Whonix on Qubes: The Most Secure Way to Use Tor
Quoting: Whonix on Qubes: The Most Secure Way to Use Tor - LinuxLinks —
On Qubes OS, you commonly have one VM for each application, or group of applications. Your browser, email client and password store are all in different VMs and are hence isolated from each other. If you browse a website that manages to install malware, your email client will not be affected.
Qubes OS further enhances security by its ingenious use of different VM types: TemplateVMs are used to install and configure software, like a browser, but never to execute the browser or even browse the internet. AppVMs use a temporary snapshot of a TemplateVM to execute the browser program and surf the internet. While the /home/ directory of a AppVM is persistent, all other directories are discarded upon shutdown of the VM, along with all malware that has possibly been installed in it. DisposableVMs take a snapshot of a TemplateVM as well as a snapshot of the /home/ directory of an AppVM, and discard all data upon shutdown.