THE BACKGROUND:

Between me and my roommates there are currently five computers in the house. One desktop is permanently kept offline due to being an old XP machine. The other pcs are all running windows 7 professional 64bit service pack 1.

I've installed AVG free, Malwarebytes Anti-malware free and Malwarebytes Anti-exploit free on everything. Since we all use Mozilla Firefox, I've also installed Adblock Plus on all computers as well. The Computers share an internet connection and modem-router but all advanced sharing settings in the homegroup tab are disabled.

Network discovery is switched off.
File and printer sharing is switched off.
Public folder sharing is switched off.
Media streaming is switched off.

We don't share external media (no disks, no usb sticks, no external hard drives, no memory cards, nothing), we don't send each other emails and we don't share any devices (apart from the modem).

Internet access is through ethernet cables only. Wi-fi is disabled on the laptop from within windows. On the desktops the icon for it appears to be missing and since I can't see any missing driver indication in the device manager on any computer, I assume that the desktops are incapable of using it.

***************************

STUFF WE OFTEN USE/DO ON OUR COMPUTERS:

Roommate a: internet browsing, libreoffice, social media.

Roommate b: internet browsing, libreoffice, pdf viewing, vlc, 7zip, solitaire and freecell through windows xp mode, currently learning fortran and matlab, Bitmore DTV100 tv tuner & totalmedia 3.5.

Me: internet browsing, libreoffice, pdf viewing, vlc, klite mega codec pack, 7zip, a fuckton of gog & steam games, adobe creative cloud, blender, gamemaker studio, krita, also eyeing unity on the side despite being a complete failure in all things programing related, because apparently I'm an idiot. Or a masochist.

*************************

THE MEAT OF THE THREAD:

Question 1:
Is my assumption about the wi-fi being inaccessible to the desktop pcs correct (there's no icon for it on the windows 7 desktop and no missing drivers indication in the Event Viewer)? Or is it possible that they can access the internet through wi-fi without my knowledge?

Question 2:
If one of the computers on the network is infected (because certain people are always clicking on things nilly willy online or while installing free programs without bothering to properly read what is what first *tears hair out*) is it possible for it to infect the others even though all sharing options in the Homegroup tab and all advanced sharing settings are disabled?

Question 3:
Do you guys have any Windows related suggestions for better computer security/less infections? (Everyone getting their own seperate contract with an internet provider and thus using different modems for their connections is undoable at this point.)

Question 4:
From what I've read Linux is really good for security. I've spoken with the roommates about it and they're willing to take the plunge to Linux as long as they can use it as a Windows replacement. However I use far too many Windows only programs & games to completely abandon Windows. If they switch completely and I dual boot with Linux and keep all random internet activity there (apart from windows/program updates, gaming, and windows only programs that require active internet connection to function) will it help me security-wise?

Question 5:
Though I'm somewhat more tech-savvy than my roommates we are all equally n00bs when it comes to Linux. Because of that, I've been thinking Ubuntu 15.10 or one of the Linux Mint 17.2 versions since those are supposed to be the most easy to use. What are the pros and cons of those? And what are the differences between the Linux Mints apart from their slightly different looks?
Any other Linux destribution suggestions? Trying to balance security & privacy with ease of use. Graphic environment (default or optional) is a must. Being able to update the os without having to format and install a newer version from scratch every time is also a must.

Question 6:
Where and how can I get program updates/latest versions and os updates for whichever Linux distro you suggest?

Question 7:
What are some good antiviruses and antimalwares I could use on Linux? I've read that one can safely use the os without them and that they're mostly for the sake of windows users using the same network or sharing files, but I don't want to risk it.

Question 8:
If I dual boot with some kind of Linux is there any way to disable/enable the wired internet connection for windows from within windows itself? I'm on WIndows 7 Professional Service Pack 1 64-bit.

Question 9:
How can I disable all sharing options between Linux pcs on the same network? Is it the same across different versions or depends on what I'm using?

Question 10:
Is it wise to have different Linux distros on a bunch of computers that are on the same network? Apart from the whole having to learn how to properly use each of them thing of course.

Other questions pending.

I am not that technically adept either, but can't you simply disable all LAN-to-LAN communication in your router's firewall? Seems easier and more secure than trying to lock down the individual computers. Same with disabling the WiFi through the router.

