Would feel grateful to anyone who can propose solution(s) to this issue:
will be purchasing a Librem laptop shortly.
However, i do have a proprietary program on a dongle that runs offline, but can only run on Windows computer for maximum effectiveness.; already checked with the developer, the program will not be nearly effective if its not run on Windows.
What led me to Puri.sm in the first place was witnessing with my very own eyes (several times) my Windows computer being remotely accessed both online and offline (in airplane mode.)
Since the program is being run offline, i can remove the Wifi and Bluetooth capability of the device,
the question is how do i protect the device / program from back door intrusion when the program is being run offline (which will be 24/7.)
If you buy hardware and put Windows on it or buy hardware with Windows preinstalled, you are effectively giving away part of you property to MS. You are not 100% in control of your own device. It may be that you trust MS, and we have no real evidence that they can’t be trusted with your privacy yet. But i would say that you are giving away way to much power. In the end it is up to you to determine if you really need that program on your dongle.
Run it in a windows virtual machine with no network access. Your situation is a reality for many people and the solution is important. Virtual machines are that solution. Let me know if you have any questions.
I mean I’m completely onboard with how we can’t trust MS, even though we haven’t really gotten proof they can’t be trusted. However, I don’t and never will advocate living under a rock to avoid it. Windows has a catalog of software that just does not have an equal. Thankfully virtualization technology is really top notch these days.
yes it’s probably a good idea to not have the camera/mic electrically powered when you don’t use them. it’s probably also a good idea to be mindfull of your general surroundings no matter where you are and what you are doing.
that’s literally what the camera/mic kill switch on the device does, so you’ll be perfectly safe. The Windows VM won’t even know they exist (nor would a native Windows install, should you run from an external WinToGo setup, but a VM is easier/safer if you don’t need direct hardware access).
If you install Windows near with GNU/Linux, theoretically, Windows or malware can insert some backdoors on your GNU/Linux installation. It’s unlikely, but possible. Therefore i advice to use virtual machine for proprietary programs.
Also you can use Onlyoffice, Libreoffice, Openoffice for office goals. I heard than Onlyoffice good on microsoft formats.
Thanks for this.
This was a previous reply provided (Librem customer support also indicated something similar.:):
“If you install Windows near with GNU/Linux, theoretically, Windows or malware can insert some backdoors on your GNU/Linux installation. It’s unlikely, but possible. Therefore i advice to use virtual machine for proprietary programs.”
Can you further define Virtual Machine (VM) for me,
i would be able to use the Librem as a VM without the risking creating back doors? ?
A virtual machine is a fully fledged computer that runs on the same computer as the primary operating system and shares its resources. A fair introductory mental model for it might be, “A computer within a computer”. If one has not encountered virtualization before, this Wikipedia article has a decent conceptual overview: https://en.wikipedia.org/wiki/Full_virtualization.
I usually access Boxes by clicking on Activities in the top left corner of my principle screen and typing into Search: Boxes. Once there, the window that has a “New” button that will walk one through setting up a new virtual machine.
In the scenario described above by MrChromebox, you may achieve your goal by using Boxes to install a Windows virtual machine and then you would rely upon the PureOS defenses to quarantine any suspected malicious behavior you might be concerned with.
there are also a great number of online services that offer paid video training regarding your virtual machine understanding and usage. best way is to see for yourself how experts do it. it’s no big deal but still if you can afford it …
I think that what you are searching for is QEMU with KVM, that way you will get bare metal performances on your Windows VM but you will have to configure it so it will have access only to the needed hardware with the passthrough capability of KVM and you still get the benefit of a privacy focused laptop + distro.
About your last message I don’t know if I’m understanding it very well … On Librem products you get a killswitch that physically cuts the concerned part (just like if you unpluged something), so while it’s killed you can’t get backdoored through that one thing (that doesn’t mean that you’re 100% safe), but if you ever got attacked but closed the potential backdoor there is a chance that the attacker offered himself some other opening in your system.
If someone was currently remotely connected to your computer, and you flipped the killswitch, they would lose their connection and stop being able to do anything for the moment. But depending on what they managed to install on your computer in the time they had access, it’s possible they would be able to return to their attack as soon as you turned the killswitch back off. The killswitch wouldn’t remove any malicious software they managed to install.