Silk Road forums

Discussion => Newbie discussion => Topic started by: HubertCumberdale on August 11, 2013, 06:53 am

Title: How safe is Whonix?
Post by: HubertCumberdale on August 11, 2013, 06:53 am
So I only plan on being a buyer - so, Whonix is probably unnecessary - but, I'm a spook - so I'm interested.

How safe is Whonix, really?
I have Tor updated - by the way, when I installed Whonix on VirtualBox - it said Tor needed updated, will this happen every time?

I have Whonix running on virtual box, that's running on Linux that's on an encrypted hard drive - and I have a router.

I also encrypt all sensitive data via PGP.

I have a firewall enabled also - though, again, probably unnecessary with Linux.
Title: Re: How safe is Whonix?
Post by: spectrum on August 11, 2013, 07:46 am
The main feature of Whonix is that it separates Tor from your web browser and other applications that run over Tor. That makes it much safer against exploits that try to get your real IP address. We saw this with the Freedom Hosting exploit. It only worked on older versions of TBB on Windows, but even if you ran an old TBB in a Windows VM separated from the Tor VM, like in the Whonix setup, you would have been safe. VM isolation is your last line of defense in a world where application level exploits are much more common than network level exploits
Title: Re: How safe is Whonix?
Post by: ECC_ROT13 on August 11, 2013, 03:15 pm
Guessing you mean, how safe is it against deanonymization attacks?   Somebody figuring out who you really are, or where you're coming from?

It's safer than Tor Browser Bundle.   I could argue it's safer than Tails.  Or less safe than Tails.  Depends what you're worried about, and how technical you are.  If the answer is "not very", I'd say Tails is much safer.   

If you're worried about somebody showing up, grabbing your laptop, and proving something happened, Tails tries pretty darned hard to not leave any traces.

If you're worried about somebody (FBI, etc) using browser exploits to figure out who you are, there isn't exactly a silver bullet.   The FH attack last week was mild in terms of capabilities.    They worked fairly hard to only target TBB users, and all they grabbed was a MAC address and tried to send it to a website.

There's lots and lots of other things someone can do to deanonymize you if they can exploit your browser or machine.   Think disclosing your MAC address sucks? They could have ripped info from the BIOS, giving them lots of great stuff, like manufacturer, computer model, serial number, etc.

Assuming worst case, where bad folks run code on your box through an exploit:
1. If you're booting directly on hardware, like using a Tails USB stick, your worry is their view of the hardware itself.   Can someone trace it to you by serial no/MAC Address/etc?
2. With Tails, once they have access to the OS, it's easy to get your real IP.
3. With Whonix, if they compromise the Whonix-Workstation, they can't see your real IP, since the Whonix-Gateway is in the way.  They also can't see much from a hardware perspective, because Virtualbox presents non-hardware-related virtual devices to the guest OS.

To see the tip of the iceberg, run /usr/sbin/dmidecode as root on a Tails or Whonix-Workstation and look at the results.    It's enlightening.  Things like VMWare have a bad habit of exposing your licensed serial number and other identifiers in some versions.


Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 11, 2013, 08:38 pm
This post was rather enlightening. I appreciate the response...so in general, are you saying that running Whonix on a virtual box is actually less safe than just running Tor through my setup?
Title: Re: How safe is Whonix?
Post by: StaticTension on August 11, 2013, 09:16 pm
I've spent some time working with Whonix and I'd say it's about as good as security you can get without getting too techinical. Some things to keep in mind that are documented in the Whonix homepage (which BTW is an excellent read on computer security):

-If your host OS is infected Whonix will not save you
-Physical isolation is recommended for top security. An example would be using a clean laptop as the gateway and then having your pc connect to the gateway.

There's a lot more tips and recommendations on their site. When I was testing what I did was used Dban to reformat my hard drive which took about 20hrs to make sure my PC was clean before installing Whonix. Would defeat the purpose of installing Whonix onto a malware infected PC. After that reinstalled my OS and any other programs I needed. Then used Truecrpyt to encrypt my hardrive and also create a hidden OS. The hidden OS is where I installed Whonix. This way no trace is found if your computer ever gets seized. I did all the just for testing it out and seemed like a nice secure solution that anyone could implement.This might be obvious but no pirated software whatsoever. No torrent downloading either if your after security.

