These two images of Dolphin perfectly illustrate the three most glaring shortcomings of the Whonix Workstation.
The two images may take a bit of time to load from the external host, so relax.
First, let’s look at Dolphin running under Debian Jessie as a KVM Guest:
In this image, we can see that:
-
Dolphin, running under Debian Jessie, displays a clean, unobstructed view of my system and the devices I have mounted. This is also the default, correct, system view Dolphin displays when using Fedora and Gentoo Hardened, among other operating systems.
-
My Debian Jessie KVM Guest has been encrypted with LUKS, protecting both root and swap. Of course, I encrypted Debian Jessie when I installed it.
-
Debian Jessie correctly mounts any USB device I attach to my KVM host. The Gentoo Linux device shown mounted happens to be a USB stick, but Debian Jessie correctly mounts SD cards, USB HDDs, USB sticks, and assorted USB peripherals. Debian Jessie also correctly mounts USB devices when it is run as a Guest under VBox 5.
+++++++++++++++++++++++++++++++
Now, let’s compare Dolphin from within the Whonix Workstation as a KVM Guest:
-
Dolphin’s default display inside the Workstation has been tweaked, and certainly not for the better. IMO, this Workstation system view is a visual, and navigational, disaster. Furthermore, instead of adding value, it detracts from it. Also, note that the ‘Devices’ section is completely missing.
-
The Workstation is not encrypted by default, nor are encryption options offered. In fact, the Gateway and Workstation are the only two unencrypted OSes I have under VBox or KVM. Continuing in this exposed, unencrypted mode is not acceptable. This is a security oriented distribution, correct? Need I say more?
-
With the same USB drive attached to my KVM Host, the Workstation does not recognize it. As far as I know there is no way to mount it, or any other USB device within the Workstation. This USB recognition and mounting failure also occurs when using the Workstation as a VBox Guest. Obviously, given the first image in this post, USB device support is not a Debian Jessie, a KVM, nor a VBox issue. This is clearly a Workstation issue (only), and a represents a HUGE, near-fatal, unacceptable, miss.
All three of these shortcomings can, and should be, fixed. Until these three issues are resolved, I am left to conclude that the Workstation is not a particularly useful, or secure, place to conduct: Work.
CCP
Direct Links:
Upper image URL: http://i61.tinypic.com/whzklj.png
Lower image URL: http://i57.tinypic.com/zjta1e.jpg