this post was submitted on 09 Aug 2023
74 points (95.1% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54577 readers
329 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Depends on your threat model.
A air gap system is the gold standard.
A virtual machine is a reasonable middle ground, and of course you cut the network access.
Qubes lets you do both but it sacrifices some performance.
A word of caution about dual booting systems: if something is running on the computer, it in theory has full access to everything attached to that computer, including unmounted drives, encrypted drives, even BIOS. There are Trojans that install themselves in the boot partition, and it's possible an infected operating system could infect the non-infected operating system next time you boot.
Trojans that install themselves into the MBR will just screw up your boot process on a UEFI system and vice versa. Also, if you don't use a default bootloader, you'll definitely notice something on a UEFI system if it tries to delete all other bootloaders.
On BIOS systems however, it gets a little tricky, since it just blindly reads the first few sectors, without respect to what you "set" as the default, so that Trojan could just add itself and move everything over a bit, and you can't tell. See the Michelangelo MBR virus. It wiped your drive on March 6 of any year.
On a UEFI system, the best it could do is replace the Microsoft bootloader, and that would trip Secure Boot, which is enabled by default. Even then you don't need to directly modify sectors or format your drive, you can just replace the bootloader.
Agreed it's rare. But it exists, Moon bounce, Mosaic regressor, so if you're trying to segment things you should just remove the drives and not worry about it.
Threat model is just trying to lower the chances of infecting the main drive even if stuff like games or software are from a "trusted source".
Aside from getting an enitely separate system dedicated to just running pirated games which is expensive to do.
Unmounted drives in case of dual booting still leading to infections is what made me wonder about installing an OS entirely on the external SSD and physically unplugging other drives. Of course, as you said bios is still a risk. But, more just trying to lessen chances from trusted game sources by not installing right away from release to see if anything happens to other people the first couple of weeks. And just wishing to not intermingle the two environments.
If your computer has a TPM, and secure boot, you could reasonably swap out your data drives. So you have one drive for your untrusted programs and one drive for your trusted programs. Never put them in the computer at the same time together. And that would cover a lot of the risk surface.
If you have any connected peripherals that have data storage, like fancy monitors that have a boot drive attached, or programmable keyboards, or anything like that, those are potential vectors to cross contaminate. So don't plug those into the system with the untrusted programs