Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Browsing safely the Web from Linux on a VM after Windows 7 EOL

    Posted on OscarCP Comment on the AskWoody Lounge

    Home Forums AskWoody support Other platforms – for Windows wonks Linux for Windows wonks Browsing safely the Web from Linux on a VM after Windows 7 EOL

    This topic contains 19 replies, has 9 voices, and was last updated by  anonymous 1 month ago.

    • Author
      Posts
    • #225432 Reply

      OscarCP
      AskWoody Lounger

      I have Windows 7 Pro, SP1, x64 installed on a PC ca. 2011 with 8 GB of RAM and 750 GB HD, of which some 250 GB are still free. The PC has been patched thoroughly, Group B-style, to date, and shall continue to be patched in this way until the January 2020 EOL of the OS, or any time after that that MS decides to release patches, as it has done now and then for Windows xp.

      After the Win 7 EOL, and probably much earlier than that, I would like to run Linux on this PC from a virtual machine.

      When doing that, and particularly after the Windows 7 EOL:

      (a) Shall it be safe enough for me to browse the Internet from inside the Linux on a VM, or shall I be as vulnerable as if I did it directly from the, by then, no longer being patched Win 7 OS?

      (b) Would it help if I installed a good anti malware application for Linux also on the VM?

      (c) And how about emailing?

      Thanks in advance for any useful replies someone might choose to post in answer to this set of related questions.

    • #225446 Reply

      PKCano
      AskWoody MVP

      If you are running Win7 as the Host OS, it is still connected to the Internet in the same way any PC is if you are using it without browsing the Internet or dong email. Any time you turn on the PC and see the Network Icon active in the taskbar tray, you are connected to the Internet (even when you are not browsing or doing email.) In other words, It’s like you were using the PC only for Office programs, say. So even you are not using the Internet “directly,” your PC is still exposed to it. So you have to continue to run anti-virus/firewall software on the Win7 Host.

      The virtualization software you use provides a way for the Guest OS to use the computer’s hardware. For the Internet connection the virtualization software basically supplies a compatible driver and sets up a shared network connection for the Guest.  If you turn off the Ethernet card in the Host, the Guest also loses connections. For the Guest, you will need whatever security measures you would have if it were a stand alone computer.

      In your situation, where you need Win7 to run specific programs, it would be safer to run the Linux as the Host and the Win7 as the Guest OS. That way, your active browsing and email are done on the Linux Host, and you crank up the Win7 VM to do whatever you need without direct use of the Internet.

      I think the first thing you would need is to start using Linux, so you have a knowledge about that OS. You could set it up as a VM either on the Win7 or on the Mac. That way you would gain experience with VMs so you could learn what they are and do. You won’t gain a working knowledge of either by just asking questions.

       

      5 users thanked author for this post.
    • #225459 Reply

      johnf
      AskWoody Lounger

      1) Backup your PC before doing anything

      2) You can dual boot (there are instructions on the web on how to install Linux for dual boot). The easiest way to do that is to buy a second hard drive (you can get an SSD 250 gig drive cheap), and install Linux on the new drive. This lessens the risk, and you get better performance with a real install vs a VM.

      3) Disable the NIC card  in Windows.

      4) You can enable internet access in Linux, but that does not mean you will be 100% safe. You should download Clam, and Clam-TK (the gui to Clam, which is a free antivirus) off of your Disto’s repositories. You don’t have to scan often, this is more for making sure files you get or give to others aren’t infected. Linux by design is difficult to infect unless you allow it.

      Then, use No Script as well as UBlock Origin for ad blocking in your browser.

      5) Practice  safe browsing (don’t go to sites that are likely to have nasties, like Porn sites or Russian music sites). Don’t open up holes in your firewall by using file sharing programs (speaking of firewalls, make sure your firewall is activated). Don’t install PPA’s or other programs not in your Distro repositories, unless you’re SURE they are safe (it’s safe to install Openoffice if you’re going to the actual website, for example).

      6) Install patches …you may want to use Timeshift or equivalent (it backs up your OS, similar to System Restore in Windows) before you patch. You can patch at your pleasure but don’t wait too long.

      7) Don’t run as root (use Sudo, or get out of root as soon as you can).

