This applies to Non-Qubes-Whonix only.
To me the real added value of Whonix-Host is that it affords the possibility of booting a live system with pre-configured Whonix-VM on a single iso file. I think it’s an important improvement.
Whonix-Host installer is more a cool option at the moment, and yes it needs thinking about what exact features we want besides what we already have.
I don’t have definitive thoughts on the matter at the moment though.
Anti-forensic live ISO with preconfigured WS/GW sounds fantastic. Maybe its possible with a ‘tails-like’ release model so there is no need for any host traffic e.g. updates. It would be a much safer approach as tails because of all the exploit mitigation/security hardening implemented in whonix already. The biggest concern of Tails is little to no hardening so one 0day can mess up the iptables, exploits were sold years ago at zerodium especially for the tails TB, who knows whats going on there in the background.
So if we have an (encrypted) read-only medium its anti-forensic, it fends malware at every restart, its much more hardened than other approaches for running instances and its much more flexible in terms of custom networking stacks.
torY3 via Whonix Forum:
Maybe its possible with a ‘tails-like’ release model so there is no need for any host traffic e.g. updates.
Whonix Image Quick Refresh https://phabricator.whonix.org/T974