{{Header}}
{{Title|title=
{{project_name_long}} Variants
}}
{{#seo:
|description=Comparison of {{project_name_short}} in a VM vs {{project_name_short}} with Physical Isolation with and without virtualized Gateway.
|image=Plate-526603640.jpg
}}
[[File:Plate-526603640.jpg|thumb|200px]]
{{intro|
Comparison of {{project_name_short}} in a VM vs {{project_name_short}} with Physical Isolation with and without virtualized Gateway.
}}
= Comparison of Different {{project_name_short}} Variants =

The security and usability of the {{project_name_short}} platform is significantly affected by the hardware and virtualization configuration, and whether a {{project_name_customworkstation_long}} is created. [[Qubes|{{q_project_name_long}}]] is currently recommended as providing the best combination of security and usability, although it has {{Archive_link
|url=https://www.qubes-os.org/hcl/
|text=strict hardware requirements
|onion=http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/hcl/
}}.

== Virtualization and Hardware Configurations ==

'''Table:''' ''{{project_name_short}} Platform Comparison''

{|   class="wikitable"

!| '''Variant'''
!| '''Systems'''
!| '''Number of systems'''
!| '''Security'''
!| '''Usability'''
|-

| Standard [[Download|Binary Download]]
| host + VM + VM
| 2
| Basic
| Easy to redistribute and install

|-  class="odd"
| [[Dev/Build_Documentation/Physical_Isolation|Physical Isolation]] with Bare-metal Gateway
| host + VM + host
| 3
| Equivalent to the standard binary download
| Difficult to install and for advanced users only
|-

| [[Dev/Build_Documentation/Physical_Isolation|Physical Isolation]] with Virtualized Gateway
| host + VM + host + VM
| 4
| Higher attack surface
| Easier to deploy. Four operating systems must be kept updated
|-

| [[Dev/Build_Documentation/Physical_Isolation|Physical Isolation]] without any Virtualization
| host + host
| 4
| Nearly the same as standard Physical Isolation <ref>For further discussion of this issue, see: [https://web.archive.org/web/20150901134508/http://sourceforge.net/p/whonix/discussion/general/thread/05abffad More or Less Protection inside a VM?]</ref> Without virtual machines, there is no protection against hardware fingerprinting
| Difficult to install and for advanced users only
|-

| [[Qubes]]
| dom0 + VM + VM
| 3
| Better compartmentalization. See: [[Qubes/Why_use_Qubes_over_other_Virtualizers|Why use Qubes over other Virtualizers?]]
| Best
|-

| [https://www.whonix.org/w/index.php?title=UniStation&oldid=46352 OneVM] (ignore page title)
| host + VM
| 2
| Deprecated
| -
|-

| [[UniStation]]
| host
| 1
| Proof of concept only
| -
|-

|}

Virtual machines can provide the following security-related features:

* <u>Network isolation</u>: Connections can easily be forced through Tor.
* <u>Hardware isolation</u>: Unique hardware serials can be hidden.
* <u>Roll back feature</u>: Users can revert to clean and/or working snapshots.
* <u>Multi-level security</u>: Multiple clones / VMs / Disposables provide significant protection.

In comparison, live CDs provide:

* <u>Non-persistence</u>: This increases safety in the event of a software compromise. <ref>Unless sophisticated and targeted malware manages to leverage the exploit, leading to a compromise of firmware or other persistent systems (like BIOS).</ref>
* <u>Anti-forensics capability and plausible deniability</u>: If the computer is powered down and RAM has faded or been wiped, remnants of critical information like encryption keys should be impossible to retrieve.
* <u>Update issues</u>: It is difficult to roll out security updates and maintain a fully up-to-date system.

== Operating System Configurations ==

{{project_name_short}} provides multiple operating system options:

* <u>Debian {{Stable_project_version_based_on_Debian_codename}} GNU/Linux</u>: The Default-Download-Version is recommended for most users.
* <u>[[Other Operating Systems]]</u>: Windows, FreeBSD, other GNU/Linux, and Android {{project_name_customworkstation_short}} are possible.

{{mbox
| type    = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = Users should refer to [[Other_Operating_Systems#Security_Comparison:_Whonix_™-Download-Workstation_vs._Whonix-Custom-Workstation_™|Security Comparison: {{project_name_short}}-Download-Workstation vs. {{project_name_customworkstation_short}}]] before choosing this option. A number of anonymity protections must be manually configured in {{project_name_customworkstation_short}}.
}}

== Security Comparison: {{project_name_short}}-Download-Workstation vs. {{project_name_short}}-Custom-Workstation ==

See [[Other Operating Systems#Security_Comparison:_{{project_name_short}}-Download-Workstation_vs._{{project_name_customworkstation_short}} | Security Comparison: {{project_name_short}}-Download-Workstation vs. {{project_name_customworkstation_short}}]]. Unless otherwise stated, the documentation and design refers to the Default-Download-Version.

== Old Instructions ==
* OneVM: https://www.whonix.org/w/index.php?title=UniStation&oldid=46352 ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/w/index.php?title=UniStation&oldid=46352 .onion])

== Footnotes ==
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]] [[Category:Design]]