I understand Qubes + Whonix is still ‘In Development’ and may present bugs in the future.
At this stage of development, would it be considered stable enough for tech-literate end-users to install?
Or would you recommend continuing to use VirtualBox + Whonix?
If viable, would you recommend Qubes 2 + Whonix 9 or Qubes 3 + Whonix 10?
Can physical isolation be combined with Qubes + Whonix presently?
Host1: Qubes + Whonix Gateway; Host2: Qubes + Whonix Workstation
If yes, does any documentation exist?
Your work is much appreciated.
I don’t really know. The virtualizer argument could be extended ad infinitum.
Don’t use Whonix 9.
Can physical isolation be combined with Qubes + Whonix presently?
Host1: Qubes + Whonix Gateway; Host2: Qubes + Whonix Workstation
If yes, does any documentation exist?
No documentation available. TODO: research. Don't hold your breath for it. Contributions welcome.
I’ll rephrase the question: Patrick, since you are now working full-time on developing Qubes + Whonix and are no longer actively developing VirtualBox + Whonix, it seems at some point you will recommend that Whonix users transition away from VirtualBox to Qubes. Has that time arrived yet? Although there may not be a decisive winner in the virtualizer debate, VirtualBox has been the declared winner (whether for non-security related reasons, ie usability) since it has been the default Whonix setup.
Does this mean that the Whonix portion of both solutions are identically stable/secure? In other words, the risk of both systems now resides with the virtualizer only?
edit: Another major motivation for wanting to use Qubes is the secure clipboard and file transfer. So all else equal, I’m looking for permission to make the transition.
With regards to Physical Isolation with Qubes + Whonix: Is it correct to assume that it would be more secure since an attacker would have to compromise (using Rutkowska’s terminology from The Invisible Things Lab's blog: Physical separation vs. Software compartmentalization) 2 sets of Xen net front/back ends + the networking drivers/stack, as opposed to just 1 set of Xen net front/back ends?
Also, should Gateway be installed on hardware per the VirtualBox setup? Or combined with Qubes? It isn’t obvious to me which is more secure.
Good questions. However, there are too many pros- and cons at the moment on both sides. So I don’t have a good answer yet. Most likely with Whonix 12 I will be certain, that I would recommend Qubes over VirtualBox. For now, not sure.
In the long run - IF physical isolation emerges for Qubes - then I think it would be better to run the gateway within a VM. (So a compromised network driver does not result in a full system compromise.)