Strategies to increase security

Hi, Thinking of different options to increase sleep quality.


Use one machine for non-secure use and another machine for secure use is well warranted.
- Use physically different hardware
- Use a virtual machine guest as the secure machine and the virtual machine host as the cowboy machine
- Use a virtual machine guest as the cowboy machine and the virtual machine host as the secure machine

Use Linux instead of Windows as my secure machine, and apply that to the above options

Please provide your thoughts. Thanks!

- Use a virtual machine guest as the secure machine and the virtual machine host as the cowboy machine

The paradigm with virtualization is that the host has full control over the guests, but not the other way around.
So a compromised host machine with secure guests is not a good idea.

Thank you Didier Stevens,

What about the other way around? Using a virtual server as one's general use PC, and the host as the extra safe PC? Or is it highly recommended to use separate physical hardware? Obviously, physical hardware is more secure, however, would like a "reasonable" compromise between security and convenience.

Also, what about using Linux instead of Windows for the secure PC's operating system? I would then use Windows as my general use operating system.

Thanks

No, using a VM as a general surfing machine is a good compromise. I do this myself.

If you want to protect your machine against common malware, then using Linux on your VM is a good idea as there is significantly less malware for Linux than for Windows.

Thanks Didier, Still have non-Internet threats such as email, memory sticks, etc to deal with on your attacked upon Windows based host. Maybe do the opposite? Granted, stuxnex attacked WinCC.