Jump to: navigation, search

Install Software

Easy[edit]

One of the main goals of Whonix is to greatly reduce the risk through any (additional) software not exclusively designed to use with Tor.

You can install any software inside Whonix-Workstation using apt-get, since it's based on Debian.

Whonix is currently the safest method to run Tor-unsafe applications such as Adobe Flash (see the comparison).

This is not a recommendation for installing additional software.

On the Software page you'll find:

  • Applications for different tasks, which are already installed on Whonix by default.
  • Software recommendations for different tasks.
  • Safety advice.
  • Installation instructions.

Recommendation to Install Packages from Debian Stable Repository[edit]

If the rationale for installing new software outweigh the risks, it is preferred to install software from Debian's Stable repository rather than the Testing / Unstable or 3rd Party repositories. Also, manually installed packages, even trusted ones, do not tend to get updated by the user in a timely fashion.

Debian FAQ:

Stable is rock solid. It does not break and has full security support. But it not might have support for the latest hardware.


If security or stability are at all important for you: install stable. period. This is the most preferred way.


Since there is typically over 1 year between releases you might find that stable contains old versions of packages. However, they have been tested in and out. One can confidently say that the packages do not have any known severe bugs, security holes etc., in them. The packages in stable integrate seamlessly with other stable packages. These characteristics are very important for production servers which have to work 24 hours a day, 7 days a week.


On the other hand, packages in testing or unstable can have hidden bugs, security holes etc., Moreover, some packages in testing and unstable might not be working as intended.

Debian Backports:

Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!

GUI Applications with Root Rights[edit]

Never login as root user (sudo su or run GUI applications using sudo application. This will fail. This is a limitation inherited by Debian. You will see error messages such as.

No protocol specified
cannot connect to X server :0

As KDE user (Whonix default) use kdesudo application. Otherwise use gksudo application. For example.

Open /etc/tor/torrc in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run:

kdesudo kwrite /etc/tor/torrc

If you are using a terminal-only Whonix, run:

sudo nano /etc/tor/torrc

More Security[edit]

Introduction[edit]

Installing additional software... (see the comparison)

Advantages:

Disadvantages:

  • You should still try to prevent any other protocol leaks using the TorifyHOWTO (but most of those are mitigated by using Whonix).
  • When you are updating using apt-get, you'll leak which software packages and versions you have installed, see Software updaters. This information can not be directly linked to any other activity, such as web browsing, because the Whonix apt-get uwt wrapper forces apt-get to go through its own circuit. But there are still risks for correlation to the same pseudonym. [1] [2]
  • If you install additional software, you always increase the attack surface[3].

You should update using the guidelines below.

Extra care is needed when adding extra custom repositories, especially PPA's (Personal Package Archives). Single developers may be pressured and/or turn malicious more easily than the main repositories.

Read Protocol-Leak-Protection and Fingerprinting-Protection first! (Many leaks, such as DNS and IP related leaks do not apply to Whonix; etc.)

The TorifyHOWTO contains documentation about protocol leaks and how to mitigate them.

Also see Transparent Proxy Leaks. (Mostly Microsoft Windows related)

How to install or update with most caution?[edit]

  1. Stop all your activities. [4]
  2. Change your circuit. [5]
  3. Update using apt-get after a random delay.
  4. Change your circuit again.
  5. Continue your activities later with a random delay.

Whonix-Workstation is firewalled[edit]

This is just an informational chapter if you are interested in server software or other advanced or otherwise uncommon applications.

This means:

  • does not support incoming connections
    • however, if you make outgoing connections, the following incoming connections are accepted (web browsing, irc, etc. works)
    • so called server ports
    • or also called open ports
    • Ident Protocol / web server listening port is not reachable, unless you explicitly configure it
  • you can host Hidden Services
  • the firewall can be found on the Whonix-Gateway /usr/bin/whonix_firewall
  • Standard DNS requests on UDP port 53 will be redirected to Tor's DnsPort. If you change the DNS server in /etc/resolv.conf in Whonix-Workstation, this will probably have no effect, since the firewall on Whonix-Gateway will redirect all those requests to Tor's DnsPort. (However, if you are tunneling/encrypting a DNS request, as per Secondary DNS Resolver (DNSCrypt, httpsdnsd) it will work.)