The procedure after that is pretty simple. Install virtual box, install Whonix gateway and host.

Now if you can go a step above Whonix there's Qubes which is a full OS that cannot be run in a virtual machine. It takes the idea of isolation and applies it to everything in the OS. So in effect the browser is isolated from your word processor and so on. So if your browser was exploited the attacker couldn't go wild on your computer navigating through your folder structure or installing backdoors and whatnot. If you ever used Sandboxie it's pretty much the same concept.
Title: Re: How safe is Whonix?
Post by: Cannaisseur on August 12, 2013, 01:40 am
something spammy
Title: Re: How safe is Whonix?
Post by: StaticTension on August 12, 2013, 02:14 am
You have anything constructive to contribute Cannaisseur or just spam like a whore?
Title: Re: How safe is Whonix?
Post by: ECC_ROT13 on August 12, 2013, 02:29 am
This post was rather enlightening. I appreciate the response...so in general, are you saying that running Whonix on a virtual box is actually less safe than just running Tor through my setup?
Not at all.   I think Whonix on VirtualBox probably gives you good protection against most threats.  Just make sure to update it regularly, and you'll be well ahead of the TBB crowd.  And it's not a cloak of invulnerability or anything.   Whonix isn't as good of a fit for someone who doesn't get the technology side of it.. but if it makes sense to you, it should work well.

Qubes OS is definitely a genius idea, but I can't afford the hardware to run it in a not-slow-as-shit fashion.  On fast hardware, I bet it would be fantastic.

If you get haven't seen it, go check out grugq's OPSEC presentation on youtube (search for "grugq opsec" a  you should find it).  It's aimed at hackers, but many of the fundamental concepts are the same.   His concept of running Tor on an OpenWRT router makes sense for strong physical isolation on the cheap.
Title: Re: How safe is Whonix?
Post by: StaticTension on August 12, 2013, 03:13 am
I was looking at some other forums last night and talking about security and one guy had an idea that he wants to contribute to Tor. It sounded ok to me for about 5 seconds then I was like that's retarded. Basically as a way to further deter spying agencies like the NSA he suggested that instead of one packet being sent from your PC through the nodes and ending up at the Exit node that the orginal packet should be split into 3 and then be reassembled once they get to the exit node. It's retarded because all it is a security through obscurity trick that will at best take an attacker an extra 5mins to reassemble the packets. Kinda sucks I was kinda excited to read his theory after reading the title of the thread but it was pretty fail.
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 12, 2013, 07:31 am
I think a simple packet tracer would be able to break that? I mean...in theory, it's a good added layer of protection...but not really...that good :p

I'll look into qubes...what's the hardware requirement, any idea?

Does Whonix also delete everything on restart like Tails?
Title: Re: How safe is Whonix?
Post by: StaticTension on August 13, 2013, 02:27 am
Not sure what the hardware requirement for Qubes but it's pretty significant if you want things to run fast.

Tails is what you would call an Amnesic OS not keeping any details on shut down where Whonix is not. Don't let that deter though. They have a better explanation between the different OS on Whonix site outlining the pros and cons of each OS and it looks unbiased and an honest comparison.
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 13, 2013, 03:23 am
I took a look at the Whonix website. I don't have the extra machine to make it run at maximum security effectiveness.

I've looked into Qubes a little bit as well - I think my system can handle it, I'm just confused on a few things.
I have a quad-core amd processor and 8gb of ram.

I also have a free 500gb hdd.

First, does Qubes run WHILE my main OS is running, or is it setup as a dual-boot system?
I see that it essentially runs everything as a VMApp, but it is in fact a real OS correct?

Does it erase info like Tails does?

While I'm OK with this from a security standpoint, keeping everything up-to-date is a huge PITA when one has to re-update every time you open the OS.

I appreciate the mention by the way - so sick of the spam posts in the newbie section, it's good to get something accomplished.
Title: Re: How safe is Whonix?
Post by: StaticTension on August 13, 2013, 05:11 am
It would be a main OS so no dual boot or VM. Not sure if it's an amnesiac OS. I don't think it was, almost sure it isn't because Whonix isn't either but I'd have to look it up.

