So I’m using whonix and if you go to the VirtualBox website you’ll see that the latest VirtualBox release is now VirtualBox 7.1.6 for Linux but I’m still using VirtualBox 7.0.16 so is this ok? I mean this isn’t compromising my security is it? Just curious.
1 Like
No security relevant bugs have been mentioned in the changelog between these versions.
The user is trading one security advantage (installing most software only from Debian repositories) against other security advantages (newer software versions) and disadvantages (trusting another software source). Foreign Sources come with Risks.
In any case, VirtualBox security is less than perfect. See:
Whonix VirtualBox Security
Computer security is less than perfect. See:
Related, because it discusses at length installing newer versions from different sources and its implication:
So uh, in layman’s terms, so I’m not using the latest VirtualBox release so is that ok? So it’s totally ok to use an older VirtualBox? So how long can I keep using VB 7.0.16 before it becomes unsafe?
Nothing in computer security is totally ok. Insecurity is all arround. Perfect solutions don’t exist. The deeper you look the worse the abyss appears.
Don’t worry about these theoretical issues. Let developers be developers. Or become a developer yourself.
But scratching the surface is unproductive.
Your assumption starts with VirtualBox being “safe” (however that is defined) for any version. Arguably VirtualBox is considered unsafe by many no matter what version. This is already stated in the wiki.
With Whonix you’re ahead of the curve and got a solid choice. There isn’t much more you can do expect reading their gigantic wiki.
No user action necessary.
Subject to opinion and cannot be objectively quantified.