Don’t get excited about this just yet. It is only exploratory for now. After a few years it is worthwhile to revisit this.
Context: Whonix host operating system - #11 by Algernon
Please state reasons why you prefer Whonix VirtualBox over Whonix KVM. Any things that Whonix VirtualBox is better at things which cannot be done with Whonix KVM?
If we are only discussing Linux hosts I’m not sure I can give good argument for VirtualBox over KVM. I think a larger subset of users are more accustomed to using VirtualBox. Maybe slightly better usability and better documented. When I search for info on VirtualBox its generally easy to find what I’m looking for. Which makes it easier/quicker for me to troubleshoot problems.
As a Linux user that have just switched to KVM after a couple of years of using almost exclusively VirtualBox, I must say that VirtualBox is obviously better documented and much more user-friendly, at least for a beginner. To me and probably to many others it really was the gateway to virtualization. All things considered to me the main advantage of VirtualBox remains the easiness of setting up shared folders, something that I find much less practical on KVM (file permissions is a real pain with 9p virtio).
Except from that, virt-manager allows for a lot of customization and is not that difficult once you get used to it. From a philosophical point of view (and even security wise), it is clear that we should promote the use of KVM over VirtualBox (free software). However we want to make sure to provide the best out-of-the box experience otherwise we risk to scare new users away, which is much worse than using VirtualBox 
Did virt-manager GUI for KVM make any progress usability wise over the years?
A) installation difficulty (low installation usability)
Instructions to set up Whonix KVM are much more involved and a lot requiring command line commands. That point might be invalid soon.
Whonix-KVM-Host and even adding Whonix repository followed by sudo apt-get install whonix-kvm-host on an already installed Debian system is conceivable.B) re-installation difficulty (low re-installation usability)
Similar to above but perhaps also solved through above.
C) new version installation difficulty (low new version installation usability)
Similar to above but perhaps also solved through above.
D) multiple internal networks more difficult
VirtualBox users can do this purely with a GUI.
KVM requires manual XML file modifications which is more difficult.
But maybe not many people do this with VirtualBox either so maybe this point can be ignored.
D) graphics performance
If I remember right, it used to be that graphic performance was poor, leading for example to sluggish vidoes, i.e. youtube was unwatchable? Is this still the case non-SPICE? Better with SPICE? Sane to enable SPICE by default? 3D Graphics Acceleration sane to enable by default?
E) clipboard sharing
Enabling clipboard sharing requires again file modifications. Maybe enable clipboard sharing by default like in VirtualBox version?
F) shared folders hard to use
Maybe these instrutions could be automated and enabled by default for the user?
G) anything else?
As far as I can remember it was “only” related to usability and performance. Did I miss anything major?
Yes. Because Whonix VirtualBox on the Windows platform cannot be replaced by KVM due to technical limitations (if it can be called that).
Yes, but not in the area of VM imports which is probably what you meant.
Agreed with your points A → D1
That has no longer been the case for a while now and I could watch 720p in a reasonable sized window with no problems. SPICE is the default and handles 2D graphics all right. 3D graphics are safe to enable because the API was designed with security in mind. The necessary drivers have now been included as of Buster.
This is really not recommended because the number of times I could have shot my legs off with it were many. I find a text file in the shared folder that’s opened in both VM and host acts as a sufficient “safe” clipboard
KVM by its very design is tied to Linux kernel modules.
KVM runs on every architecture supported by Linux (and Debian) and with ARM64 laptops becoming a reality it will give us a foothold on alternative (less risky) hardware architectures ASAP. Alternatively VBox must port their code to every new arch they choose to support.
This can be sorted out with incron on the host which we can be able to do with Whonix-KVM-Host. I have it working all right.
VirtualBox on Linux is very easy for anyone who used it on Windows before, or probably for most new Linux users. Makes the transition from Windows host to Linux host easier. Otherwise, another tool to learn.
Edit:
I’m with HulaHoop on this one, and I believe the same no clipboard sharing should be a default on VirtualBox as well. The host and VMs (or several VM workstations) are different worlds. Different identities, that can’t possibly share information so seamlessly by default. Clipboard is so often used. When the risk is taken, it need to be taken explicitly. In any case we have conflicting default policies here on the two versions.
More - not sure I understand how is it possible at all to depraciate VB on linux hosts, since the same ova is used for both linux and windows. What’s to stop users to continue using the “windows” ovas? just hide this possibility on the website or am I missing something here. Are we talking about it mainly as a default (preinstalled, or easily added option) in Whonix host?
Indeed.
No technical measures. (At most a hideable whonxicheck warning but I haven’t found ways to detect the host operating system from within VirtualBox VMs.)
Yes. It’s about what becomes the default choices on the website and what we are willing to support in the forums.
