Hi
I have a windows computer and I have had reality hit me in the face when Windows requested to input the Bitlocker key which is I did not disable nor do I have a Microsoft ID.
My questions:
I know Bitlocker removes encryption on the computer drive. I do find encryption important to have on an electronic device. Is there a need to maintain the Bitlocker key?
I have heard that one can run Linux on Virtual Box. Are there any benefits or downsides to virtual box? Or it is better to just dual boot?
Quintessentially, what exactly do I need to do other than disabling Bitlocker so I do not have issues dual booting Linux?
If a device is unencrypted, is it true that someone can just remove the hard drive and be able to access the information on another device or there's a password as a barrier?
If I am to disable Bitlocker, I know Veracrypt for Windows and Linux's encryption version are available. How do I make sure that I encrypt the drives on windows and linux partitions?
Method 1: Not a concern at all
Method 2: Dont have or want Microsoft account, tried cmd and denied my access, all others are not applicable
Method 3: This is no different to just disabling Bitlocker because something is decrypted anyway
I am not the most keen neither do i think it applies to me about using iBoySoft, Passware, Bitcracker.
Before i wrote this question, i have already got out of Bitlock issue and had windows 11 installed so this is the context.
So you can access Windows then? If so good. In respect of encryption I would advise against it whether it be Bitlocker in Windows or LUKS in GNU/Linux. Many years ago I took heed of the warning given by SuSE Linux 9.3 Professional that I purchased. It warned that if encryption is enabled it can lead to permanent loss of Data. Your best method of keeping data secure is on a thumb drive or external hard drive. I have personal experience of Data being unrecoverable after I had been asked by my manager to make her Business Officer's data secure. Two days after encryption the OS went south. Fortunately only one day's work was lost as Business Officer had the sense to back all her data up.
Yeah I even took it a step further and switched to Windows 10. Was quite a hassle.
Given your stories and experiences, i guess the most important thing is to always backup your files and literally save everything on a cloud server like nextcloud or USB/Hard Drive.
As for question 2, i am trying out Zorin on Virtual Box to have a feel and everything. I am incredibly impressed. Very easy on the eye and incredible functionality. However Virtual Box is slower.
For question 3, i disabled Secure Boot and Fast Startup alongside Bitlocker. Anything else?
For questions 1 & 5, are you essentially that while device encryption is secure and all, it causes numerous problems especially with different operating systems?
If it is true that someone can just access an unencrypted device, are you saying that passwords on a particular local account is useless against those types of situations?
Let's say I don't encrypt the computer drive. That's not a problem. I believe there are good cloud servers that can encrypt a file on Zorin and Windows (like Nextcloud, Owncloud etc). Thoughts?
No, sadly - another poster asked the same question and Ext4 is no longer supported in the cloud in terms of system backups but you can upload critical files to the cloud. My personal preference is for murena.io which I have paid just over £16 this year for 20 Gb of storage. I have about 9 Tb of offline storage so only stuff I need to share with others that is not critical to me goes up there.
Your best line of defence is to firstly when you install, the username you provide should be an admin account - give a username of your choice. Then for yourself, make yourself a standard user. Whenever you then need to install apps or updates to the system you will be asked for the admin account password to elevate you to root. Other things to do are to install ClamAV to scan emails. Don't activate or rather de-activate the PUA (Potentially Unwanted Applications) as it is broken in both GNU/Linux (GNU is the OS and Linux is the kernel) and Windows versions.
You should also install both rkhunter and chkrootkit - these scan your system for potential rootkits. If adding other users apart from yourself, make sure they are also 'standard' users. This is similar to Windows where you have to use 'Run as ...
Administrator'. Don't share the root password with other Standard Users if you want to ensure that your system is secure. Also don't install 3rd Party PPA's, stick to .deb files. To prevent bloatware, remove snaps and flatpak - they cause more trouble than they are worth, as do App Images. Use Synaptic Package Manager to Install software - much better than Gnome Software Centre (Software in Zorin) - a bit like the rubbish Store in Windows 10. In terms of what you have done for booting, disabling fast boot is good. If your BIOS has the option for mixed 'Legacy/UEFI' mode, the better. In terms of other things to be taken care of, you need to go into the hidden 'Power' settings of Windows and disable the item which states against the hard drive to enable 'sleep' - turn it off to 'never' - this is another element that stops you booting into anything else other than windows. When you turn Windows off, the hard drive is never turned off for quicker boot times. You will need to use Windows Disk Management to shrink your C:\ drive to make room for Zorin. If you still have problems installing and Windows 10 install is using MBR if there are 4 primary partitions already on the drive (this is what manufacturers do, from experience of an HP Mini Netbook - A FAT32 at start of drive which contains critical driver files for the OS, the C:\ drive then 2 at the end, normally for creation of recovery media or factory reset - these are all usually marked as Primary so you may need to delete one of them if this is the case.
