I read on the ‘comparison with others’ page that there could exist some vulnerability even in a physically isolated whonix system which would allow malware on the workstation to infect the gateway, revealing the user’s identity. I’m definitely not an expert, so I’m not aware how exactly such a virus would work. Would it involve some kind of network worm, such as Scalper/Sasser? If so, how could I prevent such malware from being communicated, besides the obvious step of using iptables? Additionally, how badly would my anonymity be damaged if my gateway (not the workstation) was infected by something like Scalper/Sasser by say picking it up while on an insecure public network? Would adding a third physically isolated computer in front of the gateway prevent such a worm from infecting the gateway or workstation (as it would infect the third computer instead)? Is this setup what is mentioned on the ‘advanced security guide’ page under “DMZ” (https://www.whonix.org/wiki/Advanced_Security_Guide#DMZ)? Finally, would using an ethernet wired connection between the gateway and the workstation (the recommended option) do anything to prevent the spread of a worm on the Whonix ‘network’, or would it be identical to a wireless WiFi LAN in that respect?
Also, when I asked this question on a different forum, one user stated that a “physically isolated” Whonix system isn’t actually physically isolated, but is only protected by a “weak logical isolation.” Is this correct?