Also - if - this gets implemented - Whonix Windows Installer - Design Documentation might be resurrected and no more direct ova downloads. (Manual build of Whonix ova images for Linux would still be possible or extracting those from the Windows installer.
Debian based Whonix-Host-KVM and also potential sudo apt-get install whonix-host-kvm for Debian.
one reason i prefer virtualbox, particularly for new users, is the ease of snapshots for a configuration that uses one virtual drive as immutible and another virtual disk to store persistent files as writethrough. to date, i have not found a way to successfully do the same with kvm. the only similar configuration i’ve had with kvm is to use a shared folder for the persistent files that is written to the local host’s drive and containing the files within via host file permissions.
Immutable just means the changes are stored in a temporary snapshot on disk that is discarded upon reboot. Have you tried KVM with ro-mode-init (to allow it to function when disk is set to reeead-only) and adding a new empty qcow2 block device?
One thing I noticed since I use KVM/virt-manager is that it seems to better handle crashes caused by RAM saturation.
Example: whenever I hit the RAM limit in a VM (Whonix or other) in VirtualBox, generally because of Firefox/Tor Browser (too many open tabs), it would immediately freeze, and often I had no other choice but to force reset the VM, very annoying.
With KVM/virt-manager, in this same situation Firefox (or Tor Browser) just crashes and quits and no freeze happens.
This could help to improve the state of clipboard sharing in a secure way:
post feature request for more secure clipboard sharing against VirtualBox and KVM
https://phabricator.whonix.org/T720
Could you please edit/post this one? @HulaHoop
i can give it a try again. it complained about having two different hard drives in one snapshot iirc. when i was researching it, the documentation seemed to imply that libvirt wasn’t supporting it yet.
Issue was discussed by Libvirt devs on RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c4
I even linked to a secure clipboard proposal that would have given a secure clipboard functionality by copying Qubes style interaction. It went no where and was closed as WONTFIX.
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c5
Updated linked ticket with this info.
I went ahead and tested it for ya. Add a new disk device in the VM’s Details pane. Install gparted and format the new disk with ext4 (exists under the name /dev/vdb).
After rebooting it will auto-mount the device in the Thunar favorites list using “/media/user/” as a mount point. You will need to adjust permissions of this external drive to be able to add files on it.
I followed this and it worked:
Then I saved a test file with this very link while in Live mode and rebooted to find it still intact.
Moral of the story: KVM is a beast and it will f* VBox’s shit up on every technical measure. It’s just the damn VM import feature that seems to be giving everyone grief 
thank you. i will give it a try again. if i can get kvm to support a configuration that involves an immutible/locked drive and a writethrough style drive via snapshotting, that would be great and would likely warrant yet another damn tweak to the perpetually beta version of the guide at the moment. lol!
I have just made the switch to kvm for whonix (having some familiarity already with it with other vm setups) and love it!
Just what I wanted in a user experience once I got over the increased learning curve; much more lightweight experience (and more cli based which I prefer) and of course and perhaps most importantly proper FOSS!
Kvm feels much more ‘linuxy’ whereas virtualbox is more like a windows relic in terms of user experience- point and click which is advantageous for some and was for me initially getting started but glad I got over the hump with kvm now as I will be sticking with it.
Related:
Why use VirtualBox over KVM on Linux hosts?
No reason , because simply why the user should use virtualbox in the first place inside GNU operating systems?
someone might use vbox in gnu hosts because he came from windows/mac background and hes noob to try new things which might he doesnt understand it very well.
Free Software:- No, Vbox is more into proprietary field
Security reasons: No, Vbox sucks at it as well
User Friendly: No, the user is using GNU/Linux so he should get used to it and try new things rather than staying on the dark ages from whatever background he came from.
Deprecation of Vbox is a step forward to anonymity,security,free software.
Why not, actually? provided it’s easier?
Reading through this forums, I was somehow under the impression that VirtualBox is closed source. I was proven wrong. It is open source. So what are the big problems, actually?
I was searching hard for security issues in VirtualBox on Whonix wiki, and the single result I found was
(I don’t include the full link since the forum system doesn’t allow me to)
If we put the licensing issue aside, most of the rest is pretty vague.
Oracle is infamous for their lack of transparency in disclosing the details of security bugs, as well as discouraging full and public disclosure by third parties.
References?
it would be unsurprising if users were charged for these restricted features in the future
Future prediction. More reasons pertaining to present?
There is indeed one specific issue on this page
One example is this historical [0day vulnerability]) reported privately to Oracle in 2008 by an independent security researcher. Over four years later, the vulnerability [remained unfixed], exhibiting Oracle has a history of failing to provide timely patches to customers so they can protect themselves.
That’s serious enough. However we are at 2019. Any updates since then?
Seriously, whether or not it’s eventually depreciated, I feel that the case of VirtualBox being less secure isn’t fully explained.
Edit by Patrick: add real link