Whonix Quick-Start Guide v lw0.1
- Introduction (Why are we here?)
Whonix is a free desktop operating system (OS) that is specifically designed for advanced security, privacy and anonymity. It is Free Software, based on Tor, Debian GNU/Linux, and the principal of security by isolation. As such, many of its security benefits come from running within virtual machines on a host operating system.
This Quick-Start Guide describes how to use Whonix on a Windows host system, however, it is important to understand that using Windows as the host OS negates most (if not all) of whonix’ security / privacy benefits.  Nevertheless, Whonix can be run on a Windows host and people have their reasons for doing this. Whether you simply don’t believe the warnings about Windows security issues, or you have no choice but to use a Windows sytem and need to secure it as much as possible, this guide is here to help you do just that.
Before getting started, if you are new to Whonix and have not already, read the About , Warning  and Do Not  pages to make sure that Whonix is the right tool for you and you understand well its limitations.
- Prep host hardware and OS
First, in keeping with the principle of security by isolation, if at all possible, you should use a system that you won’t be using for any other purpose. This is so that you won’t be loading and running any other software (each with their own possible security issues), and also to minimize the exposure to malware and accidentally giving away your identity. Also, using a completely separate machine for Whonix makes it easier to implement security measures over the whole machine and reduces the risk of overlooking some small piece of vital data.
Along the same lines, remember that if you purchased the hardware with a check or credit/debit card, and/or if you got a “rebate” on the purchase, the serial number of the machine linked to your payment information was recorded and might have been sold, stolen, or otherwise distributed. The same may be true if you ever took it in for repair, upgrade or virus removal, etc.
Before you install Whonix on your Windows system, you should clean up your Windows installation as much as possible. First, you should back up any and all data that is important to you.  If you’ve had your system for a long time, you might want to completely wipe out your primary partition and reload windows from scratch, preferrably with Full Disk Encryption . If you do this, you will probably want to go in after the reload and configure Windows to be as secure as possible, especially with regard to Windows updates, etc.
If you do not opt to reload Windows, at least do everything possible to ensure that you have a malware-free system.  Uninstall every piece of software that is not absolutely required. Run a file system (hard drive) cleaner to remove (and securely wipe) any temporary and non-essential files. Then run the same “cleaner” software to securely wipe your hard drive free space. (Of course, as mentioned earlier, back up any data that you can’t afford to lose.) Run a registry cleaner. After all of this, run a full scan of anti-rootkit software, anti-malware software, and anti-virus software.
Be very careful in the initial setup/activation of Windows, that you do not enter your name, email address, or any other personal information.  (And don’t think you’re safe because you used a hotmail or gmail or other address where you signed up with a pseudonym.)
And finally, do any Whonix specific pre-install configuration, such as configure and run Windows firewall or install and configure a third-party firewall.  Also disable TCP Timestamps.  Disable or secure your microphone and webcam as well.  Replace any wireless input devices (keyboard, mouse, etc.) with hard-wired equivalents as well.  And make sure that you have at least 8GB of free disk space.
Download, verify and install Whonix
a) Download the installer. (Whonix-Installer for Windows)
b) Verify the installer.
It is important to always check the integrity of software files
downloaded from the internet, to ensure that the files are exactly as
the developer intended and were not corrupted in any way. If the
verification fails, Do Not Continue with this/these file(s). Delete
the file(s) immediately, then re-download and verify the newly
The Whonix-Installer has been cryptographically signed using OpenPGP
 by the creator of the Whonix-Installer, Ego. 
If you know how to use an OpenPGP key, download the signing key 
and the Signature  straight away. Otherwise, follow these
instructions: (Verify the Installer).
c) Install Whonix.
Execute the verified Whonix-Installer.exe and follow its instructions.
Please be careful to read the instructions in their entirety and make
sure you understand everything. 
Please note: Due to the size of Whonix and the accompanying files,
this may take up to half an hour.
d) Start using Whonix
You may now enjoy Whonix and all its features, either via Whonix.exe
or Whonix for Windows, which you should find on your desktop or
Install additional software
Whonix is made up of 3 main components, and when we’re talking of installing additional software, it’s important to make the distinction clear:
The host Operating System (OS) (The only host Operating System discussed in this document is MS Windows.) is the OS that hosts the virtual machines that make up the Whonix system. The host OS is not part of Whonix, and any additional software that runs on the host operating system will get no security, privacy, or anonymity benefit from Whonix running on the same machine at the same time.
The Whonix-Gateway runs in a virtual machine and only runs Tor, directing all internet traffic through Tor. Once Whonix is installed and configured, there should be no reason to modify anything on the gateway virtual machine.
The Whonix-Workstation virtual machine is where you reap all of the privacy/anonymity benefits of Whonix. Whonix comes with applications for various tasks, pre-installed by default. (See the Software  page for a list of these applications, software recommendation, safety advice, and installation instructions.) If you need to install additional software, the Whonix-Workstation virtual machine is where it must be installed. Also, note that the operating system of the Whonix-Workstation is Debian GNU/Linux, so the only software that can be installed in the Whonix-Workstation must be able to run on the Debian GNU/Linux OS.
Having said that, the pieces start to fall into place and Windows users with no experience with GNU/Linux begin to realize that they can’t use their Windows-only software on a Whonix system. (i.e. The security / privacy / anonymity benefits that Whonix provides cannot be applied to software that only runs on Windows.) About the best you can do with Windows-only software is to run Tor directly on your Windows system and try as much as possible to keep it clean and free of malware. Also, be hyper-vigilant to avoid letting any personal (or personally identifiable) information get onto that machine, and understand that it is simply not possible to completely secure the machine.
- Security tips (Post install advice)
In the Whonix-Gateway and Whonix-Workstation virtual machines:
Network Time Syncing: When you use the pause/suspend/save/resume feature of your virtualizer or the hibernate feature of your host operating system while Whonix-Workstation is running, you should manually run TimeSync (in the Whonix-Workstation virtual machine) afterwards! 
We recommend against using pause/suspend/save/hibernate on the Whonix-Gateway virtual machine because of the difficulty of restoring the clock after resume.
And on the Windows host, check often to make sure the battery is not empty, and configure Windows to get its time from the internet. Avoid using Microsoft’s time servers, instead check out: http://www.pool.ntp.org/
You can further improve security by reading and applying the Security Guide.