Ah, delete the windows partition. That should keep me safe.
The TLDR is that Microsoft released a secure boot update that blocked insecure versions of GRUB. This update was only meant to go out to Windows users since releasing it to dual booted users could break GRUB. However, it was accidentally also released to dual-booted users.
The fix involves disabling dual boot, running a command to reset secure boot, then re-enabling.
Windows is best run in a VM in Linux. Who knows what the hell it does when it’s running on bare metal. Do you trust Microsoft not to poke around in your Linux disks when you boot into Windows? I don’t.
Windows, as any operating system, is best run in a context most useful to the user and appropriate for the user’s technical level.
- Need to run Windows apps/games and aren’t afraid to tinker around if and when something doesn’t work as expected or your software simply isn’t supported? WINE/Proton.
- Need to run mostly light Windows apps and don’t want to tinker around? VM.
- Need to run Windows apps/games that don’t rely on Kernel-Level Anti-Cheat, want direct hardware access and aren’t afraid to tinker around, especially if you only have one GPU, and when something doesn’t work as expected? KVM
- Need to run any Windows app/game without things constantly breaking or the need to tinker around and staying on top of things? Dual-Boot from different disks, utilize LUKS/FDE and be done with it.
You’re missing one:
- dedicated, air-gapped Windows box used for legacy industrial software
Aside from “lightweight apps in VM” this is the only solution I use now. (Unless you count Proton, but having Steam games Just Work barely feels like a “solution” as it requires zero effort on my part)
I don’t even trust Windows to dual boot off a separate disk without trying to break something anymore.
What about running a Linux to go removable disk and just pull it when you need to boot windows?
I actually tried it before for my TV PC that I wanted to also use as a miniserver, with gpu pass through and everything. It was painful to get it working properly, was like 30-40% slower. I also had constant problems with USB peripherals not connecting properly, or going in a sleep state and not waking. Many games didn’t work properly.
Then I decided to just buy a cheap second second hand PC and never looked back.
And this is why I don’t dual boot anymore. Or run Windows anymore for that matter. Learn to play nicely with others please, Microsoft.
I have been entirely M$ free for a while now with the exception of one machine which basically acts as a server at this point just hosting hard drives, a thermal label printer and the network scanning applet that my mfp talks to. Every machine I actually use is Linux and I’ve never been happier with the performance of my tech.
Simultaneously, Microsoft has been expanding their efforts so to require Windows users to upgrade to Windows 11, even those who own old machines that don’t have TPM 2.0, while those machines are prohibited to really upgrade to Windows 11, meaning that their owners would need to buy another PC/laptop. Several Windows users were using a cheat to install Windows 11 without TPM 2.0, but Microsoft has been patching it, so it’s going to be a no more. Users of Windows 10 will have two options: buy another PC or migrate to Linux. I’d bet Microsoft already knows the latter possibility. Several distros generally come with the option “dual-boot installation” as default, so there are many novel Linux users, migrating from Windows, that chose to keep Windows together with Linux (so to not lose files and configs they made on Windows). What if something broke Linux and these users that are trying to escape Windows are now forced to use Windows?
Linux distros could’ve prevented this problem by fixing their vulnerable signature when the security flaw was found two years ago. All they needed to do was regenerate the SBAT when the security update came in, but as far as I can tell the broken systems just patched the code (allowing anyone to still exploit it by replacing the Grub executable with a broken version). This is hardly a Microsoft conspiracy. Microsoft gave Linux users two years more than they gave Windows users (and, more importantly, system administrators) when they had a vulnerability like this last year.
Windows users aren’t going to switch to Linux, they use Windows because they want Windows. If they don’t want to make it easy to get infected, they can buy critical security updates beyond the 10 years of standard support Microsoft provided Windows 10 with (the ESU program) or they can keep using their old Windows 10 install without security updates.
Realistically, as long as Google maintains Chrome for Windows 10 (so all those Chrome derived browsers still receive updates), most people are going to be fine when it comes to viruses. The 4% using Firefox may receive even more support through the ESR programme.
I’d expect Microsoft to care more about ChromeOS Flex than they do about Linux on the desktop. Would be nice if Linux would become usable enough for normal people, but it’s still a pretty rough experience if you don’t have a Linux expert around. Maybe one day!
or they can keep using their old Windows 10 install without security updates.
Sure they can… It’s just a matter of clicking “Stay on Windows [old version] for now” on those ever-occurring popups (while Microsoft kindly offers this button to be clicked)