      8) Emailing…Web emails (Google, Yahoo, Hotmail) work fine, for the most part. You may want to have a couple of browsers (I have Chrominum, Google and Pale Moon/Waterfox  installed…don’t like what Firefox is doing lately). If you need  local pop email, use Thunderbird, it’s stable and works fine.

      9) Linux…you didn’t mention what distro. For new users, I recommend Manjaro (XFCE), Linux Mint (Cinnamon), MX 17 (XFCE) or Linux Lite (XFCE).

      • This reply was modified 1 month ago by  johnf.
      • This reply was modified 1 month ago by  johnf.
      • This reply was modified 1 month ago by  johnf.
      2 users thanked author for this post.
    • #225474 Reply

      Microfix
      AskWoody MVP

      @oscarcp, I would highly recommend, as @pkcano has suggested, having your choice of Linux distro as the Host OS and Windows 7 as your Guest OS. The beauty in doing this is, you can actually isolate Windows 7 from the Internet at EOL or any time, through the Virtual Machine (VM) and still use it for Windows programs. Then using a Linux email client can deal with your emails further down the progress line (it’s the best of both worlds on a PC)

      If you are not experienced with setting up or using Linux, I would also suggest that you look at mainstream distro’s either Linux Mint, Ubuntu derivatives or Manjaro (as they have a good active support forums where you can get answers quickly)
      First of all though, you need to establish which ‘type’ of Linux you like.
      Only you can decide and there are LOTS of different distro’s out there but, for starters, here is a great resource for browsing through distro’s: Distrowatch to do some research.

      When you decide on one to try, you can download it, check the ISO hash/ checksums against the authors website then assuming everything is good, flash to a USB stick or burn to a CD.

      You can actually try these without making ANY changes to your current system by booting from either the USB stick or CD, just to get a feel of the distro you have chosen.

      Security wise with Linux, 1st turn on the firewall then you can install from the repositories an AV as suggested by @johnf and also anti-malware (chrootkit/ rkhunter) to protect your host OS.

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
        No problem can be solved from the same level of consciousness that created IT - AE
    • #225512 Reply

      OscarCP
      AskWoody Lounger

      I thank all of you for your detailed answers, which I hope will be really helpful to those that might want to visit this thread in the future.

      Unfortunately, I prefer to have Windows 7 as the host and install Linux on a VM, simply because, unlike other people, I am severely allergic to messing around with the OS and, most particularly, with the UEFI, but still would like to continue to get as much out of my old Windows PC as I can, for the rest of its natural life.

      I am not new to Linux (and FreeBSD), something that has given me a big leg up when I started using a Mac last year, as its OS under the hood is a variant of FreeBSD, a fraternal twin of Linux. I just don’t want to mess around with the OS that is already running on the Windows machine or with that PC’s UEFI. So it looks like I might do something I believe PKCano and some other here might be doing, and install Linux on a VM on my Mac, and use the Windows PC only for doing all the not-online things I need it for.

       

       

      • #225519 Reply

        EP
        AskWoody Lounger

        you need to be using a 64bit Win7 as a 32bit/x86 version of Win7 may not work on UEFI based systems

        • This reply was modified 1 month ago by  EP.
        • This reply was modified 1 month ago by  EP.
        1 user thanked author for this post.
        • #225598 Reply

          Ascaris
          AskWoody MVP

          The host computer may have UEFI, but that does not mean the guest machine does.  In Virtualbox, there’s a checkbox for UEFI mode (listed as experimental in the UI), and if it’s not checked, it uses a BIOS (legacy) boot regardless of the configuration of the host PC.  Checking or unchecking the box after the OS is installed in the guest will almost certainly result in the guest OS being unbootable, so if you wish to use this option, do it during initial setup before the OS is installed.

          Virtualbox has 32 bit and 64 bit VMs that can be created on a 64-bit host.  To create a 64-bit guest, the host PC has to be 64-bit and support Intel or AMD virtualization extensions.  The 32-bit VMs don’t require the VM extensions, but they will perform worse without them.

          Other VM packages may vary, of course.

