Hi, firstly apologies as you're probably sick of seeing posts like this, I know there is plenty of material about how unsafe older OS are to use in the modern day, but these mostly relate to someone wanting to use e.g Windows XP as a daily driver, for web browsing etc etc.

Recently I have had to use certain Windows-only software for university, and while I could probably just use Windows computers available on campus, I would rather be able to use it on my laptop. I could just use Windows 10, and perhaps possibly will, but not only do I not really like Win10, I find older OS & OS history very interesting, and find the fact that security issues prevent their usage nowadays very irritating. For instance, I had an old notebook which worked perfectly with Ubuntu 12, and still does, but on attempting to use modern OS on it, major functionality like network connection stopped working.

So I'd like to use Windows 7, *purely* for running software. I would not connect it to the internet, or use any internet functionality e.g IE.

I know there is functionality available to have a shared directory between a VM and the host OS, so I was intending to use this to transfer software to the VM, downloaded on the host linux OS. However, I feel like this could be a vulnerable spot? Probably not practically, but hypothetically.

tl;dr: Can I safely use a windows 7 VM to run windows-only software, downloaded on my own machine and transferred over, as long as I don't *ever* connect it to the internet?

Thank you for your time.

Should be fine doing it that way making certain the only software used is from trusted sources so no malware is in them. Though it would not do much good even if infected as it would not be able to communicate with any control server without the net connection.

With a VirtualBox host only network adapter the guest can only talk to the host or other VMs but can not talk to the LAN or Internet. You should still be able to use a shared directory between the two which requires guest additions to be installed.

MS is still sending daily virus definitions to Defender on Win7, so it is not totally abandoned. You can manually download definitions for your system so you can scan your programs before installing them.

https://www.microsoft.com/en-us/wdsi/defenderupdates

https://support.microsoft.com/en-us/...0-dbb16b08d990

1 members found this post helpful.

If you are not very important, or have a target on your back, I think you'll be fine.

In theory, your setup is unsafe: You run questionable software on your Windows. It can infect your USB flash drive (assuming you use that to transfer files). The infected flash drive could exploit some USB vulnerabilities in Linux or firmware to pwn your Internet-connected Linux machine too.

In practice, some malware author would have to bother with such an attack scenario, and he probably won't.

(Disclaimer: Just a C++ programmer. Not a security expert)

VBox is designed for convenience rather than security. The sysadmin for kernel.org mentioned this in his talk on Qubes OS: https://www.youtube.com/watch?v=8cU4hQg6GvU (I think he did, but I could be confusing it with other talks on Qubes OS that I watched)

That said, OP would have to run some serious malware that actually bothers to pwn him via VBox.

The most important principle on any computer of any type is the principle of least privilege. There should be only one login user that is a member of the wheel group ("an Administrator"), and you should use this user only for system maintenance. Your everyday account should not have that power. He cannot walk into a phone booth and then fly out wearing ugly blue tights, no matter how hard he tries. He's just an ordinary Joe.

Computers are bad at knowing when to say, "yes." But they're really good at saying, "no."

I did not watch the entire video but the kernel.org sysadmin speaker admitted they were not a security expert and was only at the conference to talk about their experiences using Qubes.

Indeed, I misremembered. It was actually this guy, at 2:45: https://www.youtube.com/watch?v=sbN5Bz3v-uA&t=2m45s