Whonix Host Operating System, Announcing Sponsorship by OTF

[html]

A Whonix Host Operating System has been a long standing TODO item that hasn’t made much progress over the years. Providing more usable user interface than VirtualBox, the ability to easily fire up additional VMs, to open potentially dangerous files in a disposable VM, easier file transfer in and out VMs, backups, host firewall and so forth. Not to mention hardware driver support Whonix would have to offer. While the Whonix project has insufficient funding as well as contributor manpower to realize any of that anytime soon, fortunately there is the Qubes OS Project. A Xen / Linux based distribution that focuses heavily on security compartmentalization. That means, for example, network devices are running in their own virtual machine. Any vulnerability in the network stack or card would be contained in that virtual machine. Firewall runs in another virtual machine. So does an untrusted browser. Everything can be compartmentalized into domains. An exploit inside an untrusted domain is contained and cannot compromise a private or work domain as long as the adversary cannot compromise Xen as well. Fortunately, Xen has a smaller attack surface than Linux. You can read more about Qubes architecture on the Qubes website. Furthermore Qubes implemented all of that while providing user interface with good usability.

Over the last few months Qubes-Whonix, a port of Whonix to Qubes has been developed. There has been a lot interest in this. And there is more to do.

After the release of Whonix 11, which is a port from Debian wheezy, sysvinit based Whonix to Debian jessie, systemd based Whonix [and more], my personal focus will shift more and more towards development of Qubes-Whonix.

This work will be supported by the Open Technology Fund. You can learn more about the history of that sponsorship and its details on the Qubes blog.

Work related to Qubes will be under the sponsor-c tag as well as the Qubes tag. More tickets to be added. Stay tuned.

For now, physical isolation (“–target root”) is not planned to be deprecated, because the Qubes-Whonix build process uses something similar to “–target root”. Neither the VirtualBox builds of Whonix are planned to be deprecated. Those are still a good way for new users to get in touch with Whonix and Linux in general.

[/html]