Honestly if you need a lock down security and don't mind sacrificing for it then Qubes would be the best option but keep in mind with more security you have to sacrifice convenience so it's a balancing act. I remember reading this article when Steve Jobs died and they asked this guy..fuck I forget his name but he was some programming guru and when asked how he felt about Jobs death he basically said it's good that he's gone and made people stupider with the whole idealogy of Apple and apps which I agree with however you can't dispute the fact that Jobs changed the whole computer landscape. My point is that this was coming from a guy that despised major corporations and their data mining and force feeding you their products he ran everything in Unix. To fetch an email was a series of commands just so he wouldn't have to use an email provider. Was his system secure? I bet it was but I'd sure as hell hate using that everyday.
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 13, 2013, 05:28 am
That's sort of a 50/50 statement.
Jobs was brilliant...Bill Gates is brilliant. They've both capitalized on a market that keeps buying and buying.
Unfortunately, people are lazy. We don't know about security, about how our computers run - so it's easy for people to buy into whatever else needs done.

My father in law is a security analyst and he'll tell you outright - security is terrorism. Tell people there's a threat, and they'll believe you if you sound informed. It's true.

Why couldn't Qubes be on a different hard drive and dual-booted? I didn't see anything in the docs that mentioned that it couldn't.

Obviously, for the sake of wanting the MOST secure machine, that's not feasible...but it seems like it would still be a good step-up for security when doing things like accessing SR?
Title: Re: How safe is Whonix?
Post by: StaticTension on August 13, 2013, 05:47 am
Yep so true...

All those anti-viruses companies build empires buying preying on the fear of people and that they have the solution. Snake oil sellers. I think Whonix installed on a VM is a good solution that's easy and provides a solid amount of security if your just a buyer. A vendor might do that to but some extra security measures would have to be added to be safe. If you're just the average SR user Whonix installed on a encrypted/hidden VM is easy and safe.

Not sure if Qubes can be installed on a different drive I don't think so but would have to go over the install docs.
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 13, 2013, 05:51 am
Any idea how Qubes holds up against OpenBSD?

Obviously the latter is more well known for it's security features. I'm curious how they stack-up though, and haven't found any good articles that compare the two.

My biggest issues with these is that it takes away from the general functionality of your computer, to some extent.


Software becomes less available, installations become more difficult, etc.
Thus far, Ubuntu running Virtualbox seems to be the most effective option for me.
Title: Re: How safe is Whonix?
Post by: StaticTension on August 13, 2013, 09:52 pm
Well Qubes and OpenBSD have a different approach and set up for security but some of the principles are the same. I've never used OpenBSD but it's highly regarded for security by a lot of experienced users and it's been out a lot longer than Qubes. On paper Qubes looks unbreakable but the true test is out in the field so in that regard I'd say OpenBSD comes out ahead just for that fact alone but it doesn't mean it's better if that makes sense?

Ubuntu is about as close a linux like windows OS as you can get. In terms of security it's a step up from windows but any OS that is not 100% open source which Ubuntu is not as some code is not revealed can not be trusted 100%. There's a lot of things you can do to lock down Ubuntu but the problem is most users just go to google find the commands to use which more times than not are commands that expose your system by someone posting those codes on hacked sites or sites that don't get monitored and users end up with a totally exploited system and the ironic thing is they think they just looked down the computer tight , lol.

In terms of difficulty using and setting up said OS I would rate from easiest to hardest as: Ubuntu, Whonix, then OpenBSD.
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 13, 2013, 11:29 pm
Are you familiar with how to lock down Ubuntu at all? I'm definitely interested in learning. Anything to add layers, even if small ones - without greatly sacrificing convenience.
Title: Re: How safe is Whonix?
Post by: StaticTension on August 13, 2013, 11:32 pm
Not really, I've played around with it a bit but I'm just a lame windows user lol

You can try the Ubuntu forums but I know that got hacked a few weeks ago so who knows if the info there is legit or not.
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 14, 2013, 12:00 am
Actually laughed out loud on that one.

