i wonder what is the different between Whonix being amnesic with DVD or on amnesic VM in qubes or manually deleting whonix appvm when finished from using and re-adding whonix appvm from whonix template ? here is my theoretical comparison:-
A- if we say that whonix going to be updated with each release on DVD for example whonix 11 or whonix 12 …etc and the gab between each release let say 1 month the advantage of that is , whonix will be on fixed/narrow media which is the DVD but the disadvantage of it , is the gab time (1 or X months) which may contain critical updates.
B- amnesic qubes-whonix VM:- tho it is not yet fixed , but theoretically it may be acting similar to the manual amnesic rather than the DVD one .
C- manually amnesic qubes-whonix:- since whonix root in the templates VM and the functionality in the app VM , then if we delete the appvm eah time after we r finished from our jobs but with keeping the template forever or for longer time to long time reinstalling. it will give us:-
advantage on fixation the gab updates which is lacked feature in the DVD side. disadvantage of it will be higher surface of attack than the DVD one. because we should make sure that there is no successful hardware malicious attack on qubes VM, or parallel malicious vulnerability attack VM to VM or qubes itself compromised (dom0 bye).
so from technical/security point view i wonder which one is useful to recommend ? having updating gabs with narrow surface attack or having continuous updates with larger surface attack ?