How do you compare among three security setups?

Goal: Achieve (near) absolute safety. It has to be ensured that the operating system is absolutely clean, no chance of infection, no personalized trojan or keylogger before any financial or mission critical tasks are carried out.

IMPORTANT: The mission critical tasks involved the usage of Windows software so the operating system has to be Windows.

The new three candidates:
(A) Lock up the dedicated Windows (by Deep Freeze etc.)
First OS: use it for all purposes except mission critical tasks.
Second OS: only do mission critical tasks. This OS will be locked up by software like Deep Freeze. It's always clean every time it is booted up.

(B) Boot up from the Windows live CD or USB Windows
Similar to (A) but we don't install any extra OS.
Only OS: use it for all purposes except mission critical tasks.
We boot from the CD/USB to do mission critical tasks. They will be unplugged when not in use so there is zero chance of infection.

(C) Protected by virtualization
The host is only used for mission critical tasks (5%)
The virtual machine is used for anything else (95%, all normal and risky activities)

 

It would seem that you have 3 forms of the same thing going on.

In A you are needing a reboot to get into a locked down system, while still allowing the off chance that a bad bug etc could compromise the other OS on the other drive. But that should be handled by the deepfreeze imaging. Still you do have to reboot to get into the other OS.

Option B shows the same thing, although now you are booting through an even slower method using cd/usb. Same thing applies though, possible compromise of primary hdd OS if a bug etc ever got into the cd/usb OS. Once again, a reboot is required.

And in option C, you are yet again doing the same thing, only this mehtod exposes a single OS, with a virtual OS within, thus saving a physical reboot. Virtual boxes supposedly have very small chance of compromising host box, providing network/shares are restricted. The off-side to this is that you will be using a more intesive method on the cpu. For resource light applications, this should not be a hinderance with a fast enough machine.

You have to weigh for yourself the applications to be used in the critical parts, perhaps they are too big for virtual to properly handle without 'feeling' the sluggishness'. And furhter, the whole scenario IMO is one based upon just how easy or how much time you want to devote to rebooting. For me, a virtual box is much faster and for what I use it for it works great. Only you can decide that factor. I don't see how any of the three are different in the end result, they each assume the critical tasks will be free from any nefarious intrusion becasue of the clean slate in which they start.

Just my opinion after all.

Sul.

 

There are some unknowns here - how often is the usage of the mission-critical apps interspersed with the usage of the normal apps? If the answer is seldom, then I would prefer candidate A, but with the mission-critical OS entirely encrypted on disk, to prevent the normal OS from infecting the mission-critical OS. An advantage of this candidate is that the mission-critical OS can be updated, and you can install any needed apps, when the protection is off. Forcing the user to reboot when doing a mission-critical task reduces the window of opportunity for malware to infect the mission-critical OS.

Candidate B will make it hard to use a mission-critical OS that is up-to-date, security-wise. Also, you will have to use only portable apps, or apps that can be used as plugins. Additionally, the Live CD will take awhile to start.

There are some problems with candidate C. One is that an infection of the mission-critical OS may last a long time. I would add something like Returnil to the mission-critical OS. Even with Returnil or similar though, with candidate C it seems the mission-critical OS will be running for long periods of time, since it is hosting a virtual machine, which will leave a possibly long window of opportunity for malware to affect it, until a reboot happens. Then there is a possible problem that since two OSs are running at the same time, the user may accidently perform a "normal, possibly risky" activity on the mission-critical OS by accident. Also, there is the potential for malware to leak out of the virtual machine onto the mission-critical OS.

Thus, my suggestion would be to use candidate A, with the modification I suggested, if possible. If it's too much of a burden to have to reboot, then use candidate C, again with the modification I suggested.

With any of these solutions, I would suggest to use antivirus, anti-keylogging software and anti-executable software, in the event that malware is encountered along the way.

 

Well thought out MrBrian. I would think that if there is such a need to have this kind of protection, that the virtual OS should be a snapshot, thus eliminating the long term effects of exposure to the host OS. An ideal situation would be an encrypted thumb drive or similar to actually house the data.

We don't know exactly what the parameters are for the mission critical usage. As you state, the amount of time spent on it plays a large role. Let us assume that the data is just that, data, such as bookkeeping records, not something like encoded video. This would justify the use of a usb drive to store a relatively small amount of data. Or a fileserver with the right security.

I personally use vmWare for my online banking, taxes and book keeping. I have a snapshot on the vm box that I always go back to, but my data is stored on an encrypted usb thumb drive. All communications with my LAN are neutered with a firewall with strict policies, and all services that could compromise are disabled. I run an AV and Threatfire. Within this vm box the firewall is very strict on just what is allowed in way of application making connection attempt as well as what ip/url is allowed. I also use Sandboxie with strict enforcement of what processes are allowed as well as registry keys and file access.

This may be considered overkill I assume to some. I find it very easy to start vmPlayer, do my stuff, zip it up with security, and placing it on my thumb drive. Shut the player down, and on next boot back to same thing.

I also have the host OS use a firewall with other security apps, and it's services are also controlled. I attempt to isolate to a very high degree all of my financial dealings.

I understand that I am using this personally and the procedures would differ greatly for say a corporate environment.

You have some great thoughts on the matter for sure.

Sul.

 

Thank you for the kind words Sully . You seem to have a good system in place for your needs. Just a note: your setup differs from candidate C in that your setup uses the virtual machine for the mission-critical apps.