1)In the Whonix anon-guide to have an anon OS at chapter 4 there’s the “Malware Mitigation” where we change the vms to immutable etc…
the point is: if we change those to immutable, then the entryguards set in the tor files are gonna change after those 2-3 months? what’s gonna happen?
cuz since the system is immutable the files will persist the same, and thus how are the guards gonna change if the do not change any file anywhere? (perhaps tor should be stored in the storage so it can change?)
Cuz if there’s a problem in changing Guards due to the fact of immutability of the VMs then there’s a hell of a big problem!!!
2)In the guide it’s not really written if after the chapter 4 - Malware mitigation, and the whole process etc… once it’s complete shall we still start the normal Whonix Gateway and Whonix Workstation right? I’m sure at 99,5% but since it isn’t specified in the guide, I better ask to avoid some potential problems.
3)If I want to spoof my mac address, should I do it in the Debian Host OS or in the Whonix-Gateway?
If i want to install a VPN (like with GUI and not from terminal etc) should I install it on Debian Host OS or in the Whonix-Gateway?
This last question i’m almost sure it’s already been answered, and there are explanations in the Whonix Docs page, so don’t really bother answering this particular question (quesiton #4) if you don’t feel it.
Can someone send me a link or just explain to me the difference between Debian-Whonix and Qubes-Whonix ? I searched but with my poor skills didn’t find anything.
Immutability just makes malware non-persistent and so it cleans the VM to a known good state. This can be controlled in a fine-grained way using snapshots. So simply snapshot your workstation and roll it back while not doing the same for your gateway to enable guard persistence. Its important to note that this doesn’t protect against malware exploiting bugs in the software running inside the VM so if you visit the infected site, you will end up reinfecting again.
Yes Patrick I was talking about that guide, Should I ask tempest to answer the first two questions? Cuz they are 99% oriented to that guide in particular… @tempest ??
ideally you update the virtual machines every time new debian updates are available. after each time an update is installed, it is instructed that a new vm snapshot is created. updates come fairly regularly. while, yes, there is a risk that you will change entry guards upon expiration each time you boot up the vm, as soon as a new update is available and installed, and you create a new snapshot, you will have a new regular guard again.
to put it in perspective, tails currently does not implement guard nodes. issue with the “live os” aspect. while a guard node is said to have security merits, not having one is not considered so dangerous as to disuade people from using tails. for the method in the guide you used, if you create new snapshots after you’ve installed updates (without doing anything else in the virtual machines), you run the risk of not having a regular guard node for a short period of time if you use the immutable method. if your guard node has expired, as soon as you install a new update and create a snapshot, the guard node selected at that time will become your new guard node going forward.