Whonix VirtualBox 15.0.0.8.7 - Testers Wanted! - vanguards; TCP ISN Leak Protection; Extensive Hardening! đŸ”„

Testers Wanted!

Download the Testers-Only version of Whonix for VirtualBox:


Alternatively, in-place release upgrade is possible upgrade using Whonix testers repository.


Highlights


This release would not have been possible without the numerous supporters of Whonix!


Please Donate!


Please Contribute!


Notable Changes


Full difference of all changes

diff too large for github to show, therefore split into two:


About Whonix

Whonix is being used by Edward Snowden, journalists such as Micah Lee, used by the Freedom of the Press Foundation and Qubes OS. It has a 7 years history of keeping its users safe from real world attacks. [1]

The split architecture of Whonix relies on leveraging virtualization technology as a sandbox for vulnerable user applications on endpoints. This is a widely known weakness exploited by entities that want to circumvent cryptography and system integrity. Our Linux distribution come with a wide selection of data protection tools and hardened applications for document/image publishing and communications. We are the first to deploy tirdad, which addresses the long known problem of CPU activity affecting TCP traffic properties in visible ways on the network and vanguards, an enhancement for Tor produced by the developers of Tor, which protects against guard discovery and related traffic analysis attacks. Live Mode was recently added. We deliver the first ever solutions for user behavior masking privacy protections such as Kloak. Kloak prevents websites from recognizing who the typist is by altering keystroke timing signatures that are unique to everyone.

In the future we plan to deploy a hardened Linux kernel with a minimal number of
modules for OS operation, which will greatly decrease attack surface. An AppArmor profile for the whole system as well as Linux Kernel Runtime Guard (LKRG), which quote performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.


[1]

5 Likes

Hi! I saw on Whonix Gateway the “tor Arm” i cannot find. Recommend install it by apt-get tor-arm ?

Thank You Very Good Work

Arm deprecated name , the new name for the same tool is nyx.

2 Likes

One issue was reported in the VirtualBox version. Whonix-Gateway cannot upgrade. The kernel upgrade freezes the VM. Likely a too low default RAM issue. Related:


2 Likes

Yes. Even reducing DKMS parallel_jobs=1 does not help.

Had to increase Whonix-Gateway to 1280 MB. Otherwise VirtualBox guest additions kernel modules would fail to compile.

https://github.com/Whonix/Whonix/commit/78a35367f42e1b14a3bffc6858284a2ccbb1849f

Related:

2 Likes

Hi all. I am get this Error when try open “Web Browser” on Whonix XFCE Workstation.

I will do a new extraction today and test it again (maybe some failure, because I am using VMWare (Debian USB 3.0 / + USB2.0 BootKey)

Interesting. I didn’t expect that using a different virtualizer could result in that specific issue. This issue doesn’t happen in VirtualBox.

VMware is unsupported. Therefore won’t fix.

2 Likes

Attention. I am not Using Whonix on VMWARE.
Use Debian in VMWARE and than Run Virtual box (on Debian environment) and yes Whonix (VirtualBox)!
Hell MAchine :slight_smile:

I see.

Nested virtualization is rather unpopular and not tested by any Whonix developers as far as I am aware. More so when mixing virtualizers (VMware + VirtualBox). You might be literally the only person in this universe doing this. I recommend to stick to more common setups of Whonix.

Also Self Support First Policy for Whonix might apply - would Debian XFCE in a VirtualBox VM run which itself runs nested in VMware? This might very well cause similar issues.

1 Like

3 posts were split to a new topic: enforce minimum password strength / pam-cracklib

Update:

I am using this Version!

1 Like