Securing Windows 10

How to make a Windows 10 VM secure with a Linux host

Simple! Restrict all intarwebs access to everything that you don’t absolutely need:

  1. run virtualbox with the vboxusers group:

    sudo -g vboxusers virtualbox
  2. allow access to the site you want:
    sudo iptables -A OUTPUT -m owner --gid-owner vboxusers -d [ip address] -j ACCEPT
  3. block everything else:
    sudo iptables -A OUTPUT -m owner --gid-owner vboxusers -j DROP
  4. In windows you’ll need to edit c:\windows\system32\drivers\etc\hosts to
    add an entry for the sites you want, since DNS won’t work. Or you could
    look at allowing DNS. But I wouldn’t.

If you follow these simple steps, you never have to worry about your testing VM reporting everything you do back to Microsoft.

For extra security, i recommend disconnecting the virtual network cable before you close the VM. That way if you accidentally start it without the vboxusers group it still won’t be able to access the internet.

If you’re running windows on bare metal in 2015 I have no advice for you, you deserve whatever happens.

Leave a Reply