InfoSec for TBP Readers – Part 3

Guest Post by aka.attrition

Privacy and security are not easy and especially for those of us who are not very computer literate. Coming from an information technology (IT) background with special interest in information security (infosec) I decided to write an article for the layman (don’t give me no uphill about politically correct words!) to help you increase your security and protect your privacy a little more.  This is a small contribution to this website where I spend far too much time reading the articles and especially the major commentators – you know who you are. Thanks Jim and the heavy hitters.

The full article is broken down into three four parts;

Part 1 (click to see article)

• The one thing you need to do with your browser
• Ad-blockers and anti-trackers
• Internet search

Part 2 (click to see article)

• Email
• DNS servers
• Virtual Private Networks – VPN

Part 3

• Windows 10/11 – the boss tracker and what you can do about it.

Part 4 (if there is interest)

• Fingerprinting you

I realize that some of these topics can be a hard for the non-IT / computer oriented person and I write this article with those end-users in mind, not an IT professional audience. There are very many options, settings, and tools one can use but in this article I’m going to restrict it to just a few of the biggest-bang-for-your-buck changes, those things we should all be able to implement without too much IT knowledge. After all, we have day jobs.

Windows 10/11 – The boss tracker and what you can do about it

It takes only a few web searches to find numerous articles discussing the privacy concerns built into Windows 10/11. A default installation of Windows 10/11 will include a host of settings which you have agreed to (by default) including how you use Windows, browsing history, contacts, calendar, emails, location, and much more. A non-default installation allows you to make adjustments (not necessarily switch off) various settings but truthfully who can know what is being sent to Microsoft in their regular phone home sessions? All this is done under the umbrella of making Windows better for you! …. Alrighty then. Of course, what it’s really all about is learning as much about you as possible so that Microsoft (and its associates and partners and clients) can sell something to you or sell you (i.e. your information) to someone.

You could try lockdown Windows 10/11 by applying suggested settings that you can find in many articles on the web, and I suppose it’s worthwhile doing what you can, but ultimately you are still stuck using Windows 10/11 and never really knowing what information is being leaked. Many users find themselves stuck with Windows 10/11, often via forced upgrades from previous versions of Windows, so what can be done, if anything? It’s a tough problem to be honest, no quick fix.

Some time ago, perhaps a year, there was a poster here on TBP who suggested that users should switch to some version of Linux. He wrote some articles explaining how users could make the switch to Linux but these articles very quickly descended into far more complexity than the average user could reasonably apply.  As laymen we are not interested in becoming IT and Linux experts. We just want a degree of security and privacy which albeit not perfect would be enough for our needs. But he was right that Linux offers a more secure environment and more privacy than Windows. There seems little doubt about that and I won’t get into a debate about Windows vs. Linux vs. iOS as the web is filled with opinions and commentary on that and by smarter people than me. I will mention just one stat which speaks volumes in my opinion; 96.3% of the top 1 million web servers are running Linux – https://truelist.co/blog/linux-statistics

Another problem many of us face is that we are probably using several Windows based applications such as Excel, Word, Powerpoint, and Outlook which are extremely popular.  It will be very hard, if not practically speaking impossible, for the average user to simply drop those apps and switch to Linux versions (assuming comparable alternatives even exist for all the different apps we might use). Even for those apps where alternatives exist the cost to migrate existing data and files to them, and the learning curve how to use them, might simply not be worth your effort; the change would be too onerous for the benefits one might gain.

Just to be clear though; Linux does offer solid free alternatives for Excel, Word, Powerpoint called LibreOffice and a solid email client from Mozilla (Firefox) called Thunderbird (plus others). So alternatives for the most popular apps exist and often for free.

So how can we use Linux without needing to be IT experts and without losing access to applications which would be too difficult to give up right now? My suggestion is to create a “virtual machine” of Linux under your Windows 10/11.  A virtual machine is software that can emulate a complete computer system including one which may be running a different operating system than the actual physical computer you are using. Virtual machines are a way to run an operating system like Linux “inside” your normal Windows operating system. Actually, virtualization options exist for both Windows, Linux, and iOS as the “host” and in turn can run any of those operating systems as the virtual “guest”.

Further in this article I will show ways you can try this for yourself using step-by-step guides but first let’s cover what are the benefits of trying this option? Here are my Top 10 benefits:

• You can continue to use Windows for the applications you cannot replace with alternatives or which you simply are not prepared to give up at this time.
• The one activity you can and should do inside the virtual machine is web surfing because you can still use Firefox or Brave under Linux so it would be a completely familiar browsing experience but you gain the security and privacy of Linux.
• A major attack vector for malware is via the browser. Insecure or compromised websites, scripting attacks, browser vulnerabilities, and so forth. How does surfing inside a virtual machine help you? Virtualization software allows you to create a snapshot of the state of a virtual machine and revert to a prior state at a click of a button! In other words, if you get infected while surfing using a virtual machine only the virtual machine will be infected, not the host, and you can easily revert the virtual machine to a prior clean state in seconds. Multiple snapshots can be made, for example, one per week or per month.
• It works the other way around too; if your host operating system becomes damaged or infected by malware your virtual machine would be safe from infection and could be restored to another computer or to the same computer after fixing the infection in the host.

