Is Qubes partnered with Whonix and is Whonix just as secure as Qubes if you're only using the computer for web stuff?

75 views
Skip to first unread message

O K

unread,
Aug 30, 2019, 11:06:25 AM8/30/19
to qubes-users
I am ONLY using my computer for web stuff, no sensitive files or info on my computer (other than passwords in some sort of secure PW service, that I'll set up).  If I'm running Whonix in a VM, is that as secure as using Qubes for this purpose only?

unman

unread,
Aug 30, 2019, 11:56:48 AM8/30/19
to qubes-users
No, it isnt, if you are looking at Whonix running under Virtualbox or
KVM.
Qubes provides the best compartmentalisation of available options.
There's a comparison of available options on the Whonix wiki.

O K

unread,
Aug 30, 2019, 12:17:48 PM8/30/19
to qubes-users
Ok but for my purpose of being online and wanting my traffic and hardware info isolated (and that's all I'm worried about - mainly anything that can identify me personally), in your opinion do you think Qubes will provide me with significant advantages for my particular needs vs. Whonix?  Thanks.

pixel fairy

unread,
Aug 30, 2019, 7:25:47 PM8/30/19
to qubes-users
Just from what you say here, qubes does provide a significant advantage in the pw setup with keepassx running in its own appvm. other than that, it depends on how hard your adversaries are trying. another advantage of qubes is ease of disposable vms. with whonix youd have to make a template whonix workstation for the same effect, but thats a one time step that you'll probably do anyway.

qubes uses xen, which has a smaller attack surface and much better track record for vm escape vulns. if you cant use that, make sure you keep up to date on virtualbox. if you dont like virtualbox, you might be able to import whonix to libvirt / kvm. https://www.redhat.com/en/blog/importing-vms-kvm-virt-v2v 

you will be fingerprinted as a whonix, and possibly virtualbox / kvm user. 

0brand

unread,
Aug 30, 2019, 10:28:06 PM8/30/19
to pixel fairy, qubes...@googlegroups.com

pixel fairy:
> Just from what you say here, qubes does provide a significant advantage in
> the pw setup with keepassx running in its own appvm.

I think there might be some confusion here. Whonix was designed from the
the ground up to be run inside virtual machines. You can run Whonix in
VirtualBox, KVM *and* Qubes Os. You can run a passwork manager in a
Whonix VM in Qube Os.

other than that, it
> depends on how hard your adversaries are trying. another advantage of qubes
> is ease of disposable vms. with whonix youd have to make a template whonix
> workstation for the same effect, but thats a one time step that you'll
> probably do anyway.

Since Whonix can be run in Qubes OS you can also create Whonix
DisposableVMs the same a with Fedora and Debian.

>
> qubes uses xen, which has a smaller attack surface and much better track
> record for vm escape vulns.

And Whonix can also be run in Qubes. I don't think the two can
reasonably be compared. Without Virtual machines (Whonix, Debian, Fedora
etc.) running in Qubes, the OS (Qubes) would be non-usable.

To start learning about Qubes and Whonix, this would be a good start.

https://www.qubes-os.org/intro/
https://www.whonix.org/wiki/Main_Page
https://www.whonix.org/wiki/Comparison_with_Others
https://www.whonix.org/wiki/About
https://www.whonix.org/wiki/Comparison_of_different_Whonix_variants
https://www.whonix.org/wiki/Features

>if you cant use that, make sure you keep up to
> date on virtualbox. if you dont like virtualbox, you might be able to
> import whonix to libvirt / kvm.
> https://www.redhat.com/en/blog/importing-vms-kvm-virt-v2v

KVM should be prefered over VirtualBox.

https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F

> you will be fingerprinted as a whonix, and possibly virtualbox / kvm user.
>

Whonix protects against fingerprinting. But this is not a really a
comparision that can be made with Qubes.

https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection

> On Friday, August 30, 2019 at 9:17:48 AM UTC-7, O K wrote:
>>
>> Ok but for my purpose of being online and wanting my traffic and hardware
>> info isolated (and that's all I'm worried about - mainly anything that can
>> identify me personally), in your opinion do you think Qubes will provide me
>> with significant advantages for my particular needs vs. Whonix? Thanks.

Run Whonix *in* Qubes OS. Thats your best bet for sure.

Regards

0brand

--
GPG Public Key: 0xCFDBC23923C0433B
Fingerprint: B67C 6FE6 4BAE 05CD 05ED 775D CFDB C239 23C0 433B

Patrick Schleizer

unread,
Sep 6, 2019, 5:03:52 AM9/6/19
to qubes...@googlegroups.com
pixel fairy:

> qubes uses xen, which has a smaller attack surface and much better track
> record for vm escape vulns. if you cant use that, make sure you keep up to
> date on virtualbox. if you dont like virtualbox, you might be able to
> import whonix to libvirt / kvm.
> https://www.redhat.com/en/blog/importing-vms-kvm-virt-v2v


https://www.whonix.org/wiki/KVM
Reply all
Reply to author
Forward
0 new messages