What about malware? I know whonix can protect my IP from leaking, but what about malware getting on the host and taking snapshots? Does whonix help with this?
Could you be more specific. Do you mean:
Malware from Whonix Workstation breaking out and infecting your host.
Your host getting infected with malware and then compromising Whonix
Malware from Whonix Workstation breaking out and infecting your host. I guess I was mainly wondering with the way the workstation and gateway are setup, how likely is it to infect the host. I know it’s possible, but it seems like it would be difficult to do, no?
Ultimately, this is up to the hypervisor (KVM, Xen, Virtualbox) to prevent. But we can implement defense-in-depth to mitigate chances of malware ever getting a chance to hack away at the hypervisor.
How secure is the hypervisor?
All hypervisors have had privilege escalation exploits. (Search: hypervisor-name CVE list). While researchers have been able to craft proof-of-concept malware, to my knowledge, such malware has never been found in the wild. That doesn’t mean they don’t exist - they may be undetected or carefully targeted. This is one of the ways that Whonix contributes to your security - by protecting your privacy. If your adversaries don’t know who you are or where you are, then it becomes more difficult for them to target you specifically with custom malware. If they have to rely on generic mass malware, then there’s a greater chance that it won’t work on your system or that they’ll be discovered by other users.
How to secure guest VMs