Forgive me if this question is not in the correct thread
What are the specific differences between Whonix Workstation and a clean Debian image? I’m aware that the Workstation’s networking settings are set to route its traffic through the Gateway, but other than that what is the incentive to use the Workstation over a Debian VM with its network settings configured to use the Gateway?
To add to the discussion, frytoli, the Workstation is running only an internal network connected to the Gateway. It has no way of knowing what the identity (IP) of the host is. this is because all of its traffic is handled by the Tor process running on the gateway.
Also, Both Gateway and Workstation are firewalled with iptables and cut off from any non-Tor access. The Workstation firewall works to redirect traffic to the applicable ports on the Gate. Each program that is installed on the Workstation has its own SocksPort. This means that it has its own, isolated stream in Tor that is separate from all other programs. On a regular Buster install, you would have to do this yourself. Not only would you have to configure each application to communicate with the Gateway, also you would need to write your firewall rules.
The Tor Browser running on the Workstation is set so that its own native Tor process does not run. On a regular Tor Browser on Buster, you would need to configure this yourself by altering several about:config preferences and ENV values on your machine. Also you would need to point the Tor Browser to the correct socket on the gateway.
We cannot forget about time synchronization either. On regular Buster, you would be responsible for making sure you cannot be easily fingerprinted by the behavior of your system time. You would have to set the timezone to UTC and configure sdwdate to communicate with Tor running on the Gateway.
Package management is handled by the Apt package manager, which is the same on Debian Buster, but you would have to make sure to have apt-transport-tor and apt-transport-https installed and working on your machine. Also, you would need to import Whonix’s signing key and point your repositories to connect through Tor only. This can be done all manually or you could use a program called “uwt” that the Workstation uses to wrap certain applications (ssh, apt-get, gpg, and more) with torsocks so that they only connect through Tor.
Uwt is a nice program, and I can tell you from my own experience that it integrates well into Buster, but that’s your responsibility to make sure everything is set up.
The Workstation has many kernel-hardened features built into it as well. On a Buster install, this would be up to you. There are certain values that become part of your newly created /etc/sysctl.conf.d/harden.conf and there are also root system settings and account/pam permissions that you need to be mindful of and configure also.
When you make these type of mods to a stock system, you will end up with a lot of extra “stuff” that you no longer need. What do I mean by this? Well, I mean such things as systemd services that are no longer relevant for example. These will need to be found, disabled and possibly masked so they do not interfere with your system in any way. Try sudo systemctl list-unit-files to get a list of the systemd services on your system.
You will need to remove potentially harmful packages as well. Things like avahi-daemon, bluetooth modules-- “bluez,” and dhcp servers, for example. Install Synaptic and go through your “Installed” list of packages one by one…
You have to examine your Grub configuration with regard to certain boot parameters to lock down memory allocation (slub alignment and debug for example), memory page table isolation, handling of free-ram by “poisoning,” among others…I can say from my own experience that the kernel parameters and grub boot parameters will require you to do some homework to make sure they integrate with your system. Some tweaks and adjustments will be needed.
There are many more characteristics that make the Whonix Workstation different from a fresh Debian Buster install, but these ones are some of the major ones you need to configure. You are encouraged to browse the Whonix Github pages to see a comprehensive list.