Paranoia dual-boot question

[chainlinkfence]

What do you use Windows for? Unless you play games or short of ram just put it in Virtualbox and save yourself the hassles of partitioning and rebooting . It doesn't even need to connect to the internet.

LoL = League of Legends = best game ever.

I just said you seemed confused, this is a Ubuntu support forum, and as such, we are talking about securing your Ubuntu installation. I don't use WIndows enough, to even comment on how to secure your system. As for multiple firewalls, the Windows users in my household have the standard Windows firewall enabled, and I have a router with the firewall enabled, so I guess you could say that they are using two firewalls, I personally don't have any firewall rules set on my Ubuntu/Debian installs, as I feel the router firewall is enough for me. My feeling is that if you are running multiple firewalls, it is a sort of belt and suspenders approach, if a belt is good enough to hold up your jeans, then using suspenders along with the belt must be twice as good. I have to say though, that if I'm out and about with my netbook, running gnome-shell, I enable the firewall rules, before I even leave home, and in many cases, run a port scan against it to see if there are any open ports.

Well... a linux distro for sure, I just came to like some of the contributors on the Ubuntu forum .

[duke.tim]

cariboo907Why do you suggest using a bsd over linux if a user wants to be really paranoid/secure?

[cariboo]

cariboo907Why do you suggest using a bsd over linux if a user wants to be really paranoid/secure?

The BSD's and especially OpenBSD are designed for security by default, all the packages are audited, and as bug free and free from security holes as possible. The trade-off is that for the average user it is much harder to install and configure than a Linux installation. For more info, have a look here.

[Velnias]

All DEFAULT install packages are audited ( it includes Apache, Bind, Sendmail and few others ). Other packages and ports - may be audited. Install ( and configuration ) is really easy and quick. Though for advanced user only - you need to know what are you doing.

[Tom_ZeCat]

Under Windows, whether its a dual-boot system or not, make it more like Linux. End your days of working, especially online, as root. If you have an account set up exactly how you want it (and it's an administrator account), create a new administrator account, password protected, of course. Then use that new account to demote your regular account to a limited acccount (XP terminology) or a standard acccount (Win 7 terminology). Under Windows 7 Home Premium if anything attempts to install in your standard account, you're prompted for a password. In Win 7 Professional or Ultimate, you have to log into the administrator account to install anything. The bottom line is use your standard/limited account for most everything. Only use the admin account when you have to.

I do like the idea of sticking Windows into a virtual box though. Never tried that.

[Hungry Man]

As said, only the *default* installation of OpenBSD is audited to that extent. As this is for a desktop system there is a massive amount of attack surface that will be installed after installation - impractical to vet all of it. I consider a properly configured Linux to be more secure than a properly configured OpenBSD/*BSD.


@chain,

You can secure Windows decently, especially if you only use it for games. Set up EMET 4.0 and disable any services not necessary for LoL (many, I'd imagine).

[Velnias]

I consider a properly configured Linux to be more secure than a properly configured OpenBSD/*BSD.

Care to explain? because sometimes I see "OpenBSD not affected" or "Fixed months ago" when talking about vulnerabilities.

[monkeybrain2012]

I found this article, http://aboutthebsds.wordpress.com/20.../bsd-vs-linux/

Basically it says BSD is crap in terms of usability and its security (e.g software audit) is exaggerated way out of proportion by a small group of hardcore advocates. Obviously very partisan but I have no idea how much is accurate since I never use BSD. Maybe more knowledgeable people here can weigh the arguments and tell us how true (or false) they are.

The author of the article claimed

On top of that, BSD project managers willingly allow spying agencies to put backdoors it thier OSes which make BSD even more insecure. An example is in 2011 where by Theo de Raadt (Head of the OpenBSD project) made an agreement with the FBI to plant a backdoor in OpenBSD, OpenSSH and PF.

But there was no source. Is there any truth to this?

[sandyd]

If you want to be secure, a few things first-

Here is a nice link for the OP on how NAT (well, that is what most routers have today anyways...) works: https://www.grc.com/nat/nat.htm
And to clear up the fact that NAT is not a firewall... http://security.stackexchange.com/qu...security-layer

Link about how NAPT is useful, but plain NAT is not, and how it plays a role in security : http://blog.ioshints.info/2011/12/is...y-feature.html

That said, I am a bit paranoid myself, and filter out all incoming traffic by default on both my server networks, and home network; only opening ports for my webservers, ftp servers, and established sessions. UPNP (does vyatta even have UPNP???) is also disabled

Personally, I believe that if you restrict what you actually do on your Windows computer (only boot into Windows to play game, and boot back into linux when done, .etc .etc), there is a _much_ lowered chance of getting infected/viru/hacked. I think I would be a bit more worried about a Spetsnaz team dropping through the window and stealing the computer itself

[tubbygweilo]

. . .I think I would be a bit more worried about a Spetsnaz team dropping through the window and stealing the computer itself

Plus sneak and peek and no knock warrants