Instead of running inside an OS, Type 1 hypervisors run directly on the “bare metal” of the hardware. If the host OS is ever compromised, then any VMs it hosts are also effectively compromised.īy contrast, Qubes uses a “Type 1” or “bare metal” hypervisor called Xen. However, the fact that Type 2 hypervisors run under the host OS means that they’re really only as secure as the host OS itself.
(The hypervisor is the software, firmware, or hardware that creates and runs virtual machines.) These programs are popular because they’re designed primarily to be easy to use and run under popular OSes like Windows (which is called the host OS, since it “hosts” the VMs). These are known as “Type 2” or “hosted” hypervisors. You may have used or heard of VMs in relation to software like VirtualBox or VMware Workstation. Not all virtual machine software is equal when it comes to security.
Best possible Protocol-Leak-Protection and Fingerprinting-Protection.Do not install Qubes inside a virtual machine - Qubes uses its own bare-metal hypervisor (Xen). Loads of Optional Configurations (additional features / Add-Ons) available. Everything possible, as first chain or last chain, or both. It is possible to use Whonix setup in conjunction with VPNs, ssh and other proxies. That means that for example an exploit in the browser can’t affect the integrity of the Tor process. Tor+Vidalia and Tor Browser are not running inside the same machine. Whonix does even protect against root exploits (Malware with root rights) on the Workstation. Java / JavaScript / flash / Browser Plugins / misconfigured applications cannot leak your real external IP. Tor requires persistent storage to save it’s Entry Guards. Advantage over Live CD’s: Tor’s data directory is still available after reboot, due to persistent storage. 
Protection against side channel attacks, no IP or DNS leaks possible^3^ To test for leaks, see LeakTests. Safe hosting of Hidden services possible. Installation of any software package possible. 
All applications, including those, which do not support proxy settings, will automatically be routed through Tor. This setup can be implemented either through virtualization and/or Physical Isolation. One machine acts as the client or Whonix-Workstation, the other as a proxy or Whonix-Gateway, which will route all of the Whonix-Workstation’s traffic through Tor. Whonix consists of two machines, which are connected through an isolated network. Not even malware with root rights can find out the user’s real IP/location. By Whonix design, IP and DNS leaks are impossible. Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor.
0 kommentar(er)
