Whonix VirtualBox 15.0.0.8.9 - Point Release! - vanguards; TCP ISN Leak Protection; Extensive Hardening! đŸ”„

This is a point release.

Download Whonix for VirtualBox:


Alternatively, in-place release upgrade is possible.


Highlights


This release would not have been possible without the numerous supporters of Whonix!


Please Donate!


Please Contribute!


Notable Changes


Full difference of all changes

diff too large for github to show, therefore split into two:


About Whonix

Whonix is being used by Edward Snowden, journalists such as Micah Lee, used by the Freedom of the Press Foundation and Qubes OS. It has a 7 years history of keeping its users safe from real world attacks. [1]

The split architecture of Whonix relies on leveraging virtualization technology as a sandbox for vulnerable user applications on endpoints. This is a widely known weakness exploited by entities that want to circumvent cryptography and system integrity. Our Linux distribution come with a wide selection of data protection tools and hardened applications for document/image publishing and communications. We are the first to deploy tirdad, which addresses the long known problem of CPU activity affecting TCP traffic properties in visible ways on the network and vanguards, an enhancement for Tor produced by the developers of Tor, which protects against guard discovery and related traffic analysis attacks. Live Mode was recently added. We deliver the first ever solutions for user behavior masking privacy protections such as Kloak. Kloak prevents websites from recognizing who the typist is by altering keystroke timing signatures that are unique to everyone.

In the future we plan to deploy a hardened Linux kernel with a minimal number of
modules for OS operation, which will greatly decrease attack surface. An AppArmor profile for the whole system as well as Linux Kernel Runtime Guard (LKRG), which quote performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.


[1]

3 Likes

4 posts were split to a new topic: changelog inclusion discussion testing vs stable

Awesome! Great job. Thanks!

loosing features:

  • vbox doesnt go full screen
  • copy/paste from to host/whonix

and i think this is due to one reason which is a corruption within vbox-guest-additions

Whonix-WS wont boot and showing this message:

1 Like

Possibly host HDD issues. OpenPGP / gpg verified images? Does re-import of VM help?

So much amazing work, thank you all contributors!

Gateway: Would Gateway work stably if you kept it at 256 MB RAM at all times except for when compiling kernel modules (during updates etc)?

Workstation: Is there a way to know what point release your workstation is currently upgraded to? (like to uname -a for checking kernel version) I see that /etc/whonix_version only says 15.

Upgraded in-place. No problems to report, Debian host, Virtualbox version 6.0.18, everything went smoothly. I messed about with the different graphics choices and they all work somehow. No screen resize problems to report

I have the same problem as @nurmagoz. I have VirtualBox 6.1.2 and cannot go full screen with both the 15.0.0.8.9 Point Release and an upgraded 15.0.0.7.1. Everything seems to work great with the exception of not being full screen.

The VirtualBox resize issue:

For now, there is only this workaround (recently added recommendation to use XFCE screen resolution settings dialog to manually set a higher resolution):

Known Issues - Whonix

To really solve it needs a really good bug report with all debug information required for VirtualBox developers. The internet is full of incomplete bug reports and discussions that go nowhere. Better not add to that mess. First, it requires a survey of existing related bug reports and what debug information was requested from VirtualBox developers. Notes are being kept here:

Help welcome!

No known issues that it doesn’t.

No.

See also: systemcheck - Security Check Application

1 Like

i did re-import and it helped cant reproduce atm.

Patrick via Whonix Forum:

1 Like

I just wanted to post this: the only thing noticed–and this has nothing to do with Whonix’s implementation of Guest Additions–is that when using Virtualbox 6.0.18 the clipboard functionality sharing between guests and host is not functional. This is solely due to the fact that 6.0.18 and 6.1.x are not cross compatible as far as GA’s. Anyway, an upgrade to Vbox 6.1.4 fixed that issue completely. Also, the 6.0 branch will not have support after July of this year so everyone should upgrade anyway.

1 Like
1 Like