The only need I have for Windows (or OSX) these days is for video editing or serious work in Photoshop etc.
For this its actually ideal to be offline while working on projects like these, and I will always have another device running if I absolutely need to search for something related to those tasks.
Would a dual boot with Qubes where all connectivity is removed for Windows/OSX be as secure as a clean install?
Updates on the Windows/OSX partition would also then not be necessary, maybe once a year or less while wiping & reinstalling Qubes as well, that should be a good thing to make sure all the data there is truly portable anyway!
No, it’s not as secure as a clean install. Windows will have full access to unencrypted /boot partition of Qubes and can do anything with it. Also with BIOS. It’s basically the same as this, but no network for Windows. Why do you think it matters?
Maybe if you fully trust your current version of Windows, but not all future updates, it could make sense.
A good solution could be using Heads with Nitrokey/Librem Key to verify the BIOS and /boot every time.
So its possible for a worm to send info out without the partition from where it got in ever going online again?
It would have to send from the Qubes install on its own then. Sounds pretty advanced á la Stuxnet, but perhaps my thinking is off here, maybe that is standard fare these days?
I don’t think it’s a standart, but it’s definitely not as secure as a clean Qubes install – your original question. However it’s probably more secure than almost anything else
Part of the reason I’m wondering about these things is that I got a Lenovo T480 with 32Gb ram.
Since I can’t get coreboot running on that one anyway I’m thinking of using Qubes in a non-secure way where I segment off data only to manage fingerprinting when doing online marketing, managing servers and so on.
Might end up running a dual boot with Linux Mint on this one & keep the old X230 for server work, then eventually get around to install coreboot…
Sounds like you didn’t even bother to check out the links in my reply because if you did, you would quite easily understand the following:
One problem is that when you dual or multiboot, even if you are using encryption on your Qubes installation, /boot is still unprotected and could be maliciously modified by the other OS, possibly leading to Qubes itself being maliciously modified.
The other problem is firmware security - for example the other system could infect the BIOS firmware, which might enable compromise or spying on the Qubes system.
It would make sense for you to ask questions if you were actively trying to learn something, with some actual effort perhaps, but surely not in this fashion!
Or, considering all this information was already available and several questions about this very topic had already been made, you perhaps didn’t quite grasp the concept of the search button?
And by the way, I’m not paid to do anything here, I’m gifting you my free time. Sure glad to see it’s appreciated.
