PC protection - temporarily block updates to C-drive (windows pc)
Despite using various pc security measures (av, noscript, ublock-origin etc), during a web browsing session I recently found adware had been installed that displayed a new icon in my system tray. Being windows, I assume the code was inserted somewhere on the C-drive (ProgramFiles or Registry or whatever).
To protect my C drive during a specific browsing session (say a couple of hours where I visit unfamiliar web sites), I thought of doing both of the following:
(1) Install and run a Portable browser (Firefox portable) on my E-drive, and
(2) Block any updates by the browser to my C-drive during that session.
Is there a simple way to effect the second step - temporarily block the portable browser from updating the C-drive?
If not possible, then alternatively, is there a way to black ALL apps from updating the C-drive during that session?
Note that I am aware that Image Backups and Restore Points can be deployed as retrospective fixes, but want to explore explicit protection of the C-drive.
Just running a portable app from a different drive is no protection at all. The only practical diff between a portable and an installable application is the latter - you don't have to install it. This means nothing gets changed in your drive or registry, but there's no security layer or buffer of any sort between the app and the OS.
Two options that actually can protect you:
- Get VirtualBox and create a Linux VM. Zorin's targeted to Windows users, and I've been told they succeeded, it's apparently very easy to grasp.
- Browser sandboxing
The security of a browser sandbox depends on various factors, including human ones (who'd ever print or download anything from the internet), and even the best security measures will sooner or later break. Virtual machine is an independent entity using virtual memory and drives, entirely separated from the host OS. The only way for anything in a VM to access the host is to exclusively configure it to allow access.
When hosts's RAM and CPU capabilities are limited, best way to run a Linux VM is using a lightweight distro designed to be run from USB. Examples would be MX Linux, Linux Lite, Peppermint, Porteus, Puppy, Knoppix... you could even LFS to build your own LFS that has only enough components to connect to network and run a browser :-)
The RAM utilization of course depends on the browser. I did a quick test with BunsenLabs VM. Four tabs open, one playing Youtube video. FFox ~1.5GB, Qutebrowser ~1.3GB, Vivaldi ~1.2GB. Disabling services you don't need and keeping unnecessary processes from starting also takes down the VM:s memory footprint.
Some operating systems like MacOS, when booted can reopen all applications that were open when it was shut down. This capability is now also available with Windows.
Shutting down a VM isn't always even necessary - any virtualization platform can save the state of the machine. When the VM is restored from saved state it will become available in exactly the condition it was in when it was saved. If you save the VM September 15th at 15:03 and restore it two weeks later, the VM:s time will be Sept 15 15:03, until it syncs with a timesource.
That can lead to some surprises. Just yesterday I got in a Windows VM notification that Firefox update is available. I downloaded it but install failed because in the VM:s point of view the date of the update file was in the future :-)