How to prevent the operating system from accessing internet while still enabling web browsing?

-5

What would be the best way to effectively isolate a computer from the internet so that especially the operating system cannot access the net, while still allowing the user to browse the web using some browser such as Firefox?

There's a couple different use scenarios that come to mind. First is that I have some oldish computer hardware that have limited amounts of memory and processing power and run more or less antique operating systems such as Windows 98, 2000 or XP and enabling any kind of virus protection on these machines, if even possible, would eat more memory than is available. So I'd need a safe networking environment for these. These machines still need to share some data occasionally with the outside world and I use memory sticks to copy files to/from the machine, but that's quite cumbersome and exceedingly difficult with Win98.

The second use scenario doesn't involve old operating systems but new ones. I have a nagging feeling, that the new operating systems seem to do all kinds of stuff behind the user's back, harvest usage data for advertisers and generally adopt the position that they can do whatever they like with the computer, install new programs and drivers and whatnot. And malicious programs also worry me; I certainly wouldn't want my computer to start sending spam or phishing. It seems to me that if I can cut the OS from the internet, then I can cut these malicious programs' access too.

Hmm, I'm thinking that perhaps could run Firefox on another machine on the local network using X11 and just use the local machine as a screen. What would be the drawbacks in that solution? Certainly I couldn't save any files to the local machine. Are there any other possibilities? Could the net access part of Firefox be rewritten to use a proprietary protocol or hardware, which the OS knows nothing about? Any other ideas?

[Edit] Just curious: why the downvotes? Do you really think it's a bad question? Why would you think so?

coward88

Posted 2015-11-22T15:56:53.063

Reputation: 7

No. You cannot browse the web without an internet connection. – DavidPostill – 2015-11-22T15:59:12.110

Obviously I need some kind of connection somewhere, the trick is to make it such that the OS doesn't know about it or cannot use it. – coward88 – 2015-11-22T16:04:56.847

It is the OS that provides the internet connection. – DavidPostill – 2015-11-22T16:05:59.810

Rather than taking this approach, you should learn about and fully understand the operating system(s) you are running, so that you can control them. You can disable tracking/telemetry services if you know what they are and how to get rid of them. The only reliable way to prevent these systems from tracking you is to either not get on the Internet at all (including your web browser), or to actually understand the software you're running - fully - so you can identify and then counter any tracking software. – allquixotic – 2015-11-22T16:06:39.377

@DavidPostill, Not necessarily. In Windows 3 you needed to install third party software for it. And how about my X11 way to do it? That already works but is cumbersome. – coward88 – 2015-11-22T16:08:26.783

3Most people don't understand that it is literally impossible for an operating system, or any piece of software, to sneak a packet by a downstream router. Just install a secure, packet capturing and filtering router downstream of your computer, and then you just have to build a collection of firewall blocking rules that prevent the tracking you don't want. There is literally no way for the OS writers to bypass this if your rules are good enough. That, and you can prevent many of those trackers from running in the first place by modifying registry settings. – allquixotic – 2015-11-22T16:09:39.897

Check out this program, for example. And if you don't trust it, audit the source code. If you don't know Python, then learn Python. Then you'll be able to learn from his source code how he disabled all of Windows 10's tracking systems.

– allquixotic – 2015-11-22T16:11:46.543

In newer operating systems (Vista and above) this is very easy. In older ones you need a standalone customizeable firewall. – qasdfdsaq – 2015-11-22T19:56:54.550

Answers

0

Amidst wondering why the reaction to the question has been so negative, I thought of a way myself. How does this sound: Install a VirtualBox guest OS, export COM1 serial port from the host os to the guest os, connect the serial cable to another PC hosting a ppp server. Use ppp to get an internet connection from the guest OS. That way only the guest OS should be able to access internet, right?

coward88

Posted 2015-11-22T15:56:53.063

Reputation: 7

1Your downvoters appear to be ignorant of the fact that your idea has already been implemented in a secure operating system called Qubes OS. Qubes OS is a new approach to fight malware through easy to audit code, application isolation through virtualization and an easy to use graphical interface to segment the OS based on personal needs. You could sandbox your Internet browser with Qemu yourself or use Linux chroot to contain malware infections, but Qubes OS goes further than that, it virtualizes the whole OS, including network connection, firewall and external storage devices. – karel – 2015-11-22T19:18:04.547

It allows for advanced networking set ups based on different domain policies and the OS has been optimized to run lightweight virtual machines, Qubes OS principle is security by isolation, not the applications but the domains where the application dwells. This is not a veritable Linux operating system because it uses virtualization as its foundation with applications all virtualized in different compartments – karel – 2015-11-22T19:18:38.580

This solution is a bit excessive, why bother with the COM port when you can just use a vbox network to PPP to the host? Why bother with PPP at all? Just use firewall rules if you are running a VM. – qasdfdsaq – 2015-11-22T19:57:48.680

@qasdfdsaq, sounds interesting, but I am a little confused - the aim is to prevent the host OS from accessing internet. Is that possible in your example? For example in this scenario if I buy a laptop with Win10 installed, I would prevent the Win10 from accessing the net, but still run WinSomething or Linux inside the VirtualBox and have that access the internet so that I can download stuff to the new laptop or check my email without the Win10 itself or any other software inside that laptop ever phoning home. After internetting I would restore the VM image so no infection can remain. – coward88 – 2015-11-22T21:00:39.683

1Yes. Use the firewall. – qasdfdsaq – 2015-11-22T23:08:00.490

Asked: 2015-11-22T15:56:53.063

Viewed: 331 times

Active: 2017-03-31T09:03:09.777