A somewhat reasonable way to deal with the internet
Qubes is an interesting operating system that tries to provide a reasonably secure operating system computing environment by trying to contain all of its software applications and hardware drivers in a sandbox.
Everything is encased in a sandbox virtual machine and the ties that connect these virtual machines have varying degrees of security, dependending on the activity and the risks associated with the activity.
This compartmentalizes each activity and also prevents cross-contamination between activities such that a single compromise in one virtual machine does not yield the entire system.
While simple in concept, in practice, there is some learning curve to use Qubes, and some things that are easy to do in windows for example, are like pulling tooth under the Qubes.
There is a simpler way to somewhat accomplish what the Qubes OS is trying to do, by using a hardware compartmentalization.
The difference being, Qubes can run all of the activities at same time (more risk) while the hardware method runs only one activity at a time (less risk).
The idea is to replace each sandbox virtual machines with a real hardware equivalent and a switch.
(
https://www.amazon.com/Switch-Module-In ... ics&sr=1-3 or
https://www.amazon.com/Kingwin-Optimize ... ics&sr=1-1)
One can assign each activity to low cost SSD's (i.e. a RAM only browser machine on DVD-ROM, or 120G SSD for $20, a work machine on 250G SSD for $30, A game machine on 500G SSD for $70 etc.)
An OS that runs entirely in RAM (
https://en.wikipedia.org/wiki/List_of_L ... n_from_RAM) on DVD-ROM, or a cheap SSD (ROM) can be configured for guest access only with SATA driver removed.
This will be the main computing machine, for browsing, movies, music, etc. Each time a sensitive task is required, such as online purchases etc., just reboot the machine to start fresh. One can browse anywhere without too much worry as long as the system is rebooted before a sensitive task.
Because the system runs entirely in RAM, a reboot erases any compromises that may have occurred to the system. And because the system runs from a DVD-ROM and/or doe not have hard drive drivers, no malware can be written to the system hard drive. (Therefore, USB stick is not recommended)
The work machine should only be used for work and never be used for browsing. For browsing within the work machine, a sandbox virtual machine hosting the same OS that runs entirely in RAM can be used for browsing and for e-mails within the sandbox.
A work machine can utilize a user initiated folder / virtual drive that is encrypted to store important files or use its own dedicated encrypted portable USB hard drive / usb stick to store important files offline and to prevent cross-contamination between systems.
The game machine can be setup in the same manner as the work machine, or be allowed to run free, depending on the need.
As long as only one system is running at a time, the presence of the hardware switch will prevent cross-contamination between the systems.
In addition, the installation is cleaner and one no longer needs to deal with the issues arising from multi-OS boot loaders.
