How to prevent backdoor from being accessed - Windows


#1

Would feel grateful to anyone who can propose solution(s) to this issue:

will be purchasing a Librem laptop shortly.

However, i do have a proprietary program on a dongle that runs offline, but can only run on Windows computer for maximum effectiveness.; already checked with the developer, the program will not be nearly effective if its not run on Windows.

What led me to Puri.sm in the first place was witnessing with my very own eyes (several times) my Windows computer being remotely accessed both online and offline (in airplane mode.)

Since the program is being run offline, i can remove the Wifi and Bluetooth capability of the device,
the question is how do i protect the device / program from back door intrusion when the program is being run offline (which will be 24/7.)

Thank you Puri.sm community for pondering this!


#2

If you buy hardware and put Windows on it or buy hardware with Windows preinstalled, you are effectively giving away part of you property to MS. You are not 100% in control of your own device. It may be that you trust MS, and we have no real evidence that they can’t be trusted with your privacy yet. But i would say that you are giving away way to much power. In the end it is up to you to determine if you really need that program on your dongle.


#3

Run it in a windows virtual machine with no network access. Your situation is a reality for many people and the solution is important. Virtual machines are that solution. Let me know if you have any questions.

I mean I’m completely onboard with how we can’t trust MS, even though we haven’t really gotten proof they can’t be trusted. However, I don’t and never will advocate living under a rock to avoid it. Windows has a catalog of software that just does not have an equal. Thankfully virtualization technology is really top notch these days.


#4

Thank you guys!

From what i have read, camera and microphone provide back door access.

Thinking there may be a way to shut camera / microphone down? maybe remove from device if
at all feasible?


#5

yes it’s probably a good idea to not have the camera/mic electrically powered when you don’t use them. it’s probably also a good idea to be mindfull of your general surroundings no matter where you are and what you are doing.


#6

that’s literally what the camera/mic kill switch on the device does, so you’ll be perfectly safe. The Windows VM won’t even know they exist (nor would a native Windows install, should you run from an external WinToGo setup, but a VM is easier/safer if you don’t need direct hardware access).


#7

If you install Windows near with GNU/Linux, theoretically, Windows or malware can insert some backdoors on your GNU/Linux installation. It’s unlikely, but possible. Therefore i advice to use virtual machine for proprietary programs.
Also you can use Onlyoffice, Libreoffice, Openoffice for office goals. I heard than Onlyoffice good on microsoft formats.


#8

Great info, very helpful.

My program relies on Windows hardware to create desired frequencies.

My impression is that a virtual machine will not give me access to Windows hardware.

So if i still need to be on a true windows machine for this program, might there be any way(s) to

shut down that camera / microphone…maybe surgically remove?


#9

you literally just flip a switch on a Librem laptop. It physically disconnects both devices and informs the OS that they are no longer present.


#10

Yes i understand this is how it is all done on a Librem …

But unfortunately i do need to run this proprietary program on a device with Windows Hardware.

to obtain desired frequencies , frequencies which are only produced in conjunction with Windows Hardware.


#11

I’m not seeing an issue, you can boot/run Windows on a Librem. No such thing as ‘Windows hardware’


#12

Thanks for this.
This was a previous reply provided (Librem customer support also indicated something similar.:):

“If you install Windows near with GNU/Linux, theoretically, Windows or malware can insert some backdoors on your GNU/Linux installation. It’s unlikely, but possible. Therefore i advice to use virtual machine for proprietary programs.”

Can you further define Virtual Machine (VM) for me,

i would be able to use the Librem as a VM without the risking creating back doors? ?


#13

A virtual machine is a fully fledged computer that runs on the same computer as the primary operating system and shares its resources. A fair introductory mental model for it might be, “A computer within a computer”. If one has not encountered virtualization before, this Wikipedia article has a decent conceptual overview: https://en.wikipedia.org/wiki/Full_virtualization.

PureOS ships with Gnome Boxes as its virtualization interface. You may learn more about it here: https://help.gnome.org/users/gnome-boxes/stable/

I usually access Boxes by clicking on Activities in the top left corner of my principle screen and typing into Search: Boxes. Once there, the window that has a “New” button that will walk one through setting up a new virtual machine.

In the scenario described above by MrChromebox, you may achieve your goal by using Boxes to install a Windows virtual machine and then you would rely upon the PureOS defenses to quarantine any suspected malicious behavior you might be concerned with.

I hope you find the links useful.


#14

THANK YOU , very helpful, great community here.


#15

there are also a great number of online services that offer paid video training regarding your virtual machine understanding and usage. best way is to see for yourself how experts do it. it’s no big deal but still if you can afford it …


#16

Probably some pretty straight forward suff:

  • WINE can help you run most windows apps in Linux.
  • QEMU with KVM is pretty good if you want to set up a VM. (not sure about privacy aspects)
  • FireJail is good for general sandboxing applications (slightly hard to set-up)
  • Lutris is for running games in Linux.
  • Orange Website sells decent VPSes

Sorry if this wasn’t what you wanted :v: :slight_smile:
It might help if you could tell us what the program is.


#17

Thank you last dragon dog 66 , very helpful !
wonderful info.


#18

Here is another related twist.

Once i purchase a Librem laptop, how effective is the kill switch if someone

manages to get in the back door before you realize it?

Will using the kill switch at that point boot them out, or are they already in and have free

access at that point no matter what…Thanks in advance, great community here.:slight_smile:


#19

I think that what you are searching for is QEMU with KVM, that way you will get bare metal performances on your Windows VM but you will have to configure it so it will have access only to the needed hardware with the passthrough capability of KVM and you still get the benefit of a privacy focused laptop + distro.
About your last message I don’t know if I’m understanding it very well … On Librem products you get a killswitch that physically cuts the concerned part (just like if you unpluged something), so while it’s killed you can’t get backdoored through that one thing (that doesn’t mean that you’re 100% safe), but if you ever got attacked but closed the potential backdoor there is a chance that the attacker offered himself some other opening in your system.


#20

If someone was currently remotely connected to your computer, and you flipped the killswitch, they would lose their connection and stop being able to do anything for the moment. But depending on what they managed to install on your computer in the time they had access, it’s possible they would be able to return to their attack as soon as you turned the killswitch back off. The killswitch wouldn’t remove any malicious software they managed to install.