@oxbird I love the idea. I really wish I knew more about Linux networking to make something like this work. But unfortunately my application won’t run properly in a VM.
@zlynx I have all my devices connected to my pfSense router, but I’m scared that Windows will spoof the IP address or even the MAC address, so I’d have to set extremely strict rules on pfSense which I don’t want. I only want to restrict my Windows machine.
@MisteryAngel But how do I know that I stripped out all the evil stuff from the iso? And as long as I install updates in order to get security patches, Microsoft will probably keep messing with my settings add things back that I already deleted. I remember at some point I deleted some binaries that were responsible for some of the spying and after updating they were there again.
@oO.o How would that work? What exactly does VLAN do? First of all I need to buy a managed switch for that, right? My pfSense router only has one LAN input which is connected to my switch, so could this even solve my problem? Is pfSense somehow aware of the VLANs and can set different rules for each VLAN of my switch?
@vlycop I definitely wouldn’t trust them using the specified DNS. I simply want to block everything and then carefully whitelist domains or IPs that I trust.
@mihawk90 I have a proper license and that definitely doesn’t keep them from constantly resetting telemetry settings and bypassing the hosts file etc. I’m not the first one to have noticed that behaviour btw.
As I said, I need Internet access occasionally, so I need my security updates, but I want to manage them myself, rather than letting Windows Update handle it automatically. Ideally I set up a Raspberry Pi which downloads new updates once a day and copies them to a folder on the Windows machine and the Windows machine has a batch script running checking for new update files in that folder, installing them when needed.
@regulareel Microsoft could easily bypass the DNS filter using IP adresses directly and the probably already do this.
I will look into “Windows 10 ameliorated edition” and I agree with pretty much all you said, but I don’t need antivirus software, I just need general security patches. I could write a virus that doesn’t get detected by any antivirus in less than a minute. Most programmers could. Antivirus software is kind of pointless imo as it only protects against known malware that has been reported and reviewed. Protection against known remote execution vulnerabilities and the like are much more important, as that attack vector isn’t based on a dumb user downloading the malware payload in the first place. But I agree that antivirus software is basically spyware itself because of its own telemetry.
I also very much agree on your stance that the average user of Windows is essentially a beta tester. I wonder if you could somehow identify how safe each update would be to install. Maybe there is a company reviewing the updates, publishing a list of updates they consider to be safe to install.
@Eden Sorry, I personally define Microsoft Windows’ automatic WiFi password sharing, telemetry etc as spying, especially since Microsoft added a keylogger to the telemetry service. So whenever I say spying, I’m just talking about that, even if you could argue that it’s not actually spying.
As I already said, I have repeatedly turned off telemetry, but it keeps coming back. This is not me doing it wrong, other people have experience the exact same thing. Even Wendell has talked about this issue multiple times. The problem is that most people don’t notice this, as it initially works.
I don’t need a specific thread to protect my data. I simply live by the principle that everything you share will be used against you, sooner or later. Be it by insurance companies, corrupted governments or things no one has even thought about before. So I try keep it at a minimum.