I run a standard laptop at home (dual-boot Fedora 20 and Windows 7; the Windows side is almost never used). Soon my other computer will be working again; it will have Windows 8.1 and some flavor of Linux.
What is the best way to lock down the system and make it harder to attack? I am interested in solutions that are practical for home use.
Things that come to mind (roughly in order of intrusiveness and security):
- Run Windows in a separate VM, and various Linux applications in separate SELinux sandboxes.
- Run each Linux application, as well as Windows, in a separate VM.
- Switch to QubesOS or another security-focused Linux varient, and drop Windows altogether.
Also, I have noticed that I do a lot of software downloading (from legitimate sites like github -- but even they are not perfect) for development purposes. Should I isolate that in a VM?