{{Header}} {{Title|title= {{project_name_long}} Variants }} {{#seo: |description=Comparison of {{project_name_short}} in a VM vs {{project_name_short}} with Physical Isolation with and without virtualized Gateway. |image=Plate-526603640.jpg }} [[File:Plate-526603640.jpg|thumb|200px]] {{intro| Comparison of {{project_name_short}} in a VM vs {{project_name_short}} with Physical Isolation with and without virtualized Gateway. }} = Comparison of Different {{project_name_short}} Variants = The security and usability of the {{project_name_short}} platform is significantly affected by the hardware and virtualization configuration, and whether a {{project_name_customworkstation_long}} is created. [[Qubes|{{q_project_name_long}}]] is currently recommended as providing the best combination of security and usability, although it has {{Archive_link |url=https://www.qubes-os.org/hcl/ |text=strict hardware requirements |onion=http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/hcl/ }}. == Virtualization and Hardware Configurations == '''Table:''' ''{{project_name_short}} Platform Comparison'' {| class="wikitable" !| '''Variant''' !| '''Systems''' !| '''Number of systems''' !| '''Security''' !| '''Usability''' |- | Standard [[Download|Binary Download]] | host + VM + VM | 2 | Basic | Easy to redistribute and install |- class="odd" | [[Dev/Build_Documentation/Physical_Isolation|Physical Isolation]] with Bare-metal Gateway | host + VM + host | 3 | Equivalent to the standard binary download | Difficult to install and for advanced users only |- | [[Dev/Build_Documentation/Physical_Isolation|Physical Isolation]] with Virtualized Gateway | host + VM + host + VM | 4 | Higher attack surface | Easier to deploy. Four operating systems must be kept updated |- | [[Dev/Build_Documentation/Physical_Isolation|Physical Isolation]] without any Virtualization | host + host | 4 | Nearly the same as standard Physical Isolation <ref>For further discussion of this issue, see: [https://web.archive.org/web/20150901134508/http://sourceforge.net/p/whonix/discussion/general/thread/05abffad More or Less Protection inside a VM?]</ref> Without virtual machines, there is no protection against hardware fingerprinting | Difficult to install and for advanced users only |- | [[Qubes]] | dom0 + VM + VM | 3 | Better compartmentalization. See: [[Qubes/Why_use_Qubes_over_other_Virtualizers|Why use Qubes over other Virtualizers?]] | Best |- | [https://www.whonix.org/w/index.php?title=UniStation&oldid=46352 OneVM] (ignore page title) | host + VM | 2 | Deprecated | - |- | [[UniStation]] | host | 1 | Proof of concept only | - |- |} Virtual machines can provide the following security-related features: * <u>Network isolation</u>: Connections can easily be forced through Tor. * <u>Hardware isolation</u>: Unique hardware serials can be hidden. * <u>Roll back feature</u>: Users can revert to clean and/or working snapshots. * <u>Multi-level security</u>: Multiple clones / VMs / Disposables provide significant protection. In comparison, live CDs provide: * <u>Non-persistence</u>: This increases safety in the event of a software compromise. <ref>Unless sophisticated and targeted malware manages to leverage the exploit, leading to a compromise of firmware or other persistent systems (like BIOS).</ref> * <u>Anti-forensics capability and plausible deniability</u>: If the computer is powered down and RAM has faded or been wiped, remnants of critical information like encryption keys should be impossible to retrieve. * <u>Update issues</u>: It is difficult to roll out security updates and maintain a fully up-to-date system. == Operating System Configurations == {{project_name_short}} provides multiple operating system options: * <u>Debian {{Stable_project_version_based_on_Debian_codename}} GNU/Linux</u>: The Default-Download-Version is recommended for most users. * <u>[[Other Operating Systems]]</u>: Windows, FreeBSD, other GNU/Linux, and Android {{project_name_customworkstation_short}} are possible. {{mbox | type = notice | image = [[File:Ambox_notice.png|40px|alt=Info]] | text = Users should refer to [[Other_Operating_Systems#Security_Comparison:_Whonix_â„¢-Download-Workstation_vs._Whonix-Custom-Workstation_â„¢|Security Comparison: {{project_name_short}}-Download-Workstation vs. {{project_name_customworkstation_short}}]] before choosing this option. A number of anonymity protections must be manually configured in {{project_name_customworkstation_short}}. }} == Security Comparison: {{project_name_short}}-Download-Workstation vs. {{project_name_short}}-Custom-Workstation == See [[Other Operating Systems#Security_Comparison:_{{project_name_short}}-Download-Workstation_vs._{{project_name_customworkstation_short}} | Security Comparison: {{project_name_short}}-Download-Workstation vs. {{project_name_customworkstation_short}}]]. Unless otherwise stated, the documentation and design refers to the Default-Download-Version. == Old Instructions == * OneVM: https://www.whonix.org/w/index.php?title=UniStation&oldid=46352 ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=UniStation&oldid=46352 .onion]) == Footnotes == {{reflist|close=1}} {{Footer}} [[Category:Documentation]] [[Category:Design]]