Also note:

  • Tor does not support UDP. This is not a Whonix issue.
  • Tor does not support IPv6. This is not a Whonix issue.
  • All traffic from Whonix-Workstation and Whonix-Gateway is routed over Tor. [6] [7] [8] [9] (<-- read the footnotes)

Whonix's firewall on the Whonix-Gateway is very restrictive. You can make it even more restrictive by activating #OptionalFeatureNr.3# within the firewall script. It's possible to limit, which outgoing ports will be redirected to Tor's TransPort. Depending on what you want to achieve, it could be useful to remove all SocksPorts.

Related:

Advanced[edit]

Backports[edit]

sudo su -c "echo -e 'deb http://http.debian.net/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list"

Apt-Pinning provides a safe mechanism to mix and match packages from different Debian repo branches without breaking your base distro.

A higher pin priority ensures that only the stable package version is preferred over any other when installing with apt. Note that these files have a .pref extension or none at all.

Open /etc/apt/preferences.d/debian-pinning.pref in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run:

kdesudo kwrite /etc/apt/preferences.d/debian-pinning.pref

If you are using a terminal-only Whonix, run:

sudo nano /etc/apt/preferences.d/debian-pinning.pref

Paste:

Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=jessie-backports
Pin-Priority: 650

Package: *
Pin: release a=testing
Pin-Priority: 600

Package: *
Pin: release a=unstable
Pin-Priority: 550

Package: *
Pin: release a=experimental
Pin-Priority: 500

Save.

Update your package lists.

sudo apt-get update

Install software.

sudo apt-get -t jessie-backports install packagename

  • Replace packagename with the package you actually want to install.

Reinstallation of Packages[edit]

Mostly as per free support principle. Normal Debian.

Explained using the iceweasel package. You can substitute iceweasel with many other packages, that do not have too many dependencies. Do not try this with any packages that are required for connectivity such as tor, as reinstallation would be very difficult and unsupported.

Only complication sometimes is, such as in the example of the iceweasel package that the anon-workstation-packages-recommended package depends on iceweasel. And the whonix-workstation package depends on anon-workstation-packages-recommended.

Update your package lists and upgrade before you start. See Update for instructions.

Purge the package you want to reinstall.

sudo apt-get purge iceweasel

Will show something like this.

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  anon-workstation-packages-recommended* iceweasel* whonix-workstation*
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
After this operation, 90.8 MB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 100681 files and directories currently installed.)
Removing whonix-workstation (3:2.9-1) ...
Removing anon-workstation-packages-recommended (3:2.9-1) ...
Removing iceweasel (38.4.0esr-1~deb8u1) ...
Removing 'diversion of /usr/bin/firefox to /usr/bin/firefox.real by iceweasel'
Purging configuration files for iceweasel (38.4.0esr-1~deb8u1) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Processing triggers for menu (2.1.47) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for qubes-core-agent (3.0.20-1+deb8u1) ...
Processing triggers for mime-support (3.58) ...

The packages anon-workstation-packages-recommended and whonix-workstation have been inadvertently uninstalled due to technical limitations. [10] We will reinstall them later.

Delete user config folder if that is what you want. In the example of iceweasel, that would be the following. (Differs depending on package.)

rm -r ~/.mozilla

Reinstall. (You could also drop the --no-install-recommends as a matter of preference.)

sudo apt-get install --no-install-recommends iceweasel anon-workstation-packages-recommended whonix-workstation

Related to: Whonix Debian Packages.