           

          Group L (Linux): KDE Neon User Edition 5.14.3 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

    • #225571 Reply

      planet
      AskWoody Lounger

      Curious, if you are dual booting windows 7 and Linux, why would you need to disable the NIC in Windows? Is it to avoid accidental internet connection when logging into Windows from Linux? I only use a wired connection and pull it when computer is sleeping.

      Group L (Linux Mint 19)
      Dual Boot with Win 7
      Former
      Group B Win 7 64 bit

      • #225652 Reply

        johnf
        AskWoody Lounger

        Re: Dual Boot

        Oscar had asked if he could use a Linux VM to browse, while keeping his Windows 7 system off the internet. I’m not sure you can do that using a VM, so I suggested using a second hard drive (easier to install linux into , instead of having to shrink your current partition) and dual boot.

        So, he would have a disabled NIC card when he booted into windows, and the same card would be enabled when he booted into Linux, which should fill his requirements. In addition, he could use the Linux boot to help repair his windows side, should that get borked (though I supposed a Linux rescue usb would work as well…)

        To be clear, this is NOT using a VM, so you wouldn’t be “logging into Windows” from Linux. This would be booting up the PC via dual boot, so if you chose Linux, you could “look” into the PC partition, but you couldn’t log into it. You’re booting either Linux or Windows, not both.

         

        • This reply was modified 1 month ago by  johnf.
    • #225587 Reply

      Paul T
      AskWoody MVP

      Why run Linux in a VM? If it’s an old PC just run Linux direct, or run W7 and make regular image backups that you can restore if something goes awry.

      cheers, Paul

      • #225600 Reply

        Ascaris
        AskWoody MVP

        I read about a Windows program that gives you some of the security benefits of running in a VM, but on native Windows.  It was in one of those “antivirus round-ups” that various sites or publications like to do.  The idea is that the PC would be booted as normal, then be used for as long as you wished before being rebooted.  The next time it was booted up, it would be restored to be exactly the same as it was the last time it was booted– so any malware that had infected the PC would be removed, along with any non malware-related breakage that may have occurred.  Any files the person had saved would also be deleted, so it would be a good match for a cloud drive of whatever flavor.  You could also use a drive that isn’t subject to the rollback, but there’s the possibility of malware hiding there at the same time.

        If the user wants to make a permanent change, such as installing a new program, they can have the software set the new configuration as the reference point instead of rolling back.  Naturally, it would be safest to roll it back immediately before installing the new program, then immediately set that as the reference point.  Once that was done, any future rollbacks would be to that new reference point.

        The article said that in their tests, the rollbacks were effective in reverting the deliberate malware infections the tester/author had put in there.

        If it is indeed reliable, a program like this would be a great match for a Windows 7 post-support.  Any malware, known or unknown, would be removed, possibly before the PC owner/user was even aware of it.

        Does anyone remember the name of the product from the description, by any chance?  I wish I remembered more product names to go along with the descriptions, but this was several years ago.

         

        Group L (Linux): KDE Neon User Edition 5.14.3 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

        1 user thanked author for this post.
    • #225630 Reply

      anonymous

      From: YP ; Old unix user for 10 years, back 18 years ago.

      Systems: Group B Win7 starter, home, pro; chrome book

      I’ve had my chrome book for a couple of years now and I really like it.  In September, I finally installed Ubuntu 14 (testy) on my chrome book.  The nice thing about chrome books is that you can have both OS on the same system.  I believe both OS is running side by side and is not a VM.  Anyways, I’ve been using Libreoffice and wine to use portable windows application.   Even with previous experience with Ubuntu in live boot, it was still a rough learning curve.  My personal opinion: As a user, Linux is not that hard to get use to; however, as a system admin, it is quite different from windows.  To add applications is not the easiest.  I found that I had to search online to find correct depositories to get the specific version of Libreoffice.  I’m pretty happy with my current set-up.

      Where am I going with this?  Well, I have my eyes on the lastest mid to high end chrome books.  In theory, you can run native Linux apps in native mode, which is what wine does.   I’m thinking that I can install virtual box on it also.  I’ll probably get myself a refurbish win10 machine sometime late next year.  My personal road map and saying good-bye to windoes BS!  BTW, I don’t agree with comments about chrome/google spying on you.  Myself, I use DuckDuckgo for search, ublock and umatric.  I have 1 account for my chrome book in which I turn off location history, etc.  Yes, google get some info but not a lot.  At least that’s what I think.

