So usually I need to download and install soft within the template, but with Windows if I do so I may run into compromising my template, isn’t? Because with linux template I don’t execute the software when I install it within the template, but in Windows I do?
Also, can I somehow resize my Windows qube instead of changing it’s resolution each time? And is it ok that everytime I launch and application it goes through all the booting process again?
From my perspective, the scenarios are more complex than they may seem. Answering everything by explaining things in detail may not be the most optimal thing to do right now - I’ll try to keep things simple.
There’s already a document in the Qubes User Documentation that covers installation security in the context of Qubes OS iso image verification, but that section could well be applied to other software.
It’s up to the user to trust the upstream developer, preferably through similar means of verification.
Furthermore, installing software may also install and enable an appropriate system service, which, in turn, makes some software run. It could, for instance, be an autoupdater from an upstream developer or a daemon that listens in the background.
Yeah, I agree, and I’m aware of that article in the documentation, thanks, but I don’t understand what I’m supposed to do, because in linux’s template I can install softA and softB and use appVM for softA and appVM for softB and be happy. In windows it doesn’t work like that? Like I’m already compromising the template and kinda ruin the whole idea of compartmentalization(I’m gonna break my tongue one day 
)
I also can’t resize it… I mean I tried to use internal display settings to set a window size, but after reboot resolution is what I set, but the window is not and it breaks layout and I just need to go for this procedure again.
Why not?
If you don’t use a package manager that handles verification via PKI or at the very least via digests, you can do the verification yourself, then install such a package in a template, and, if applicable, set it up to make sure it doesn’t update automatically (so the updates will be handled manually, and new versions verified manually as well).
Most likely, the setting responsible for this is stored in a template’s root volume (somewhere in Windows Registry, perhaps), rather than in user profile in Windows-based qubes’ private volumes.