Whonix is a Linux distribution designed to provide guaranteed anonymity, security and protection of private information. The distribution is based on Debian and uses Tor to ensure anonymity.
A special feature of Whonix is the division of the distribution kit into two components installed separately: Whonix-Gateway with the implementation of a network gateway for anonymous communications and Whonix-Workstation with a desktop computer.
The network is accessed from the Whonix-Workstation environment only through the Whonix Gateway, which isolates the work environment from direct interaction with the outside world and allows only fictitious network addresses to be used.
This approach protects the user from leaking a real IP address in the event of a web browser hack and even when exploiting a vulnerability that gives the attacker root access to the system.
In the event that Whonix-Workstation becomes compromised, it will only allow an attacker to obtain only dummy network settings, since the actual IP and DNS settings are hidden outside the network gateway which only sends traffic through Tor.
It should be noted that Whonix components are designed to run as guest systemss, that is, the possibility of exploiting critical 0-day vulnerabilities in virtualization platforms that can provide access to the host system is not excluded.
Therefore, it is not recommended to run the Whonix-Workstation on the same computer as the Whonix-Gateway.
Whonix Workstation provides a default Xfce environment for users. The delivery includes programs like VLC, Tor Browser (Firefox), Thunderbird + TorBirdy, Pidgin, etc.
In the Whonix-Gateway delivery, you can find a set of server applications, including Apache httpd, ngnix and IRC servers, which can be used to organize the work of Tor hidden services.
It is possible to pass over Tor tunnels for Freenet, i2p, JonDonym, SSH and VPN. If desired, the user can manage only Whonix-Gateway and connect through it to their usual systems, including Windows, which makes it possible to provide anonymous exit for workstations that are already in use.
What's new in Whonix 15?
After about a year of development, the Whonix version 15, in which this version is based on Debian 10 (buster) and instead of KDE, the Xfce desktop is enabled by default.
For systemd the developers have included the default settings for the sandbox isolation units (PrivateTmp = true and PrivateHome = true) as well as improved entropy collection for a pseudo-random number generator (jitterentropy-rngd package installed).
As well implemented additional protection against Specter, Meltdown and L1 Terminal Fault attacks, with this in the implementation of support for working in live mode with the placement of data in RAM and not on disk.
There are two boot modes grub-live and ro-mode-init (automatically activate live mode if unit is read-only).
Images for virtualization systems were also reduced in size (optimized using zerofree). The Whonix-Gateway image is down from 1.7 to 1.1 GB, and the Whonix-Workstation from 2 to 1.3 GB.
For VirtualBox users, the CLI build was prepared without a graphical interface. The Whonix-Gateway and Whonix-Workstation components are unified in the form of a single ova image.
De The other improvements highlighted by the developers in this new version are:
- Simplified Component Installation for Qubes
- Whonix KVM adds console support via serial port
- ARM64 and Raspberry Pi support
- The core framework includes zulucrypt, qtox, onionshare, keepassxc, and firejail applications. Layers added for scurlget, curlget, pwchange, upgrade-nonroot, apt-get-non-active, and apt-get-update-plus.
- Added support for the Bisq P2P network.
The image of CLI guest system is 1.1 GB and Xfce desktop is 1.3 GB.