Mark Dain I have a crazy idea. Could you run a light OS that has just enough to run a VM which is your actual OS; You use the guest for everything. - The guest needs no special drivers; hardware like Wi-Fi is abstracted away to Ethernet. - You have a "hardware" firewall that malware can't disable; NAT in the VM and/or iptables on host. - You can encrypt the VM's disk if you want/need to. - The host has no services & almost no programs so virtually all infections should be contained to a VM you can roll back to a healthy snapshot. - The host almost never needs to be updated; you can't break your computer in a way you can't recover from.

😀 Tom I'm trying Linux Mint and using different VMs as workspaces. I think it's a very good idea. I just wish I had more RAM now. So far I haven't run into any problems, but I haven't really been focused on doing too much with it right now (mainly focused on my job currently).

Mark Dain Oh that's neat! Could you share how you set this up?

😀 Tom Just a basic set-up: Boot up to an encrypted Mint install which connects to a VPN. Have VirtualBox with other VMs for different purposes. For example, I'm typing this in one that I just use for Gmail, FB, and Sublevel. I have another one for general web browsing where I won't log into any services. I have one that runs Win for when I have to use Office or Adobe software. I have one with no virtual hdd; just a live cd that I can spin up (not foolproof - host machine could see it, and SWAP). Shared folders and clipboard, and it can be run in full-screen for a seamless experience. I'll probably make an encrypted one for finances.

Mark Dain Second time posting this (I hate 3G): that sounds really awesome! I'd feel a lot safer knowing my web browsing is contained as most infections come from the web, right? What do you do for the guest OS?

😀 Tom Linux Mint as well. I'm not a security researcher, handling Bitcoins, or anything else really sensitive, so I'm not too worried about my exposure. I feel like this set up is more than adequate for my needs, and it works pretty nicely. It does seperate my browser sessions so any xss attacks or whatever don't do any major damage.