To what extent can an older OS be used safely under certain conditions?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To what extent can an older OS be used safely under certain conditions?
Hi, firstly apologies as you're probably sick of seeing posts like this, I know there is plenty of material about how unsafe older OS are to use in the modern day, but these mostly relate to someone wanting to use e.g Windows XP as a daily driver, for web browsing etc etc.
Recently I have had to use certain Windows-only software for university, and while I could probably just use Windows computers available on campus, I would rather be able to use it on my laptop. I could just use Windows 10, and perhaps possibly will, but not only do I not really like Win10, I find older OS & OS history very interesting, and find the fact that security issues prevent their usage nowadays very irritating. For instance, I had an old notebook which worked perfectly with Ubuntu 12, and still does, but on attempting to use modern OS on it, major functionality like network connection stopped working.
So I'd like to use Windows 7, *purely* for running software. I would not connect it to the internet, or use any internet functionality e.g IE.
I know there is functionality available to have a shared directory between a VM and the host OS, so I was intending to use this to transfer software to the VM, downloaded on the host linux OS. However, I feel like this could be a vulnerable spot? Probably not practically, but hypothetically.
tl;dr: Can I safely use a windows 7 VM to run windows-only software, downloaded on my own machine and transferred over, as long as I don't *ever* connect it to the internet?
Should be fine doing it that way making certain the only software used is from trusted sources so no malware is in them. Though it would not do much good even if infected as it would not be able to communicate with any control server without the net connection.
With a VirtualBox host only network adapter the guest can only talk to the host or other VMs but can not talk to the LAN or Internet. You should still be able to use a shared directory between the two which requires guest additions to be installed.
Distribution: Ubuntu based stuff for the most part
Posts: 1,174
Rep:
MS is still sending daily virus definitions to Defender on Win7, so it is not totally abandoned. You can manually download definitions for your system so you can scan your programs before installing them.
To what extent can an older OS be used safely under certain conditions?
If you are not very important, or have a target on your back, I think you'll be fine.
In theory, your setup is unsafe: You run questionable software on your Windows. It can infect your USB flash drive (assuming you use that to transfer files). The infected flash drive could exploit some USB vulnerabilities in Linux or firmware to pwn your Internet-connected Linux machine too.
In practice, some malware author would have to bother with such an attack scenario, and he probably won't.
(Disclaimer: Just a C++ programmer. Not a security expert)
With a VirtualBox host only network adapter the guest can only talk to the host or other VMs but can not talk to the LAN or Internet. You should still be able to use a shared directory between the two which requires guest additions to be installed.
VBox is designed for convenience rather than security. The sysadmin for kernel.org mentioned this in his talk on Qubes OS: https://www.youtube.com/watch?v=8cU4hQg6GvU (I think he did, but I could be confusing it with other talks on Qubes OS that I watched)
That said, OP would have to run some serious malware that actually bothers to pwn him via VBox.
The most important principle on any computer of any type is the principle of least privilege. There should be only one login user that is a member of the wheel group ("an Administrator"), and you should use this user only for system maintenance. Your everyday account should not have that power. He cannot walk into a phone booth and then fly out wearing ugly blue tights, no matter how hard he tries. He's just an ordinary Joe.
Computers are bad at knowing when to say, "yes." But they're really good at saying, "no."
Last edited by sundialsvcs; 11-04-2021 at 08:28 AM.
I did not watch the entire video but the kernel.org sysadmin speaker admitted they were not a security expert and was only at the conference to talk about their experiences using Qubes.
VBox is designed for convenience rather than security. The sysadmin for kernel.org mentioned this in his talk on Qubes OS: https://www.youtube.com/watch?v=8cU4hQg6GvU (I think he did, but I could be confusing it with other talks on Qubes OS that I watched)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.