Qubes/Why use Qubes over other Virtualizers
Why use Qubes over other Virtualizers?
The Qubes project is focusing on providing the Qubes OS desktop operating system that runs a virtualizer. Not a general purpose operating system where the ability to install a virtualizer is just another feature.
- Network stack, WiFi drivers are running in a dedicated network VM, which reduces attack surface.
- Qubes actively discourages using the host (dom0) for any other purposes than running VMs.
- Firewalled / no open incoming ports by default.
- No networking on the host (dom0). Even the download part of fetching host (dom0) upgrades is done in a dedicated UpdateVM (currently by default NetVM), before those are verified and installed on dom0.
- DisposableVMs 
- Joanna Rutkowska, security researcher, developer of Qubes OS made a security comparison about software compartmentalization vs. physical separation (pdf), that concluded, that in some cases, notably for specific, desktop-related workflows, Physical Isolation might be less secure sometimes than Qubes (software compartmentalization) approach.
- Supports Anti Evil Maid (AEM).
- No microphones attached to VMs by default.
- TCP timestamps disabled by default. 
- ICMP timestamps disabled by default. 
- Creating new VMs is very easy and very fast.
- The VMs start menu is integrated into the host's (dom0) start menu.
- Usable, secure clipboard and files copy and paste.
- Easier backup / restore of VMs.
- Keyboard layout only needs to be configured once in dom0.
- No duplicate task bars.
- Default seamless mode for windows. (Similar to VirtualBox’s Seamless Mode or VMware’s Unity Mode. ) Yet, distinction of which window comes from what VM is easily possible. 
- VMs start up much faster, because fewer services need to be started.
- AppVMs therefore also take much less RAM.
- AppVMs take much fewer disk space, because those can share the root image of the TemplateVM. (Read more: TemplateImplementation)
Qubes-Whonix advantages over Non-Qubes-Whonix
- Easy to tunnel whole system including host (dom0) updates through Tor (besides sys-net and sys-firewall).
- Multiple Whonix-Workstations AppVMs can easily use the same Whonix-Gateway ProxyVM without being able to contact each other. 
- Downloads of Whonix TemplateVM images are using cryptographic signatures of the dom0 package manager (qubes-dom0-update / dnf) which makes verification transparent (doing it for the user without knowing it).
- Easier installation.
- As an option during Qubes installer.
- Or later download from Qubes repository.
- Non-Qubes-Whonix specific known issues do not apply.
- No confusing Network Manager Systray Unmanaged Devices, since there is no duplicate taskbar.
- No confusion by the VM timezone set to UTC (for anonymity reasons) , since there is no duplicate taskbar. 
- Watching videos using VLC works out of the box.  
- No duplicate sound settings.  
- Easier installation.
- There are no disposable Whonix VMs yet, but Qubes encourages using regular / DisposableVMs.
- Computer_Security_Education#Disable ICMP Timestamps
- This issue for non-Qubes-Whonix is documented on the Multiple Whonix-Workstations wiki page.
- Whonix VirtualBox issues: VLC / Video Player Crash
- Whonix KVM Video issue: https://www.whonix.org/old-forum/index.php/topic,1768.0.html
- Whonix VirtualBox: You have duplicate sound settings withing VMs.
- Whonix KVM: https://www.whonix.org/old-forum/index.php/topic,1767.0.html
Impressum | Datenschutz | Haftungsausschluss
Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.