In terms of Virtual Box it is very clunky. I no longer use Zorin as my daily go to but for a new person migrating to GNU/Linux it is ideal. I used Feren OS during the start of lockdown and then moved to my current preferred more secure Linux, Devuan 3. Inside of that I use Virt-Manager and have Windows 8.1 Pro 32-bit - I only had it in order to access a shared mailbox that I could not configure in Evolution but had no issues configuring my personal Outlook365 account in Evolution which unlike the Web version of Outlook meant I got sound notification of new e-mails. The other item I needed Windows 8.1 was for a Braille Translation program, Braille Blaster - the Linux version worked well under Feren OS but then as they released newer Linux versions it was dependent on a package that only was present in 'mainstream' Linux. The only other item was a Whiteboard application I had to run on Windows (the Linux version was broken and I informed them about it as it was built on Ubuntu 16.04 which ended support in 2021!). I used Remmina Remote to access work's secure website to access the shared server - one login with Remmina Remote - 3 logins under Windows.
If you want a more indepth look at Zorin, I wrote the unofficial manual for Zorin 15 - there are only a slight few changes. The Manual I should add is for Core, not Lite.
Please be aware it takes time to load when viewing in a Browser as it is nearly 70 Mb in size and over 180 pages long.
I just think it is prudent to store critical personal information offline. I don't use Internet Banking and I have got rid of Credit Card apps. I just ring my bank about any transactions I need to make like paying off Bills. Research a few years back by a Consumer Watchdog found that the most secure online banking was only 85% secure - for me something like that would have to be 100% secure. Sure I will use the Browser for Shopping when needed but other than that I don't store personal information about me or anyone else. Always backup data off-line (no internet) as ransomware attackers can now identify the make and model of external storage devices to encrypt and attack).
View this very informative video on security in this post I made:
Based on my experience, I can tell you that the biggest advantage of using virtual box is that even if it fails, it will not harm the host system. You can directly delete the virtual machine file and continue the experiment. The disadvantage is that its performance is very poor and it is virtual after all. All will encounter some additional errors that would not have occurred during a normal installation (I have not tried dual-booting, but it is much better than a virtual machine in terms of operating performance)
That's what I use, as well. Do you have the Murena Teracube 2e Emerald phone? I keep all my personal files on a USB stick, separate from the OS. I then zip it and store it on two separate external spinning-rust drives as backup, and I zip and encrypt it, then forward it to murena.io, so it's accessible from both my computer and phone, and I then download it to my phone and decrypt the zip file, so I can browse the files within the zip file and extract only the files I need, when I need them.
No I have the Fairphone 3+ in which I added max micro SD Card with dual function so I can take it out and put in micro-SD card adapter. My main use for murena cloud storage is to share working practices and training materials for people providing resources for low/no vision students, very little personal stuff. My main backup are rusty external drives (9 Tb in total) spread over 4 drives.
Are you trying to say that Cloud servers like Nextcloud, Tersorit, Mega.Nz, and others are incompatible to backup the files and docs of a Linux system because the main drives on Linux is ext4?
I agree with you having backups offline and that the online cyber space has its own challenges. I prefer to have both options available for extra buffering.
Heck I wouldn't mind even buying another hard drive.
As for the video:
This is what I learnt
Firewall. I have seen that Zorin installs a firewall but it's not on by default. Do you have any insight to the quality of the firewall on Zorin? Additionally, are there tips for me to use the firewall on Zorin OS effectively? I understand fail2ban helps detect intrusive activity and simply blocks it out. So the question remains how good is Zorin OS firewall?
OS Level. Prioritizing repositories. I get why that can be a good thing security-wise
Application Level. Used to sandbox and limit access to certain areas and components of a device. SELinux and AppArmor. Did Zorin do anything to address security at an application level? Or I may have to consider these tools?
Use Synaptic Package Manager to download the apps I would need? What's that? May I ask why do you think apps downloaded from Snap and flatpak are bloated or not secure enough?