"How do I secure Ubuntu?"

"I don't know. Check the forums that just got hacked."

Chances are they were hosted on an Ubuntu, or some flavor of Linux/Unix server.

Uh oh.

I just switched from Windows 7 ...erm...3 or 4 days ago? So don't feel bad.
My only experience outside of Windows was a Unix based server called Eagle Server that I toyed around with in school.
Title: Re: How safe is Whonix?
Post by: Hitch on August 14, 2013, 12:34 am

   Qubes is very interesting! All processes running in independent virtualised isolation, very cool. From what I've read it's thoroughly amnesiac. There's a real push in the Tails community to build a similar model for future releases.

   I don't really know much about Whonix but I feel a little sceptical about the idea of running one OS on top of another, mainly due to leakage concerns. Having a dedicated machine just for Whonix use, with regular dban wipes, would assumedly protect well against that issue.
Title: Re: How safe is Whonix?
Post by: StaticTension on August 14, 2013, 02:49 am
Actually laughed out loud on that one.

"How do I secure Ubuntu?"

"I don't know. Check the forums that just got hacked."

Chances are they were hosted on an Ubuntu, or some flavor of Linux/Unix server.

Uh oh.

I just switched from Windows 7 ...erm...3 or 4 days ago? So don't feel bad.
My only experience outside of Windows was a Unix based server called Eagle Server that I toyed around with in school.

Lol... ya after I typed that out I read it out loud and  I laughed too. Iit seemed very silly and ironic but it's kinda of fitting just to prove the point nothing is secure. I was suprised that the forums were hacked but I think that was some corporate thing because the time of the hacking was near the time Ubuntu had announced their new project.

Hitch in regards to Whonix it claims DNS leaks are not possible and even when using it in a VM it's highly unlikely unless your OS is already comprised. However physical isolating the gateway and the host like you touched upon is highly recommended by Whonix to further enhance your security. Get a used laptop $150, wipe it with DBan and use it solely as a gateway to torify everything when you use your host. Of course this is assuming your host PC has no viruses.

 A lot of people use TAILS but idk I'm not a big fan for a couple of reasons. The first is that identifying tail users is a bit easier because they will have different entry guards every time where a regular TOR user keeps the same ones for a month. But still for the average SR user TAILS is good, I'm just an overly paranoid individual :P
Title: Re: How safe is Whonix?
Post by: Hitch on August 14, 2013, 03:05 am

Lol... ya after I typed that out I read it out loud and  I laughed too. Iit seemed very silly and ironic but it's kinda of fitting just to prove the point nothing is secure. I was suprised that the forums were hacked but I think that was some corporate thing because the time of the hacking was near the time Ubuntu had announced their new project.

Hitch in regards to Whonix it claims DNS leaks are not possible and even when using it in a VM it's highly unlikely unless your OS is already comprised. However physical isolating the gateway and the host like you touched upon is highly recommended by Whonix to further enhance your security. Get a used laptop $150, wipe it with DBan and use it solely as a gateway to torify everything when you use your host. Of course this is assuming your host PC has no viruses.

 A lot of people use TAILS but idk I'm not a big fan for a couple of reasons. The first is that identifying tail users is a bit easier because they will have different entry guards every time where a regular TOR user keeps the same ones for a month. But still for the average SR user TAILS is good, I'm just an overly paranoid individual :P

   I agree the lack of persistent entry guards is a potential weakness. That's more to do with Tails not really being designed for SR junkies cruising the meth listings for hours every night on their home network :) If used as designed, random hotspots and whatnots, the lack of persistent guards has some logic to it.

   
Title: Re: How safe is Whonix?
Post by: HubertCumberdale on August 17, 2013, 04:09 am
I recently found out that it wasn't specifically the Ubuntu forums, it was vBulletin that got hacked.
They just had access TO the Ubuntu forums because of the parent-leak.
Title: Re: How safe is Whonix?
Post by: StaticTension on August 17, 2013, 05:57 am
Nope it was actually the Ubuntu forums as well. Here's a good ongoing discussion about security going on:

http://dkn255hz262ypmii.onion/index.php?topic=201622.60;topicseen

Some excellent info there :)