Windows Hosts

From Whonix

Windows as Malware[edit]

The Free Software Foundation (FSF) is scathing in its analysis of Windows, due to the threats posed to personal freedoms, privacy and security. Regardless of the version being used the FSF classifies Windows as "malware", meaning the software is designed to function in ways that mistreat or harm the user. [1] [2]

Windows Backdoors and User Freedoms[edit]

A number of conscious decisions by Microsoft severely limit user freedoms, as well as seriously undermining the security of the platform.

Table: Windows Backdoors and User Freedom Threats

Category Description
Encryption Microsoft has backdoored its disk encryption [archive].
Forced Updates Microsoft has a history of updating software without permission [archive]; this represents a universal backdoor to impose any changes they like.
Forced Upgrades
Software Choice and Deletion
Trust The German government does not trust that Windows 8 and the Trusted Platform Module (TPM) v2.0 is not a backdoored combination [archive].
User Freedoms

Windows Insecurity[edit]

The supposition that proprietary software is free of grave bugs is demonstrably false. In fact, the popularity of Windows platforms on desktops actually increases the risk, as attackers target the near monocultural operating system environment with regularity, for example:

Windows Sabotage[edit]

The following table highlights Microsoft technical actions that harm users of specific hardware or software.

Table: Windows Sabotage

Category Description
Adversary Collaboration
Enforced Upgrades
Platform and Hardware Support
Tiered Security Microsoft has announced that starting with Windows 10, it will begin forcing lower-paying customers to test less-secure new updates [archive] before giving higher-paying customers the option of whether or not to adopt them.

Windows Interference[edit]

Microsoft often releases proprietary programs or updates that destabilize or reduce the utility of the user's system:

Windows Surveillance[edit]

Table: Windows Surveillance Threats

Category Description
Adversary Collaboration
Telemetry and Personal Data

In summary, Microsoft has grand ambitions that are centered around interference, backdoors, sabotage, surveillance, the curtailing of user freedoms, and practices which undermine platform security. On that basis, Windows is a platform incapable of being properly secured by those with a serious interest in anonymity.

Windows Analysis[edit]

Forfeited Privacy Rights[edit]

By now the reader should be convinced that just by using any version of Windows, the right to privacy is completely forfeited. Windows is incompatible with the intent of Whonix and the anonymous Tor Browser, since running a compromised Windows host shatters the trusted computing base which is part of any threat model. Privacy is inconceivable if any information that is typed or downloaded is provided to third parties, or programs which are bundled as part of the OS regularly "phone home" by default [archive].

Inescapable Telemetry[edit]

The fact that there is no way to completely remove or disable telemetry requires further consideration. For instance, non-enterprise editions do not permit anyone to completely opt-out of the surveillance "features" [archive] of Windows 10. Even if some settings are tweaked to limit this behavior, it is impossible to trust those changes will be respected. Even the Enterprise edition was discovered to completely ignore privacy settings and anything that disables contact with Microsoft servers.[3]

Any corporation which forces code changes on a user's machine, despite Windows updates being turned off many times before, is undeserving of trust. [4] [5] [6] [7] [8] Windows 10 updates have been discovered to frequently reset or ignore telemetry privacy settings. [9] Microsoft backported this behavior to Windows 7 and 8 [archive] for those that held back, so odds are Windows users are already running it.

Windows Insecurity[edit]

Ignoring for a moment its own built-in malware, Windows is a pile of legacy code full of security holes that is easily compromised. Microsoft's willingness to consult with adversaries and provide zero days [archive] before public fixes are announced logically places Windows users at greater risk, especially since adversaries buy security exploits from software companies [archive] to gain unauthorized access [archive] into computer systems. [10] Even the Microsoft company president has harshly criticized adversaries for stockpiling vulnerabilities [archive] that when leaked, led to the recent ransomware crisis world-wide.

Microsoft updates also use weak cryptographic verification methods such as MD5 and SHA-1. In 2009, the CMU Software Engineering Institute stated that MD5 "...should be considered cryptographically broken and unsuitable for further use". [11] In 2012, the Flame malware exploited the weaknesses in MD5 to fake a Microsoft digital signature. [12]

Windows is not a security-focused operating system [archive]. Due to Microsoft's restrictive, proprietary licensing policy for Windows, there are no legal software projects that are providing a security-enhanced Windows fork. In contrast, the Linux community has multiple Freedom Software Linux variants that are strongly focused on security, like Qubes OS [archive].

Windows Software Sources[edit]

Before Windows 8, there was no central software repository comparable to Linux where software could be downloaded safely. This means a large segment of the population remains at risk, since many Windows users [archive] are still running Windows 7. [13]

On the Windows platform, a common way to install additional software is to search the Internet and install the relevant program. This is risky, since many websites bundle software downloads with adware, or worse malware. Even if software is always downloaded from reputable sources, they commonly act in very insecure ways. For example, if Mozilla Firefox is downloaded from a reputable website like, [14] then until recently, the download would have taken place over an insecure, plain http connection. [15] In that case, it is trivial for ISP level adversaries, Wi-Fi providers and others to mount man-in-the-middle attacks and to inject malware into the download. But even if https is used for downloads, this would only provide a very basic form of authentication.

To keep a system secure and free of malware it is strongly recommended to always verify software signatures. However, this is very difficult, if not impossible for Windows users. Most often, Windows programs do not have software signature files (OpenPGP / gpg signatures) that are normally provided by software engineers in the GNU/Linux world. For this reason it is safe to assume that virtually nobody using a Windows platform is regularly benefiting from the strong authentication that is provided by software signature verification.

In contrast, most Linux distributions provide software repositories. For example, Debian and distributions based on Debian are using apt-get. This provides strong authentication because apt-get verifies all software downloads against the Debian repository signing key. Further, this is an automatic, default process which does not require any user action. Apt-get also shows a warning should there be attempts to install unsigned software. Even when software is unavailable in the distribution's software repository, in most cases OpenPGP / gpg signatures are available. In the Linux world, it is practically possible to always verify software signatures.

Freedom Software Superiority[edit]

Based on the preceding section and analysis, it is strongly recommended to learn more about GNU/Linux and install a suitable distribution to safeguard personal rights to security and privacy. Otherwise, significant effort is required to play "whack-a-mole" with Windows malware, which routinely subjects users to surveillance, limits choice, purposefully undermines security, and harasses via advertisements, forced updates, remote removal of applications without consent, and so on.

Open Source software [archive] like Qubes, Linux [archive] and Whonix ™ [archive] is more secure than closed source [archive] software. The public scrutiny of security by design [archive] has proven to be superior to security through obscurity [archive]. This aligns the software development process with Kerckhoffs' principle [archive] - the basis of modern cipher [archive]-systems design. This principle asserts that systems must be secure, even if the adversary knows everything about how they work. Generally speaking, Freedom Software projects are much more open and respectful of the privacy rights of users. Freedom Software projects also encourage security bug reports, open discussion, public fixes and review.


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Want to make Whonix safer and more usable? We're looking for helping hands. Check out the Open Issues [archive] and development forum [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.