      1 user thanked author for this post.
      • #225711 Reply

        OscarCP
        AskWoody Lounger

        Anonymous ( #225630 ) you have written:

        In September, I finally installed Ubuntu 14 (testy) on my chrome book.  The nice thing about chrome books is that you can have both OS on the same system.

        This sounds interesting. Could you explain it a bit further?

        For example: do you mean to say that this is not the same as when installing Ubuntu in “dual boot” with Windows, that require making modifications to the BIOS or UEFI as well as partitioning the hard disk differently, but something simpler and more direct than that? If so, what is it like? For example, is installing Ubuntu (or some other Linux distro?) on a Chrome notebook the same as installing just another application on the native Chrome OS?

        Or something else altogether?

        Thanks.

         

        • #225716 Reply

          OscarCP
          AskWoody Lounger

          I am adding this writing to my previous entry, because, having just looked up on the Web this issue of running Ubuntu  on Chrome, I also found something I had not looked up previously: that all the Chromebooks have, it seems, only these tiny sub-13 inch screens. That is also the size of the screen of what might be the priciest of the lot, at well over 1000$, Google’s Pixelbook, an otherwise reasonably equipped higher-endish machine under the hood.

          And the cheaper ones come with tiny hard disks (by today standards). So they do not impress me as particularly useful or convenient for serious computer work. Maybe good enough for the consumer mass market, which seem mainly design to satisfy… except for those tiny screens. Why would anyone bother to buy a laptop with such a small screen? Because it is larger than a cellphone’s screen? Well, OK, there is that.

          • #225726 Reply

            Ascaris
            AskWoody MVP

            I’ve seen larger Chromebooks than that.

            As far as “serious computer work,” it all depends on what you mean by that.  Chromebooks are not meant to be full-functioned general purpose computers.  They’re a quick and easy way to get someone on the web with Chrome.  That’s all many people need, and for that role, they’re a lot less of a hassle than a Windows PC.  Why put up with all of these problems we discuss here in Windows 10 if all you want is a browser on wheels?  That’s the target market of Chromebooks.

            Chromebooks have their own firmware too.  It’s meant to be used with ChromeOS, and it’s customized for that purpose.

            You don’t need to be so afraid of UEFI.  It’s just BIOS updated to a more modern technological standard.  A lot of people speak of it as if it was some demonic thing that exists to wreck your day, but it’s not.  Unless the PC in question uses a particularly buggy or otherwise defective implementation (which would mess you up in any case, even if it was not UEFI), it’s not some can of worms that can’t be figured out.  I’ve used various implementations of it on Sandy Bridge, Ivy Bridge, Braswell, Kaby Lake, and Apollo Lake, and it’s never been a problem.  It’s a little bit more involved in some areas (depending on the implementation), but ultimately, any problems you have are fixable, and once they are fixed, you can just forget about it and use the device from then on.

            Of course, if you wish to avoid it, that’s your prerogative, but you’re limiting a lot of your options for fear of a problem that has not even happened and may not ever happen.

            Group L (Linux): KDE Neon User Edition 5.14.3 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

            2 users thanked author for this post.
            • #225832 Reply

              OscarCP
              AskWoody Lounger

              Thanks, Ascaris. As to:

              You don’t need to be so afraid of UEFI.  It’s just BIOS updated to a more modern technological standard.

              See, the problem with me, on this particular, at least, is that I am equal-opportunity allergic to fiddling with any firmware that, among other things, pulls in the OS to start the show, so to speak, and that could be extremely bad (again, for me) to mess up, be its name UEFI or BIOS. Never in my, by now really quite long life, I have done anything of the sort and yet, surprisingly perhaps, here I am. So I much rather wouldn’t start now… and that’s the long and the short of it.

              As to the size of the disk and the screen: besides doing things on the Web (but not on the Web as “Cloud”, except for using the AV for malware scans and using search engines to find out things both technical and not quite so, but I think I need) I do a lot of rather large and complex software development and much of it from the command line, be it DOS or Linux/FreeBSD/macOS/Unix. It involves reading, writing and manipulating large files  (GB-class, some times) and up to an hour of number crunching and IO. That is, at least in my, as you probably know by now, not very humble opinion, what I consider to be “serious computing.”

