Windows 7 host, Linux Guest; how Secure?
 

I have to still use Windows 7 for software reasons, but I keep that machine offline by default, and only go online briefly, disconnecting the WiFi as soon as I close my browser.

If I run a Linux distro in Virtual Box, with this Windows 7 system as host, how secure is it? more secure than if I go online with Windows? Or just the same, since Windows 7, which is unsupported, is host? I do run paid AV on Windows, and it never finds anything. But as time goes on, I find myself worrying more when going online. The attacks may become more nasty, so I want to make sure I'm safe.

There has been some speculation on how secure it is versus what is proven. To be safe, one can build a latest Windows or Linux version and run some virtual machine. The latest windows is free at least for some amount of time.

The term for security is best practices for the most part. The more you learn and the more you do the safer you are.

I have a single usb ssd that I make and keep updates for access to financial sites. Almost no secure by default distro's so you may have to configure them.

I always get a big kick out of distro's made to hack/crack and press says they are secure. Why would anyone think a hackers distro is secure? https://www.ubuntupit.com/most-secur...-and-security/

If you use the VirtualBox default NAT networking for the guest, your host will not be able to see the guest and vice-versa. If you configure your Linux guest with a proper firewall, AV, etc., it should be even safer than the unsupported Windows 7 host.

The guest is still sharing the network adapter with NAT the host would technically still be vulnerable as far as I know. If you use a USB Ethernet adapter connected to the guest the network would be isolated from the host in theory.

Have you ever thought about changing your Windows 7 into a VM and run that on a decent, recent, updated more secure host (like a good administered Linux distro)?
Also give you the possibility of snapshotting your Windows machine and revert easily in case of problems.

I agree that the biggest factor in security is the behavior of the user. We do our sensitive stuff, like finances, on Linux. I have my wife using Zorin. she only occasionally goes on Windows 7, mainly for occasional Zoom meetings. I have set up her Dell laptop as a dual-boot.

Thanks, that sound encouraging. If running W7 in a virtual system on a Linux host is even marginally safer, it makes sense to do so.

If most attacks are directed at Windows, wouldn't it be safer inside Linux? Or would it be better to sandbox it?

I would but it wouldn't work in this case. The software I need is Sonar, a DAW, or music creation program. The plugins I use, especially orchestral libraries, would not do well in a virtual system, unless I had an incredibly powerful computer. even then, the graphics alone would make it undesirable.

By using VirtualBox with a USB network adapter your Windows host would remain offline and be unable to connect to the internet. If you need to copy something from linux to Windows you could use a shared folder.

A VirtualBox NAT uses the same network adapter as your Windows system but then adds software to create a simple firewall/router. Your Windows system would still be online. You can select no adapter or internal adapter to completely isolate guest.

In post #7 you indicate that running W7 within a VM makes sense but then #9 post it would not work? If you have other computers running linux why do you need this particular PC to briefly go online at all?

Thanks. I got confused between running windows 7 inside Linux, and running Linux inside windows 7. My intention was to ask if running Linux inside Windows 7 is safer, in terms of going online, than going online in windows 7. Certainly, running windows 7 inside linux is safer.

If I install Linux on that computer, then theoretically I could go online without worrying about updating my Windows AV (Malwarebytes Premium). By using Linux, I would - again, theoretically - be safer than using that same machine to go online in windows. I could also ditch the paid AV, as Linux doesn't need any. that would save me a little money.

I think it's wrong to suggest most attacks are directed towards Windows. Windows may be the most popular so in that sense it could be attacked.

Smart attackers won't let the OS stop them. They will seek any crack to worm in on.
Don't assume Linux is more secure. Many a high profile issue with Linux in the last 20 years.

Any reason for EVER taking the Windows online ?
You need 2 ssd's/ A Windows on one and a real os on the other.
Do what ya gotta do(work) in Windows. If it needs sending out or something boot the real os, access the Wdoz hd and attach the work as necessary.

Good point, behavior is by far the most important variable. The one time I know my computer was hacked, I was on a BSD system. I was on a music composing forum, which used the flash player. I had the 'pepper" version, so I falsely assumed I was safer. I went to get a cup of coffee, and when I returned, there was a terminal up and running. I saw "chroot" being typed as I watched. I immediately shut down, wiped the drive with D-Ban, and set it aside. I then posted two threads on the forum for people to get rid of flash. Most did not. I then convinced the admin. to upgrade from Ning 2.0 to 3.0, which finally got rid of flash. So it was my behavior, not the system, that was the problem.

Convenience, mostly. Not having to shut down, which on my music rig causes my projects to take a long time to open. I usually just put windows to sleep, then the projects open 10X faster. I clear the cache regularly with Wise Cleaner. Also, downloading things I need for my music, like orchestral libraries, plugins, portals etc. Downloading in Linux doesn't work very well. It's quite a process to be able to install them in windows after downloading in Linux.