Side note for the experts: yes, I am aware that you can share folders or devices between the host and the guest and that presents an attack vector from host to guest or vice-versa.  However, if no sharing is done – which is the usual default setting – then the host and guest are isolated from each other. Remember that I am writing for the non-expert, not the IT / security guru – cannot cover everything.

• You can backup your virtual machine to, for example, an external USB drive. This enables you to restore the virtual machine, either to the original computer you created it on or onto another computer e.g. when you buy a new computer.
• Virtual machines allow you to play around and learn Linux without having to give up what you are familiar with.
• Virtual machines do not have to be Linux. You can create a virtual machine of Windows XP, Windows Vista, Windows 7 or 8, or any of the major Linux variations like Ubuntu or Mint. Want to work in Windows XP, no problem (except lots of modern software might not work on that old operating system).
• You can create several virtual machines and run them all on the same “host” computer (provided you have the disk space – more machine specs later).
• The host operating system is not privy to what you do inside the virtual machine guest. They are for all intents and purposes separate machines. So your Windows 10/11 cannot snoop inside the virtual machine.
• Inside the virtual machine you can run a Virtual Private Network app (and even change the Domain Name Service servers to use) and the host operating system (Windows 10/11 for example) would have no way of knowing what surfing you are doing.
• Bonus point – you can delete the entire virtual machine and everything you did inside that virtual machine is gone in seconds. And if you delete it using a shredder app it will be, for all general intents and purposes, unrecoverable.

Bottom line; this avenue helps you to start making a move away from Windows (and all its reporting about what you do back to Microsoft) and try out Linux which has no such personal data collection activities to speak of.

What is the Ideal set-up?

In my opinion the ideal set up is:

• A host operating system in which you do nothing normally. The host should be a totally clean installation of Linux (my preference) or Windows (if that’s what you have or what the computer comes with) and you keep it patched and you apply whatever security and privacy recommendations you can but you do not run any applications in that environment other than the bare minimum in order to run the virtual machines.
• You then set up one or more virtual machines which could include a Windows virtual machine for running the Windows based apps which you need and a Linux virtual machine for surfing and learning Linux.

The host machine you keep clean and updated with all recommended security patches. You want to do as little in that environment as possible so as to avoid infection or corruptions or Microsoft snooping. You want to take the risks (whatever they may be) inside virtual machines which can be backed up and easily restored (or reverted with snapshots) in the event of an infection or corruption or other problem.

What is the Practical set-up for readers?

Practically speaking the ideal set-up is probably not possible because you have already been using your current computer and environment.  You can go the ideal route if you buy a new computer but what do we do with our existing set-up?

• Create a Linux virtual machine which will be used for two primary purposes;

1. To surf the web (and stop surfing in the host / Windows operating system)
2. To explore and learn and familiarize yourself with Linux

• Create an additional Windows virtual machine using Windows 7 or 8 as a clean Windows machine i.e. using a version prior to Windows 10 but not so old that most modern applications will not work under it. You can use this Windows virtual machine to run Windows apps (i.e. not in the host Windows machine). Switch off all Windows Updates.

Side note for the experts: yes, I am aware of dual boot options but (a) I think virtual machines offers far more flexibility and options if you have the hardware, and (b) audience for these articles is laymen so looking for easiest to implement option with least risk of things going wrong.

What hardware is required to do this?

It will be pretty obvious that to run a virtual machine means, in effect, that your computer must be capable of running two operating systems at the same time; the current operating system (called the “host”) and the new virtual machine’s operating system (called the “guest”). So the very first thing you are going to need is enough RAM / memory.

Don’t confuse RAM with hard disk space; RAM is the area in which applications are run. Hard disk is the area where files are stored. You might have a lot of hard disk space but you’ll have much less RAM. Minimum RAM required is going to be 4 gigabytes but 8 gigabytes is really recommended.  Fortunately, if you don’t have enough RAM it should not be difficult to upgrade it. If you can do it, go for 16 gigabytes.

Next is the hard disk. What you need, in my opinion, is at least 30 gigabytes free for each virtual machine you want to create. It is not an exact number because it depends on what you do inside the virtual machine. If you decide to download thousands of images in the virtual machine then obviously that will require enough disk space to store it all. 30 gigabytes is pretty decent to run Linux and multiple browsers with multiple tabs.