Foreign Sources[edit]

In most cases, the programs of the official Debian repositories is enough. Thousands of programs can be installed in a couple of steps. These packages are constantly maintained for bug/security fixes and tightly integrated to provide a stable distribution. However, the Linux software scene is very dynamic and sometimes you will want to use software that has not been packaged in Debian yet.

In these cases it may be necessary to install software from a separate sources, either from third party repositories, as a stand-alone precompiled .deb or directly compiled source programs.

Risks[edit]

The use of foreign sources should be kept to a minimum, as it could cause problems. Note that this is not an absolute outcome of installing third party software, but a warning about possible worst case scenarios.

Security Issues[edit]

Keep in mind that there are important security implications for the system. Installing software on your computer is tantamount to granting root privileges to the developers. When installing software from dubious sources it is in fact possible that important system components are replaced with malicious versions to install backdoors or "Trojan horses" on the system.

In general, the installation of software is a matter of trust. The fact is that you have to trust every source from which you installed software. Trust has to be present on two levels. First, you have to trust that the developers have integrity and secondly you have to place your trust in the community to notice anything suspicious in the code which could be a result of the developers machines being compromised. With reproducible package builds on the horizon, the security risk will be minimal.

Dependency Hell[edit]

Manually installed packages can contain library versions not available in the standard repositories. This messes up dependency resolution when installing additional software from the official repository. Individual applications are to be considered less critical in this context, but when it comes to important system libraries in the third-party software, complications are inevitable.

Depending on how severe, upgrades to the next version of the operating system might fail and it could become non bootable or have other stability issues.

Mitigation[edit]

You can reduce security risks and eliminate the risk to make your other workstation unusable by using Multiple Whonix-Workstations.

Footnotes[edit]

  1. For example, if you announced somewhere, that you are an X user and have a specific set of x, y, and z installed, this information may be available to an adversary. If you run apt-get (which goes through its own circuit) through any exit relays, mirrors or ISP's controlled by the adversary, it's possible for the adversary to guess, that it's the same pseudonym, which is running it. In that case the adversary gets your list of installed packages, can run stale mirror attack (only if you are using a custom build using Ubuntu, see About Ubuntu), or can try other attacks against apt-get.
  2. Another example, if you run a hidden service with a specific set of server software, let's say apache, mediawiki, phpbb, x, y, z... it's similar to the previous note.
  3. https://en.wikipedia.org/wiki/Attack_surface
  4. One way to do it is using Arm (see Tor Controller): Go to your Whonix-Gateway and start arm. Press m for menu, go down to New Identity and press enter.
  5. Maybe not, if you're running a hidden service?
  6. Since Whonix 0.2.1 also the Whonix-Gateway traffic is routed over Tor. This prevents telling the world that the user is a Whonix user.
  7. To preserve anonymity of activities the user is doing inside Whonix-Workstation, it would not be required to torify Whonix-Gateway's own traffic.
  8. For your interest: if you were to change DNS settings on Whonix-Gateway in /etc/resolv.conf, this would only affect Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. Actually, by default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway issuing network traffic (apt-get, whonixcheck, timesync) are explicitly configured (or forced by uwt wrappers) to use their own Tor SocksPort (see Stream Isolation).
  9. Whonix-Workstation's default applications are configured to use separate Tor SocksPort's (see Stream Isolation), thus not using the system's default DNS resolver. Any applications on Whonix-Workstation, not configured for stream isolation (for example nslookup), will use the default DNS server configured in Whonix-Workstation in /etc/network/interfaces, which is Whonix-Gateway. Those DNS requests will be redirected to Tor's DnsPort by Whonix-Gateway's firewall. (Therefore Whonix-Gateway's /etc/resolv.conf does not affect Whonix-Workstation's DNS requests.
  10. Whonix_Debian_Packages#Technical_Stuff

Random News:

Want to make Whonix more safe and usable? We're looking for helping hands. Check out Open Issues and development forum.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.