              But I also must thank you for explaining and so making it clear something I don’t remember has come up at Woody’s (or if it has, I missed it): the patching and upgrading of Ubuntu and Mint.

    • #225793 Reply

      anonymous

      From:@YP

      OscarCP, Chrome books has a “linux” kernel. In developer mode, you can install Ubuntu versions, up to the latest. Once linux is installed:

      – boot into chrome OS
      – open up a shell window, type 2 commands and you are on the linux side.
      – roughly speaking, you swap windows for chrome or linux side

      I bought my low end chrome book, 14″ refurbish for <$150 including tax. It only has 16Gb SSD. I put in a 128Gb SD class 10 for all my files; I don’t use google drive much. I’m not a cloud person. With chrome OS + Ubuntu V14, I have about 5-6Gb left on the SSD, which is not a lot compare to PC or Mac. However, a lot of users, use their PC for web surfing, online stuff, and a handful of windows applications. This is where I think the chrome book shines. Personally, I will always have a window machine around for usage; I definitely will keep my Win7 as long as possible and bite the bullet for a win10. Myself, the only windows apps I use are gimp, avidemux (basically picture & video editing), Libreoffice, and windows utility programs. So basically, my current chrome book allows me to do most of what I want. I don’t have to hassle with windoes updates. Also, people who want to migrate to linux, hoping to avoid windows hassles, should really try linux first. My understanding is Linux Mint does not allow you to upgrade to higher version; you have to install a new version. Ubuntu, in theory allows you to upgrade to higher version.

      Additionally, 13″ screen is really not that small. I find on my 14″, all the text on the browser in less than 14″. In summary, chrome book is not for everybody. One needs to see how they really work on their machines. I think you will find more than 50% of the time is spend using a browser.

      Sorry for long post, I’ve read your postings and I really appreciate your no nonsense comments.

      2 users thanked author for this post.
      • #225813 Reply

        Ascaris
        AskWoody MVP

        My understanding is Linux Mint does not allow you to upgrade to higher version; you have to install a new version.

        Mint upgrades are possible most of the time.  The minor updates (18.2 to 18.3, for example) can be done from the Mint Updater by selecting the option that will appear to upgrade to the newer version.

        Updates that change a full version number (18.3 to 19, for example) are more involved, but they are usually possible.  One that was not possible was when the KDE version of Mint was upgraded from KDE 4 to KDE Plasma 5, which apparently was too much of a change for an upgrade to work.

        Full number upgrades in Mint (which change the package base from one Ubuntu LTS base to the next) use the command line, and Mint devs warn that it is not a process that beginners should be performing. Their site gives step by step instructions on how to do it, and you can usually just copy and paste the commands they give and it will work quite well.  Sometimes there is a package dependency issue or a failure to install something that the upgrade program can’t fix, and that’s when the beginner would be in trouble.

        I’ve upgraded Mint from 17.3 to 18 and 18.3 to 19, and they all worked perfectly afterwards.  I did have a few dependency issues to correct during 17.3 to 18 upgrade on one of my PCs, but it wasn’t too hard to fix.  Back then, I did not have a great deal of Linux experience, but I did with Windows, so while I didn’t know offhand how to fix the issues when they occurred, I was able to understand (generally) what the error messages were telling me, so I was able to figure it out, with the help of whatever search engine I was using then.

        Group L (Linux): KDE Neon User Edition 5.14.3 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

        3 users thanked author for this post.
    • #225853 Reply

      anonymous

      From:@YP

      Thanks Ascaris for the info regarding Mint version upgrades, I only did cursory look at various distributions.  I had tried Mint, which I do like before settling on Ubuntu for testing/tryout.  Also, Ubuntu is what I can install on my chrome book and allows me to test Linux in native mode, instead of using VM.  I was able to try unity desktop and xcfe, which I’m feeling comfortable with.

      I have read your postings also, and I do appreciate you sharing your knowledge.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Browsing safely the Web from Linux on a VM after Windows 7 EOL

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.