Ventoy

Last updated
Ventoy
Developer Hailong Sun (aka longpanda)
Initial release5 April 2020
Stable release 1.1.07 [1]   OOjs UI icon edit-ltr-progressive.svg (18 August 2025;2 months ago (18 August 2025)) [±]
Repository
Operating system Cross-platform (Windows, Linux)
License GPLv3+ License
Website ventoy.net/en/   OOjs UI icon edit-ltr-progressive.svg

Ventoy is a freeware utility used for creating bootable USB media storage devices with files such as .iso, .wim, .img, .vhd(x), and .efi. Once Ventoy is installed on a USB drive, new installation files can be added without reformatting. [2] [3] [4] Ventoy presents the user with a boot menu to select one of the installation files held on the USB drive.

Contents

Features

Ventoy can be installed on a USB flash drive, local disk, solid-state drive (SSD, NVMe), or SD card and directly boots from the selected .iso, .wim, .img, .vhd(x), or .efi file(s) added. Ventoy does not extract the image file(s) to the USB drive, but uses them directly, as it can unzip during installation. It is possible to place multiple ISO images on a single device and select the image to boot from the menu displayed just after Ventoy boots.

MBR and GPT partition styles, x86 Legacy BIOS and various UEFI boot methods (including persistence) are supported. ISO files larger than 4 GB can be used. Ventoy supports various operating system boot and installation ISO files, including Windows 7 and later, Debian, Ubuntu, CentOS, Red Hat Enterprise Linux (RHEL), Fedora and more than a hundred other Linux distributions; various Unix releases, VMware, Citrix XenServer, etc. have also been tested. [5] Ventoy isn't recommended on the openSUSE wiki due to reports of boot issues. [6]

Concerns over software security and validity of open source claim

Ventoy claims [7] to be an open source software and is hosted on GitHub open-source repository [8] . However, concerns have been repeatedly raised in various computing-related blogs [9] [10] [11] [12] [13] [14] and forums [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] regarding the fact that source code tree contains a large number of pre-compiled blobs (binary executable files) of unknown origin, which makes it impossible or very difficult to audit the content of the software and ascertain that no malicious payload (e.g. backdoors) is being delivered. Additional concerns were raised in the same blogs and forums that the software appears to originate from China, that the software author has not responded to the concerns over the blobs for several years, that the identity of the author cannot be exactly established and that distribution of blobs without the corresponding source code could be a violation of GPLv3+ license the software claims to adhere to. Recommendations to migrate to alternative and more transparent open source software (e.g. Rufus, balenaEtcher) have been made in the same blogs and forum posts quoted above. Parallels have been drawn to recent vulnerabilities discovered in XZ Utils software [19] . On 7 May 2025 the author of the project has finally responded [16] to the concerns over the blobs, however response was limited to merely listing all the blobs along with build instructions, which other open source community members found very convoluted and difficult to reproduce [10] [20] . No actions were taken by the author to eliminate blobs and replace them with the source code. The author has also responded to concerns that closed-source blobs can contain payload from Chinese government by merely stating that "[He has] never heard of the Chinese government forcing open source developers to install backdoors in their software. Just think about it, what benefits would this bring to the government, other than damaging its reputation?" [16] .

See also

References

  1. ventoy. "Release Ventoy 1.1.07 release · ventoy/Ventoy" . Retrieved 5 September 2025.
  2. Langner, Christopher. "Tutorial – Ventoy". Linux Magazine. Linux New Media USA. Archived from the original on 27 January 2021. Retrieved 6 April 2021.
  3. "Bootable USB Creator Ventoy Gets A Native GUI For Linux". 14 September 2021.
  4. "You may now use Ventoy without deleting data on USB Sticks". 11 November 2021. Retrieved 11 November 2021.
  5. "List Of Tested ISOs". Archived from the original on 2021-04-01. Retrieved 2021-03-09.
  6. "Create installation USB stick".
  7. "Ventoy A New Bootable USB Solution". Ventoy.net. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  8. "Ventoy". GitHub.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  9. "Are you an IT professional? Stop using Ventoy (now)". Iguru.rg. 2025-08-21. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  10. 1 2 "Ventoy - 718 Shades of Open Source". NixSanctuary.com. 2025-01-30. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  11. "iVentoy under suspicion for replacing drivers and certificates". UbunLog.com. 2025-05-14. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  12. "Ventoy's Binary Blobs Spark Security Concerns and Trust Issues in Open Source Community". BigGo.com. 2025-08-06. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  13. "Ventoy Security Concerns". PrivacyGuides.net. 2025-08-05. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  14. "Should Ventoy users be concerned? What remediations could users take?". PrivacyGuides.net. 2024-10-17. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  15. "[issue]: Remove BLOBs from the source tree #2795". GitHub.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  16. 1 2 3 "About the BLOBs in Ventoy #3224". GitHub.com. 2025-05-07. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  17. "Where is source code to binary blobs? Is it really open-source? #132". GitHub.com. 2020-05-18. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  18. "Is Ventoy really safe?". Linux Mint Forums. 2024-10-18. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  19. 1 2 "Is ventoy safe? In light of xz/liblzma scare". Reddit.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  20. 1 2 "The ventoy situation". CachyOS.org. 2025-04-28. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  21. "About the BLOBs in Ventoy". YCombinator.com. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  22. "Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months". Lemmy.one. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  23. "Is Ventoy Safe to Use? Any Good Alternatives?". YoMotherboard.com. 2025-08-10. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
  24. "Ventoy: Remove BLOBs from the Source Tree". YCombinator.com. 2024-06-15. Retrieved 2025-10-28.{{cite web}}: CS1 maint: url-status (link)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.