This applies to Non-Qubes-Whonix only.
To me the real added value of Whonix-Host is that it affords the possibility of booting a live system with pre-configured Whonix-VM on a single iso file. I think it’s an important improvement.
Whonix-Host installer is more a cool option at the moment, and yes it needs thinking about what exact features we want besides what we already have.
I don’t have definitive thoughts on the matter at the moment though.
Anti-forensic live ISO with preconfigured WS/GW sounds fantastic. Maybe its possible with a ‘tails-like’ release model so there is no need for any host traffic e.g. updates. It would be a much safer approach as tails because of all the exploit mitigation/security hardening implemented in whonix already. The biggest concern of Tails is little to no hardening so one 0day can mess up the iptables, exploits were sold years ago at zerodium especially for the tails TB, who knows whats going on there in the background.
So if we have an (encrypted) read-only medium its anti-forensic, it fends malware at every restart, its much more hardened than other approaches for running instances and its much more flexible in terms of custom networking stacks.
torY3 via Whonix Forum:
Maybe its possible with a ‘tails-like’ release model so there is no need for any host traffic e.g. updates.
Whonix Image Quick Refresh ⚓ T974 Whonix Images Quick Rebuild
Like I said here: http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/should-whonix-host-be-fully-torified-by-default/7404/23?u=59mpci2gj5xlhhy
The ability to run clearnet Kicksecure VMs as well (torified apt & sdwdate of course)
I think it of it like a ‘Qubes-Lite’ because Qubes is very resource intensive and requires beefy hardware, and is incompatible with a lot of hardware, whereas Whonix-Host would function on most things quite well. Using Debian with KVM is much easier for compartmentalization than Qubes, perhaps a feature to compliment this would be a way to transfer files between VMs without exposing them to the host.
A un-networked kicksecure VM would be an easy way to have a ‘vault vm’ as well, or as a disposable vm for viewing untrusted files in live mode.