirtualBox_Extension_Packarchive.org

Storage Controller Setting[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#Storage_Controller_Settingarchive.org

Bugs[edit]

[drm:vmw_host_log [vmwgfx]] ERROR Failed to send log[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#Bugsarchive.org

[sda] Incomplete mode parameter data / Assuming drive cache: write through[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#Bugsarchive.org

Core Dump[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#Core_Dumparchive.org

VirtualBox Bug Reports[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Bug_Reportsarchive.org

What Should Be Included In Bug Report[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Bug_Reportsarchive.org

Resize Issues[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#VirtualBox_Bug_Reportsarchive.org

Bug Report Draft[edit]

https://www.kicksecure.com/wiki/Dev/VirtualBox#Bug_Report_Draftarchive.org

See Also[edit]

References[edit]

  1. In response to whether JanusVM was safe to use, Roger Dingledine of The Tor Project stated in 2011archive.org: "No, not safe. Probably has been unsafe to use for years."

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!