Hi. I am using Qubes 4.1.1 together with Kicksecure and Whonix.
For the last few days and in general for the last half year, I’ve been actively studying the Whonix, Kicksecure and Qubes wiki. I’m testing all installations on a test station, at the moment I’m testing all Qubes on Debian-minimal + Kicksecure-16.
The Whonix and Kicksecure wiki says that by hacking the AppVM an attacker can correlate between other virtual machines hacked now or much earlier. And in that case I wonder, is it anonymous to use Kicksecure for example for vlc, xmpp instead of Whonix?
I’m strengthening my templates as recommended by the wiki: LKRG, Tirdad, Hardened Malloc, Hidepid, Apparmor, Security-Misc, SUID Disabler and Permission Hardener and I also disable the root account.
As far as I understand it will make it a bit difficult to correlate between the hacked virtual machines, but still CPUID, CPU temperature, SSD/HDD.
Bottom line: Would it make sense to use copies of whonix-ws-16 for simple programs such as Liferea, vlc, xmpp instead of the minimal debian templates fortified by kicksecure and along with implemented recommendations from the wiki, like LKRG, Tirdad, etc.
After all, kicksecure does not change the system name to host, and there is no whonix-firewall, does that mean it’s more anonymous to use whonix-ws-16?
Separately I would like to mention proprietary programs, should they be used in Whonix if necessary ? Even when Zoom is run as User, it still sees the MAC which is the same for all virtual machines and also sees the hostname which is not changed to Host in kicksecure.
But as far as I understand using many minimal templates fortified by kicksecure and together with the implemented recommendations from the wiki, on the type of LKRG, Tirdad, etc. Much better in terms of attack surface. But on the above reflection I’m having a hard time choosing.
A rough scheme of what I mean:
1) Qubes together with Kicksecure fortifications
- kicksec-16-min = sys-net
- kicksec-16-min = sys-firewall
- kicksec-16-min = sys-usb
- ( ! ) kicksec-16-min-xmpp = xmpp-personal
- ( ! ) kicksec-16-min-zoom = zoom-work
- whonix-ws-16 = anon-whonix
2) Qubes together with Whonix and Kicksecure:
- kicksec-16-min = sys-net
- kicksec-16-min = sys-firewall
- kicksec-16-min = sys-usb
- ( ! ) whonix-ws-16-xmpp = xmpp-personal
- ( ! ) whonix-ws-16-zoom = zoom-work
- whonix-ws-16 = anon-whonix
Will scheme 2 prevent virtual machine-to-virtual-machine correlation in case of hacking or proprietary software usage, or will it not help much and scheme 1 will be more efficient?
I am asking this question on Kicksecure as this question is more about Kicksecure and its advantages in terms of minimal templates.
I am grateful in advance and willing to listen to different views and opinions on these schemes of using Qubes together Whonix and Kicksecure.