[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs



On 2015-04-14 1:05 pm, Apple Apple wrote:
I'm not too familiar with Whonix. May I ask what it does exactly to protect the system from a malicious actor with root level access to the "gateway"
machine?


Dave's response addresses this. The point is not to absolutely isolate the Whonix-Gateway where the Tor process is. Although, the Whonix-Gateway does force its own connections through Tor, but not secure against root-privileged malware.

Rather, the point is for your user machine (Whonix-Workstation) to be securely isolated from reaching the clearnet, getting your real IP or MAC address, etc.

You don't want the Tor process to be in the same security domain as the user applications, since something malicious or misbehaving can simply bypass it in one shot. Tails puts them both in the same general security domain, so Tor protection can be bypassed and then it is game over.


Additionally is there any analysis or guidance on the safe hardware and
software configuration of virtual machines from the Whonix project?

As you may be aware, virtual machines are not a security product in and of
themselves and they are certainly not magic.


The reality of this is somewhat different with Qubes.

This is why I launched the Qubes + Whonix project last year.

The security strength of Qubes VM isolation goes meaningfully beyond typical VMs.

More info:  https://www.whonix.org/wiki/Qubes



Do you suppose that it may be the case that malicious software has a harder
time gaining root privileges on Tails than breaking out of a badly
configured virtual machine?


I believe it is probably generally harder to break out of a virtual machine than root a Linux distro, like Tails, because hypervisors have a more limited attack surface compared to a full monolithic OS.

If you use Qubes, then it is infinitely harder to root the host system.


Do not forget that hypervisor software has bugs too and generally has
unrestricted access to the host machine.


Right. But hypervisors are more minimal than a full bloated monolithic Linux OS with hundreds of millions of lines of code, so naturally less general attack surface exists to exploit.

For a usable system, Qubes currently goes the furthest with secure host isolation.

I'm also working to push even further towards building even stronger security + anonymity systems in the future.


May I also ask if Whonix addresses the other key feature of Tails which is ensuring that there will be no forensic evidence left behind after usage?


Not at this time.

However, with disk encryption, deleting VMs after usage, and overwriting disk space, this same anti-forensics effect can be accomplished with Whonix.


WhonixQubes
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk