Whats Best Way to Safeguard Against Viruses in Guest o/s?

Hi Bruce,

Ok let me clear the air here from the confusion. I was open to the idea of a vm on my PC. But some here convinced me that installing programs on a guest might pose a risk to possible interception of personal data in the host. A 2nd PC would eliminate that threat by having personal data transferred from the main PC to the 2nd PC.

As such, there’ll be no need to install a vm on the main PC. I would then be able to install programs on it. The programs wont have a chance of sniffing out my personal data since there’d be no personal data on it. Could I possibly get viruses on the main PC? Yes, unfortunately. But I’d make a backup image in case it does. Some of the programs I want to install on my main PC are games. Might they possess a virus? Yes. But if it gets infected, the viruses wont be able to find any personal data and I’d still have an image backup.

On the 2nd, I wouldnt do any browsing or install any programs except for firefox and MS Office. Firefox would be used to order stuff online from ebay or amazon along with online banking.

Hope this helps clarify things. Let me know what you think, Bruce!

awesome, we are both getting to the same end point, that is, one PC is isolated and has no personal info.

Correct. The main PC will not have a vm but will download and install programs which may or may not possess potential viruses. The 2nd PC will only have passwords installed and be able to order stuff online and nothing else.

But do you think since the main PC will have my microsoft account for the microsoft store that a potential virus from a program downloaded from the internet will be able to intercept it? Would such a virus be able transmit that info to a server?

.

that is the million dollar question, isn’t it!!!
no-one can give a definite answer on that one.
but with all things malware, just because the answer may be NO today, it could just as easily change to YES next week.

all I can say is the inbuilt Windows Defender is excellent, and all you need.
add to that a browser extension like uBlock Origin, and a modified HOSTS file of the sort offered by Blocking Unwanted Connections with a Hosts File and you are well on your way to a multi-layered security suite.

Hey Bruce. Greatly appreciate the time youve invested in educating me.. Looks like I’ll have to install a vm which means scrapping the idea of a 2nd PC at least for now. I have no choice. With that said, I have 2 questions:

1. You suggest using Hyper-v on my windows 10. Just so you know, its not native to my home edition. But theres a workaround to installing it nonetheless. The link below shows how one can install it in the home edition. Let me know what you think of that:
   https://www.itechtics.com/enable-hyp...ndows-10-home/
2. Upon installing a guest (with win 10 installed like the host), what the safest way of transferring and installing a program into the guest which may/may not have a virus?

Looking forward to your reply!

looks like getting Hyper-V on Win10 Home is straight forward.
my only concern would be, because MS never wanted it on Home, what is going to happen, say, each time Windows updates, will it kill your Hyper-V?

since you have Home, personally I’d go for one of the 3rd party software choices, but that’s entirely up to you. I’ve used the usual suspects like Oracle’s VirtualBox and VMWare’s Workstation and they are both fine. you install the software and then install Windows within the software onto a VHD (virtual hard drive).
and yes, you’ll need a license to install Windows even on a VM machine.

as to transferring between the main OS and VM OS, there are a few ways to skin that cat.
the VM can have a shared folder between the two OS’es, or you can set the VM to have access to one of the physical PC’s USB drives, or you let the VM directly access the internet.

as said before, it all depends on what level of protection you are happy with.

and this is said with no malice intended at all, and this is your data on your PC that, really, only you know what you do, but do you think you may be over-thinking this whole thing?

for example, no-one I know has two PC’s setup like this, but hey, it’s a good idea, I’m just thinking of the practicalities here. I’ve had my own PC since 1991 (proper PC, not VIC-20, or C64 or Atari) and have only had one infection, from using my neighbours USB stick.

so while infections are a real threat, your chances of getting one, using safe PC usage principles, is rare.

I just feel you may be dwelling on the potential negatives, that in the real world, may seldom happen.
and now I’ve said that, I’ll get three infections today !!!

That’s what I was talking about in post #8
Then you can only get a sneakernet virus

@koolx - where we at?

Hey Bruce, Apologies are in order for my last response. Will likely install Hyper-v. But I’ve read that hyper-v is more efficient than VB. What do you think?
I’ll just use an inactivated windows 10 as guest so I’ll be using guest o/s for one 1 - 3 programs tops.
Very good to know! Think I’ll give the guest access to USB drive as long as I feel thats the safest bet.
Understandably you may think I may be overthinking this but in reality I want to be as safe as possible especially when doing online banking.

In addition to the above I have these questions, please…

1. In know this sounds crazy but would it be sensical to install programs in the host while transferring personal files to the guest? This way the guest is isolated from being sniffed for personal data? My only concern with this is doing online banking where programs might “see” my online banking.
2. Referring to the 1st question above, would installing a sandbox (like sandboxie) for my firefox while doing online banking offer protection from potential infected programs if installed in the host?
3. If I install a program in the host, couldnt I block it in the firewall from accessing the net both inbound and outbound? Will it add another layer of protection?

Hyper-V versus other VM software, which is better? - sorry, can’t say, simply haven’t used them with performance in mind.
whatever VM I have used over the years, all I can add is that they have done exactly what I wanted, given my access to another OS without the need for another physical PC or the palaver of fussing around with dual booting.

non-activated Windows doesn’t get updates (from memory) so that may be worth considering.

as to installing software on one PC and your data on another - again, sadly, only you can really answer that.
but logically taking your need of two PC’s to the next level, I would say Yes, you want to keep things as isolated as possible.

as to online banking, unless an infection can sniff the data packets going between you and the bank, and decrypt them, you are already extremely safeguarded.
I’ve worked for 3 banks in my career and all I’ll say is their IT departments, and the external bodies they use, spend a lot of money making their systems as secure as they possibly can. they do after-all want you to use them to recoup the development costs used to justify reducing front-line staff.

any sandboxie type of solution will reset that environment back to the default baseline conditions that were setup when the sandbox was initially created.
so that would definitely keep Firefox safe.
but, again, taking that idea to its next step, a program like Deep Freeze will ‘sandbox’ the entire PC.
every time the PC starts, it’s as if the previous session never happened.

it all comes back to;
[ul]
[li]how serious you want to take all this[/li][li]what you think is your potential exposure[/li][li]and the level of annoyance you are happy to live with[/li][/ul]
and the last question, yes, you can fiddle with the firewall at the program level but I’ve found it extra maintenance that needs to be kept on top of.
as an example, years ago CCleaner was great, than the buggers were taken over by Avast who added spyware type behaviour to the software (sending telemetry sort of stuff to their servers) so I blocked ccleaner.exe in the firewall. but when they changed their name to ccleaner64.exe, of course the firewall was useless.

@koolx - any news?

abandoned

re-opened as per OP request.

OP has not revisited forum since the thread was reopened so I`m going to go ahead and close this thread, helpers are here to do just that and not to run around begging for updates.