Whonix and host configuration

hey there this is my first post here
i’ve read the documentation and i have some questions

so i plan too use win7 as host and virtual box for whonix
on win7 host i have disabled all networking so deleted all ethernet and wireless drivers and for whonix connection i will use alfa adapter which does not have installed drivers on win7 host
so if there is some exploit in virtualbox and malware does break out somehow it will have no networking in the host so ip and location are still hidden? is this right?

if i want to use win7 or xp machine for whonix workstation and i use torbrowser to blend in with the crowd how can i avoid having tor over tor situation that can be dangerous?

is disabling transport advised if i use the setup as above?

if i run tor buddy script(http://learnnetsec.blogspot.com/2013/06/tor-buddy-live.html) on whonix gateway to change the tunnel more frequent then 10 minutes is it gonna add more anonimity ?

if using pptp vpn to connect workstation to gateway does the ISP still see i am using TOR and can the exit node sniff my packets? i mean is something like https://blog.malwarebytes.org/development/2012/04/anonymizing-traffic-for-your-vm-and-capturing-traffic/ possible with using whonix gateway ofcourse?

That’s an interesting idea. But futile, I think.

If the host has no internet connectivity, how could Whonix-Gateway have? And if the host has none, but somehow Whonix-Gateway, an adversary who broke out to the host could then easily infect Whonix-Gateway as well. I would assume that an adversary in position to break out of VirtualBox has the chance to pull this off as well.

if i want to use win7 or xp machine for whonix workstation and i use torbrowser to blend in with the crowd how can i avoid having tor over tor situation that can be dangerous?

See:

• https://www.whonix.org/wiki/DoNot#Prevent_Tor_over_Tor_scenarios.
• https://www.whonix.org/wiki/Other_Operating_Systems#cite_note-tb-10
• https://www.whonix.org/wiki/Other_Operating_Systems#Missing_Documentation

is disabling transport advised if i use the setup as above?

It's unrelated.

See also:

if i run tor buddy script(http://learnnetsec.blogspot.com/2013/06/tor-buddy-live.html) on whonix gateway to change the tunnel more frequent then 10 minutes is it gonna add more anonimity ?

No, because then you're the one who changes more frequently than vast majority of others and you don't want to stand out.

if using pptp vpn to connect workstation to gateway does the ISP still see i am using TOR and can the exit node sniff my packets?

Both, yes.

There are very few use cases where it makes sense to run a VPN server on the same machine as the client. For what you have in mind here, it certainly won’t help.

i mean is something like https://blog.malwarebytes.org/development/2012/04/anonymizing-traffic-for-your-vm-and-capturing-traffic/ possible with using whonix gateway ofcourse?

Possibly useful VPN / tunnel scenarios are documented here: https://www.whonix.org/wiki/Features#VPN_.2F_Tunnel_support

i got it to work
there is no networking on the host and all the drivers for cards are deleted
whonix gateway has the connection with alfa wireless adapter
im just not sure now how does the connection go through the interfaces on the gateway
whats the configuration
i have eth0 eth1 lo and wlan0
is everything gonna go through tor over wlan0 without any leaks?

Should be no leaks. Quickly checked https://github.com/Whonix/whonix-gw-firewall/blob/master/usr/bin/whonix_firewall.

Not that it matters, much, but might make sense to add

EXT_IF="wlan0"

to

/etc/whonix_firewall.d/50_user

(To find out “how much”, see https://github.com/Whonix/whonix-gw-firewall/blob/master/usr/bin/whonix_firewall and search for “EXT_IF”.)

See also:

Generally, the argument against using WiFi is, that any adversary that has compromised the host (which means has also access to Whonix-Gateway) can use the WiFi to jump onto any other WiFi network.

I still don’t get what it buys you. There is still a way to connect to clearnet - how else could Whonix-Gateway possibly connect. An adversary who possess skills to break out the host can also easily break into Whonix-Gateway from there and then reconfigure Whonix-Gateway to connect to any cleanet targets the adversary wishes.

so the best bet with custom workstations to prevent tor over tor is to leave at default tor settings that will be forwarded from the workstation to gateway
did i get it right??

No. Using default TBB in a Whonix-Custom-Workstation behind a Whonix-Gateway will lead to Tor over Tor.