hey so ok welcome to my rant …
i’m thinking about installing deep freeze on a windows hvm
hey so ok i’m thinking about installing deep freeze on a windows hvm
(and while this is not me asking for support i very much assume i’ll be spending some time here on this forum for it)
i’m looking into the matter and u know such action might seem a bit idk… pointless for most
but from my regard given the threat model i’m facing for which i’m using a security centric system such as qubes is such where…
ok you see my first priority is to make sure my files important documents and like aren’t leaked out that’s why i’m using different vm’s obviously and so on with a number of antivirus’s and protections
the thing is that i’m also working with… how to describe it… not so much “senstive” information but more so important information that should not be destroyed by for example malware ransomware or alike
and sure i keep backups and allways move files to my second drive but u get the point
i fear my files and my backups getting destroyed much more then leaked
that’s basically the threat model i’m facing
and at times i find it to be a good idea to start windows in safe mode so that ideally only the essential windows components startup and this obviously drastically reduces the risk of malware because simply put to pretend/get injected into a windows component is much much harder then to startup with the computer even fairly silently
antiviruses also fairly easily pickup on such viruses
so if i need to download an important sensitive file that was send over encrypt it/move to another storage/backup etc
it’s another step another safeguard
and that’s why i think deep freeze would be perfect for me that way i can make sure all the lesser so important encrypted usually files are safe and i don’t need to back them up every day
(since i care about my bakup protocol which involves 3 backups 1 of which is air tight and stored 20 mile 'ish about 30 kilometers for not americans… -which means taking a driver and…just annoying)
and when i do have to work with seriously important and sensitive information i can just reset everything and u know make sure there are no viruses
(well within reason i mean… not ideal but i can’t just get my self a fresh clean os i need tools and software to work with not to mention other files databases and so on)
sounds great right
i’m sure there are better different solutions security wise
but u know… take for example
hadware security module’s they’re fairly expensive and i don’t exactly have the budget right now
i’m getting a simple server rack with 2 “average” server blades for my application
(i mean right now i’m using a qubes laptop servers are still shipping)
less so networking power and more so computing power
but don’t worry about it the business i’m trying to start and so on… yes it requires a lot of security yes it’s related to crypto but no it’s not mining and… well long story short
but i mean listen yubico has a 650$ hsm but idk about the quality not as much my filed
it’s called yubihsm-2
Hardware security module - Wikipedia -obviously very usefull
i’m also looking for scalability
eventually i’ll have to hire security experts but as i said it’s not in the budget right now
and i’m not so much “cutting corners” but… u know looking for security (which is essential for my business-or more accurately the one i’m trying to start)
while not spending too much… qubes is free after all and eventually if works as promised and secure i’ll donate relative to my earnings to the project… i suggest u do as well it’s a nice project and i’m getting a lot of support)
u know i’d rather not spend thousands of dollars on hsm’s and looking for expensive security experts and… not to mention that to find quality workers it might be better to reorganize my business
(maybe to a american llc/… and equivalent such as a British ltd company that is if not to even go public but i doubt it’s a good idea a lot of bureaucracy costs regulations and… not to mention that i’m not yet profitable just starting small looking to grow in a untapped market
i guess we’ll see in the future don’t worry about that but yeah deep freeze is usually marketed to companies and the most usefull for such applications u know)
so say what do you think i got a bit out of subject
for you to understand better my threat model … yes i know i’m pretty vague about it
,it’s not as if i need competition in such a untapped market /for you to dig too deep…
is it better for me to use deepfreeze or maybe get a hsm for such things as securing encryption keys?
which is obviously not all that i need but you get what i mean
also yes… other then that i’m using this laptop to store and invest in crypto
while i do have a trezor hardware wallet but i still prefer leaving smaller sums in it and larger as fully encrypted with lots of backups and this is also another reason why i need such a secure system
but usually i just use a live usb with tails come’s with electrum wallet nstalled and ready to go so…
but just to be clear i know there are very limited applications for deepfreeze for when using qubes but i feel like i’m not the only one to find the idea interesting
i have some experience with deep freeze btw but i guess wish me luck trying to get it working on a qubes
and tell me what is it you people think?
are there other interesting applications u can think about for the software… is it a good idea?
also maybe implementing a similar system would be nice
AND I DEFINITIONALLY NOT MEAN DISPOSABLE VM’S i mean disposables can be useful but… it’s very much different them having a full on workstation environment can can just very quickly and easily “lock”
personally think that such feature would be nice… i guess u can always clone/backup and then after moving sensitive files/… to a different vm restore the backup but this can be simplified and improved
idk maybe i’ll just do things this way
i’ll look into making deep freeze work
so… wish me luck