Whonix 18.0, a distribution aimed at providing guaranteed anonymity, security, and privacy protection, is now available. The distribution is based on Debian GNU/Linux and uses Tor to ensure anonymity. The project's work is licensed under the GPLv3. Available for download are virtual machine images in .ova format for VirtualBox (2.5 GB with LXQt and 1.6 GB for console) and qcow2 format for the KVM hypervisor (3.4 GB with LXQt and 2.3 GB for console).
A distinctive feature of Whonix is ββits division into two separately executable components: Whonix-Gateway, which implements a network gateway for anonymous communications, and Whonix-Workstation, which contains the desktop. These components are separate system environments, delivered within a single boot image and run in separate virtual machines. Network access from Whonix-Workstation is only possible through Whonix-Gateway, isolating the workstation from direct interaction with the outside world and allowing only the use of fictitious network addresses. This approach protects the user from real IP address leakage in the event of a web browser hack or exploitation of a vulnerability that gives an attacker root access to the system.
Hacking Whonix-Workstation would only allow an attacker to obtain fictitious network parameters, as the real IP and DNS settings are hidden behind the network gateway running Whonix-Gateway, which routes traffic exclusively through Tor. It should be noted that Whonix components are designed to run as guest systems, meaning it's possible to exploit critical zero-day vulnerabilities in virtualization platforms that could provide access to the host system. Therefore, it is not recommended to run Whonix-Workstation on the same computer as Whonix-Gateway.
Whonix-Workstation comes with the LXQt user environment by default. It includes programs such as VLC and Tor Browser. Whonix-Gateway comes with a set of server applications, including Apache httpd, ngnix, and IRC servers, which can be used to run Tor hidden services. Tunneling over Tor is possible for Freenet, i2p, JonDonym, SSH, and VPNIf desired, the user can use only Whonix-Gateway and connect their usual systems through it, including Windows, which allows for anonymous access to existing workstations.
The system environment is based on the protected distribution Kicksecure, which is being developed in parallel by the same developers and expands Debian Additional mechanisms and settings for increased security: AppArmor for isolation, installing updates via Tor, using the tally2 PAM module to protect against password guessing, expanding the entropy for RNG, disabling SUID, not opening network ports by default, using recommendations from the KSPP (Kernel Self Protection Project), adding protection against leakage of CPU activity information, etc.
Major changes:
- The distribution package database has been updated with Debian 12 to Debian 13.
- The Xfce desktop environment has been replaced by LXQt. The Wayland protocol is enabled by default.
- The package includes a ram-wipe utility that clears the contents of RAM before rebooting the system.
- The package includes the USBGuard package for managing the activation of connected USB devices in order to protect against attacks via malicious USB devices, such as BadUSB.
- The privleap framework (similar to sudo) is used to launch privileged processes.
- The delivery includes the nmap and nping utilities.
- Xpdf has been removed from the distribution.
- The backlight-tool-dist package is used to control the backlight.
- The following packages are used to manage keyboard layouts: set-system-keymap, set-console-keymap, set-labwc-keymap, set-grub-keymap.
- Loading speed has been accelerated and memory consumption has been optimized.
- The Kloak package, used to counter user identification based on keyboard input and mouse movements, has been completely rewritten and ported to Wayland.
- Added by IPv6 support.
- On the Whonix-Gateway side, the user-sysmaint-split package is activated by default, implementing separate boot sessions for operation and maintenance (SYSMAINT - system maintenance).
Source: opennet.ru
