Whonix for VirtualBox

Download Whonix for VirtualBox:

This is a point release.

Major Changes

Numerous software packages updated, improved security, usability and bug fixes.

• Tor Browser updated to version 11.5.4
• Monero updated to version 0.18.1.2
• Qubes-Whonix: Fix connectivity when after suspend/resume. Automatically stop/restart both, Tor and vanguards systemd unit. This is to work around bug in Tor. (sdwdate and sdwdate-gui development thread - #390 by Patrick)
• Continuous Integration: Derivative Maker Automated CI Builder (Thanks to Rob Stringer @Mycobee @Mycobee!)
• Install apparmor-profiles-kicksecure by default. This results in installing the following packages by default:
  • apparmor-profiles
  • apparmor-profiles-extra
  • apparmor-profile-thunderbird
  • apparmor-profile-torbrowser
  • apparmor-profile-hexchat
  • provide package dummy-dependency-apparmor-profiles-kicksecure as an easy opt-out.
• Work towards Change default shell from bash to zsh by default?
  • zsh is now installed by default.
  • Try running zsh for testing, to see how beauty it looks and nice its functionality is. Has command completion, command line parameter suggestion and completion, colorful visuals for better usability, hotkeys and much more. See also this video as a demonstration and to learn what’s possible. Thanks to @nyxnor!
  • zsh is not yet the default shell but probably will be in the next release.
• Protect source code of this project and outreach: Detecting Malicious Unicode in Source Code and Pull Requests
  • grep-find-unicode-wrapper - new helper-script to detect invisible potentially malicious unicode
• Fix, keep grub live boot menu related entries grouped together, instead of having one entry per installed kernel implemented. Thanks to @nurmagoz.
• support hushlogin - less output in terminal emulator
• grub-live: fix dracut support
• sdwdate: remove onion time sources that were down and added replacements ( Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate - #223 by nurmagoz)
• sdwdate-log-viewer: improvements; include output by timesanitycheck
• security-misc improvements - Thanks to Raja Grewal!
  • machine check exception (Kernel Hardening - security-misc - #494 by Patrick)
  • force kernel to panic on “oopses”
  • update details around disabling SMT
  • update SRBDS mitigation
  • CPU mitigation - MMIO Stale Data
  • CPU mitigation - L1D FLushing
  • CPU mitigation - SRBDS
  • enforce default net.ipv6.icmp_ignore_bogus_error_responses
  • improved kernel module disabling usability
  • enable randomize_kstack_offset
  • disable slub_debug
  • enforce defualt net.ipv4.ip_forward
  • enforce default net.ipv4.icmp_ignore_bogus_error_responses
  • enforce default kernel.randomize_va_space
  • More verbose kernel module blocking error logs
  • Incorporated Ubuntu’s kernel module blacklists
  • Blacklist more kernel modules
  • hide-hardware-info selinux compatibility (Thanks to Krish-sysadmin!)
• fix can't type Japanese only in Tor Browser. - #5 by vvoovv
• tb-updater:
  • added update-torbrowser --only-if-newer (Thanks to @iry!)
  • added update-torbrowser --reset (hard reset)
  • improve Tor Browser ARM64 connectivity check
• tb-starter:
  • inform user that torbrowser won't start - #5 by nyxnor when the user enabled tb_no_start optoin
• systemcheck:
  • Tor connectivity test: add output of onion-time-pre-script
  • improve Tor running check error message
• whonix-welcome-page:
  • Add onions as much as possible instead of TLS only Local browser homepage for Tor Browser in Whonix - #106 by Patrick
  • added brave search engine
• whonix-firewall improvements:
  • Thanks to @nyxnor!
  • set all defaults first before parsing config folder how to unset firewall array
  • print ports opened in the firewall.
• onion-grater bitcoind profile enhancements - Bitcoin Core onion-grater profile - #9 by nyxnor (Thanks to @nyxnor!)
• anon-verify
  • fix enumeration of all Tor config drop-in snippets for new %include /etc/torrc.d/*.conf syntax
  • improved output
• anon-apps-config:
  • Improved Thunderbird configuration. (Thanks to @HulaHoop!)

Upgrade

Alternatively, in-place release upgrade is possible upgrade using Whonix repository.

This release would not have been possible without the numerous supporters of Whonix!

Please Donate!

Please Contribute!

Changelog

Full difference of all changes

Comparing 16.0.5.3-developers-only...16.0.8.2-developers-only · Whonix/derivative-maker · GitHub

holy shit look at all that work

nice release but is apparmor installed by default are also enforced by default?

Answered here:

https://www.kicksecure.com/wiki/AppArmor#View_Installed_AppArmor_Profiles

(Whonix is based on Kicksecure.)