Whonix answers

Hi guys
I have windows on my computer and I have so many virus
I know that virus can compromise the anonimity
So my question is this: Altought I have the pc with virus, if I run Whonix in a Vm, can I be safe or not?
Thank u

No.

ahhah, thank u Patrik for the short answer…short ut really true
I just would to know things…
If Whonix is said to be an isolating way to connect on internet that has no link with the phisical machine (the pc), then why if I have many virus or rat on it,my anonimity will be compromised?
Just can u explaine me?
Thank u

Because the host controls everything that runs on the host including the virtualizer. Now when the host is not trusted, we should assume the host also tampered with the virtualizer. And when the virtualizer is not to be trusted, there is nothing Whonix can do within that virtualizer.

Yes, but the guest is isolated by the hos…it is like another conntection i think, because I have red that NO connection running in the Work station can go out of the workstation…so I assume that a virus on the host can not interfere with the workstation virtual machine…otherwise it doesn’t make any sense, the 2 VMs, the Gateway, and all the rest… it should be an ISOLETED sistem that does not interferes with the phisical host… but I am not sayng you are wrong, I am just telling my point of wiew, of how should be the thing, to be really safe…
Let’s assume for example that I download a program in the VM Workstation (not in the host) , and this program is a RAT… what happens to my anonimity?
Thank u for the answers

Conceptually impossible. Higher levels always beat lower levels. The analogy of a weak fundamental applies here.

A virus on the host can in theory replace the whole virtualizer. Rewrite any parts of it. Then you’re not running the virtualizer, but the modified virtualizer.

Viruses is a misleading term. They don’t compare to biological viruses at all. A text editor, a virtualizer, an operating system, also a virus, it’s all just “programs”. It’s all just code running on hardware. From that flows, that hardware has the most power. During run it modify code in RAM. Then different code gets executed. And software has no way to prevent this. A virtualizer is a sandbox made of software. Perhaps visualize such as sandbox as a cage. As long as the cage is stable, software inside the cage cannot do anything outside the cage. But the key to the cage is laying around and cannot be effectively hidden.

A virus on the host on the other hand runs on the same level as the cage. Therefore can modify the cage.

Sure, it would be nice if VMs could be made secure even if the host is infected by a virus, but that’s conceptually impossible. The best concept I am aware of to cope up with that sad reality is something like Qubes. Keeping the host minimal and robust. And then doing various within different VMs that still somehow safely can interact.

For your last question also see:

Yes,ok, I understand.
But I’d like to know what would happen if i had a keylogger, a virus or a RAT in the Workstation Virtual machine.
Not on the host or Gatwey workstation vm.
I would be still anonimous, or not?
This is my question, just this
Thank u

Anonymity could be reduced to pseudonymity. (See Tips on Remaining Anonymous. for word definitions.)

A keylogger could log what’s happening in the workstation.

A trojan horse could do that + see everything you can do in the workstation + can do everything you could do in the workstation.

Depending on adversary skills, an attempt to break out of the workstation could be done.

Ah, ok.
Yes of coursea keylogger could see everything I write, but only on the Workstation, not in the Host machine, isn’t it?
It could not see my Ip,
or could it ?
Could it bypass the Virtual machine in same way?

Because in this Avast forum I found this:

‘’‘can a virus in an MS Virtual PC machine infect the host PC?’‘’’

‘‘If the virtual PC is connected by the (virtual) network with the host PC then it probably can infect it.’’

‘‘Can you ping your host from the virtual system? Can you connect to network shares of your host from the virtual system? If yes, then everything is similar to the situation where there would be two computers on the network, one infected and one yours - if your host system is not patched and not running firewall/antivirus and your virtual PC is running suitable virus, then YES you can be infected IMHO.’’

It’s Avast Forum : can a virus in an MS Virtual PC machine infect the host PC?

Can you explain me Patrick, i’ m very confused, I don’t know if it’s really possible or not…

because everyone of us can take a virus from the network (even if in Linux it’s hard) or can be ‘‘ratted’’ (remot tools installation) from someone… so in these cases, what happens?

So if an adversary has good skills, he could do it?
Could he bypass the Whonix Workstation, for example with a Rat?
In witch way?
And how it could be prevented?
Maybe on the network configurations between Host and virtual machine?

I don’t know… I only knew that no connection could go out from workstation Virtual Machine, like is written in Whonix… but you are telling me that an adversary with good skill, could do it …so I am a little confused…

For the keylogger question I know that a keylogger could read everything I write, But I am talking about only for connection, about the IP.

Yes of coursea keylogger could see everything I write, but only on the Workstation, not in the Host machine, isn't it?
Yes.
It could not see my Ip, or could it ?
Only when the adversary found a way to exploit the virtualizer.
because everyone of us can take a virus from the network (even if in Linux it's hard) or can be ''ratted'' (remot tools installation) from someone... so in these cases, what happens?
The avast thing: Yes, if workstation is infected, it can try to attack Whonix-Gateway through the network connection. There is no way to prevent that.
So if an adversary has good skills, he could do it?
Yes.
Could he bypass the Whonix Workstation, for example with a Rat?
I prefer calling those torjan horses, that is the usual term.
In witch way?
1) Exploit a vulerablity the virtualizer and break out to the host. 2) Use network, exploit a vulnerability in the gateway ('s linux kernel network...).
And how it could be prevented?
You can only make it more difficult. That's what https://www.whonix.org/wiki/Security_Guide is about.
but you are telling me that an adversary with good skill, could do it ..so I am a little confused...
If you're wondering if there is perfect security, the answer is clearly no.

Thanks for all, Patrick.

Just the last questions:

  1. Must I update everyday my Warkstation and Gatwey, and how?

  2. How must I set the internet network (NAT,bridge, etc…) with the host,and mustI condivide the periferics with the hosts (mouse, sata, etc etc…) or not?

  3. How an adversary could exploit my virtual machine, in your opinion

Ah ok I rednow how update my workstation,sorry

I should do it very day?

  1. Yes.

  2. Don’t change.

  3. Two examples. ISP level adversary could try to exploit Tor.; Website could exploit a browser vulnerability. Same as any operating system.

Thanks.

1 ) So configuring both Whonix virtual Machine, I have to set ‘‘NAT’’ in the internet configuration with the host ? Or ‘‘Bridge’’ ?

2 ) And Just another question: If I make 2 partitions, and I have a virus in an OS2 of this partition, can it compromise the anonimity, even if I am running another partition?
For example if I have a virus on Kali Linux on my first partition (not virtual machine) and I run
Fedora on a different partition, can that virus (on kali) run as well?

  1. Don’t change default settings.

  2. Yes.