To give you some rough idea of disk space requirements below are the sizes of virtual machines for various operating systems as the minimum i.e. just the operating system, no apps or other stuff downloaded or installed into it:

Windows XP       2 Gb

Windows 7          8 Gb

Windows 8          9 Gb

Windows 10        20 Gb

Ubuntu                 14 Gb

Mint                      19 Gb

Finally the speed of your processor; bottom line is the faster the better for the obvious reason that you will be running two operating systems instead of one.  I would say 2Ghz is the minimum. 3Ghz or more is ideal. A lot depends on what you are doing on your computer.

The rest of this article looks at how to create a Linux virtual machine under Windows. If you don’t really have the hardware to do it then rather don’t waste your time as the experience will be poor. Look around for hardware upgrades or perhaps revisit this idea when you get a new computer.

Setting up a Linux Virtual Machine under Windows

There are several applications which allow you to create virtual machines including one from Microsoft themselves. There is an excellent paid system from VMWare and another excellent one which is free from Oracle called VirtualBox.

Don’t worry if you are not very IT literate; almost everything is simply clicking the “Next” or “OK” button. We can all do this. There are essentially 5 steps to the process:

• Downloading and installing the VirtualBox software. Difficulty level = easy
• Downloading the Linux ISO file. Difficulty level = easy
• Setting up the virtual machine definition. Difficulty level = easy
• Adding the ISO file to your virtual machine. Difficulty level = easy
• Installing Linux. Difficulty level = easy but takes a little time to run

Time required – about 1 hour but depends on internet and computer speeds.

I have found several guides to doing this on the internet and provide the links below rather than reinventing the wheel and writing my own guide. They explain how to create an Ubuntu Linux virtual guest machine running under a Windows host machine. Ubuntu is a Zulu term for humanity but is also sometimes translated as “I am what I am because of who we all are”.

The current version of Ubuntu is 22 so don’t worry if a guide refers to an older version; the process is identical and you should go for the newest version.

I rank the guides from what I think are the best first but they are all pretty good.

• Install Linux Inside Windows Using VirtualBox [Step by Step Guide]

https://itsfoss.com/install-linux-in-virtualbox

• Ultimate Beginner Guide to Virtual Machines (VirtualBox Tutorial)

https://heytuts.com/windows/ultimate-beginners-guide-to-virtual-machines-with-virtualbox

• Wiki How – How to Install Ubuntu on VirtualBox

https://www.wikihow.com/Install-Ubuntu-on-VirtualBox

• How to Install Ubuntu on VirtualBox: Detailed Overview

https://www.nakivo.com/blog/install-ubuntu-on-virtualbox-virtual-machine

Couple of things to note:

• When setting up the virtual machine definition and it comes to asking you for the size of the virtual machine hard disk set it for 50Gb or more. It won’t actually use that space but that will become the fixed upper limit to the size of the virtual machine hard disk. So rather more than less.
• Don’t worry about making mistakes; you can easily delete the virtual machine and try again with new settings.
• Once you have it up and running I suggest to make a snapshot of the virtual machine so that if anything goes wrong you can easily revert to the clean working state of the snapshot.
• The first thing to try in the virtual machine is surfing the web. Firefox will be installed automatically but you can also download Brave. Surfing inside the virtual machine is a great way to start to become comfortable with Linux and learning the ropes. You will find Brave under the Ubuntu Software app. This app allows you to search for and install applications which have been added to the Ubuntu library of apps – Brave is in there so it’s just a click away.
• If things don’t work then there can be many reasons such as hardware and/or software (driver) incompatibility issues. It happens but usually on older machines and operating systems. On newer systems I have not encountered any real issues. But it’s worth an hour to try.

Here are the links you will need:

Oracle VirtualBox – https://www.virtualbox.org

Ubuntu ISO – https://ubuntu.com/download/desktop

Thank you for reading. Part 4 – Fingerprinting You – will be posted if there is interest. And remember, if you’re using a service for free on the internet then it’s probably you that’s being sold.

-----------------------------------------------------
It is my sincere desire to provide readers of this site with the best unbiased information available, and a forum where it can be discussed openly, as our Founders intended. But it is not easy nor inexpensive to do so, especially when those who wish to prevent us from making the truth known, attack us without mercy on all fronts on a daily basis. So each time you visit the site, I would ask that you consider the value that you receive and have received from The Burning Platform and the community of which you are a vital part. I can't do it all alone, and I need your help and support to keep it alive. Please consider contributing an amount commensurate to the value that you receive from this site and community, or even by becoming a sustaining supporter through periodic contributions. [Burning Platform LLC - PO Box 1520 Kulpsville, PA 19443] or Paypal

-----------------------------------------------------
To donate via Stripe, click here.
-----------------------------------------------------
Use promo code ILMF2, and save up to 66% on all MyPillow purchases. (The Burning Platform benefits when you use this promo code.)

Click to visit the TBP Store for Great TBP Merchandise