Security hardening options
We can argue that any operating system, including Windows, can be hardened and made more secure.
Replace windows with a hybrid Linux and a well educated user and you should be relatively secure.
I’m saying relatively secure because we can do better.
Multiple computers for different tasks
when everything runs within one space if you get hacked, regardless of how you got hacked, all of your data will be exposed.
A good solution to this problem that can improve our security is to use different computers for different tasks.
- use one computer for work related tasks
- Use one computer for your personal related stuff
- Use another one for the untrusted stuff
Whenever you’re just browsing through websites and opening attachments and so on.
Use one computer that is not connected to the Internet to store your passwords and key.
This way, if somebody manages to hack into one of these computers, they will only get access to 1 computer and it will be very difficult for them to move from this computer and compromise the other computers.
Not only that, but the fact that you have an untrusted computer that you don’t do any personal or work stuff on means that this will be the computer that will probably be hacked, not the other ones, so all of your important stuff in work and personal will not be hacked and the hackers will not be able to gain access to.
Also, if you’re using a separate identity on this untrusted computer, then your real identity or the identities that you use on work and personal again will not be compromised , so this is a really, really good solution.
The only problem is it’s not cheap! you need a number of computers and it’s also not easy to achieve.
Computer with multiple USB sticks
imagine you use a different computer every time you want to do a different task.
You can make this slightly easier and use only one computer, but use multiple USB sticks and again use each one of them for a separate domain, one for work, one for personal, one for untrusted, but I think this is not very usable because let’s say for example you are using the work USB stick and you open your work email.
You read in an email and there is an attachment and you really want to open that attachment, but you can’t really trust our attachment because it could be anyone.
It could be a hacker pretending to be a friend, or it could be someone who gained access to your friends account.
So if you want to follow this model and if you want to be secure, you need to boot into the untrusted distro or the untrusted USB stick and open the attachment there.
Then once you open it and read it, if it’s fine, you need to turn this off, boot back into your work USB, stick your work domain, and then reply to the email.
So you can see that if you’re doing this every day, it’s not very practical and it’s going to become very, very annoying.
This is where the idea of Qubes OS came from.
Qubes OS review
Qubes is an operating system that is designed to improve security by compartmentalization.
So as soon as you boot into this operating system, it boots into Xen, which is a hypervisor, and then once the operating system starts.
Everything inside this operating system is separated into different domains, you’ll have a domain for work at domain for personal and untrusted domain, and so on, and each one of these domains is a completely separate virtual machine.
So you can think of these virtual machines like completely separate computers and hence the name virtual machine.
So each one of these virtual machines has its own run it’s own CPU, its own file system, and so on, and is completely unaware of the other virtual machines,
so just like running different Computers, if your untrusted virtual machine or the untrusted domain gets compromised or hacked, it is very difficult for a hacker to move from there to your work or to your personal virtual machine.
Not only that, but Qubes also separate other system components into virtual machines, so you have your networking, your file system, your USB controller, and your firewall all running inside their own virtual machines.
you won’t need to have multiple computers and you won’t need to keep restarting and booting into different USB sticks.
You’ll always be using the same operating system and the different virtual machines will be running inside this one single operating system.
Now these amazing features come at a price, Qubes is very resource hungry and has very specific requirements
To give you a better idea on how Qubes OS works and how it can improve our security, read our guide how to install and use Qubes, to learn more about how to protect your files and your online profiles ,how you can to use Qubes to open files safely, even if they contain backdoors or dangerous malware threats.