As a developer of Whonix for more than a decade, I can confirm there’s a large number of laymen who do a very superficial analysis and then think they found a security issue or have been hacked.
The problem is that laymen think that simple stuff such as a duplicate desktop icon can be evidence for a hack. People more knowledgeable on computer security, malware know that this doesn’t make any sense whatsoever. So laymen have to be told that in a diplomatic way, that they do not possess the required skills to perform malware analysis.
You absolutely need a FAQ about it. And it needs to be on the website, not in the forums, for increased authority.
Kicksecure / Whonix forums I am using one or another link in these cases:
- Malware, Computer Viruses, Firmware Trojans and Antivirus Scanners chapter Valid Compromise Indicators versus Invalid Compromise Indicators in Kicksecure wiki
- Bug Reports, Software Development and Feature Requests chapter Support Request Policy in Whonix wiki
This usually resolves the issue.