Since all of you are using Firefox, I would recommend you to try the NoScript-extension and only allow scripts from first-party domains (on sites that you trust). I have been using it for years, coupled with being extra mindful of downloads, as my main form of security with great results.

Have you tried a faster alternative called uBlock Origin?

And I completely second Xzaril's recommendation for NoScript. Must have! If you want to be completely sure, check your bios for WiFi card presence and disable it. Also, check Control Panel for any installed wireless cards and disable them from there too. There are always some exploits in the system that can be misused, especially inside LAN so it would be safer to properly configure a firewall. It would have to be set up correctly (which goes for any OS), but generally yes, you should gain some benefits security-wise, most important being the underlying system whose open-source nature provides transparency and trustfulness inherently missing (and often misused) in proprietary counterparts. There is also a sandboxed nature of Linux systems (among other benefits) that makes it more immune to threats in comparison to similarly configured Windows machines.

But regardless of the software in use, don't undermine the importance of your habits in keeping your system safe and secure. I would advise you to skip Ubuntu 15.10 since it's a short-term version, supported for nine months total. Mint now tracks only long-term support releases and current 17 branch will receive updates till april 2019. Aside from that, Mint generally comes with better out-of-the-box experience.

It's not just the looks, different desktop environments also offer different user experience and functionality. If you aim at older hardware with Mint, consider Xfce and MATE editions for systems with at least 384 and 512 MB RAM respectively. For relatively newer ones you can go with either Cinnamon or KDE. Mint developers are also actively contributing to Cinnamon DE (their product) and MATE, but all their editions are usually fairly polished. That's easy. Linux distros keep all their software packages under one roof, in the repositories, so all the updates are pulled therefrom. You can use graphical update managers for the task or use the terminal, including setting the autoupdates. I've touched upon this in the other thread. No different than if you would use Windows only. Either disable the wired connection, ethernet card from CPanel or completely remove ethernet drivers from Windows. You disable sharing for each box individually by configuring relevant settings and services (depending on the distro and desktop environment in use), but again, if you want to be completely sure - use firewall. And keep you system always up-to-date so no exposed and patched vulnerabilities could compromise it. Depends on the perspective. If you mean from a security standpoint, I don't think you would gain much in the descibed scenario within you LAN. In every situation there are pros and cons, but I would consider them of minor importance in this case in comparison to propely set up and hardened system, regardless of what the rest of your network is using.

Will try those, thanks. Does it block everything or does it allow some arbitrarily designated as non-disruptive ads to pass through like Adblock likes to do on its default settings? (good thing they give an option to block those too) You mean at the Device manager? Only thing under network adapters is the ethernet. Will look at bios after I log off from here. I'm currently using default settings on both my belkin router & the windows firewall because I don't know how to configure the damn things. Also can't seem to find any guides (though this could just be blindness on my part). I'll demo the Mint distros first then. Do you have any experience with Ubuntu 14.04.3 LTS (Desktop)? From what I just saw this should be supported for 5 years. So I can access those from within the os? WIll look into those thanks. From where? Local area connection status? Firewall suggestions for windows and linux mint?

First I'd like to point you in the direction of the "Try Linux" thread I did a while ago, which has a lot of information you might find useful: http://www.gog.com/forum/general/the_big_try_linux_gog_game_giveaway_win_xiii_the_witcher_3_sw2013_much_more/page1

Now, to answer your questions: Yes, plus it's unlikely that they would have wifi anyway. And even if they did they wouldn't be able to connect to your network without first being given the credentials to access it. Yes, depending on the virus. Good system configuration, good AV (on Windows) and a properly configured firewall should prevent anything like this from being an issue though. Don't use AVG; it's shit. I use Kaspersky Internet Security on my Win7 install, although I get that free atm (my brother gets a free 3-PC subscription from his bank). Yes. Make sure to disable the Flash plugin though (or at least set it to "Ask to activate") - that's a major exploit vector whichever OS you use. I strongly recommend Linux Mint. Software downloaded through the system repositories is updated using the system's package manager/Update Manager. Software downloaded elsewhere varies, but it's normally a case of downloading and installing the updates manually for those as you would on Windows. It's *really* not necessary. Just don't download & run software from dubious sources, keep stuff like Flash disabled & remember to enable the firewall :p Also never run anything as root unless it has a good reason for needing it. There is, although I can't remember the exact steps to do it - next time I boot into Windows I'll check for you. You should be able to disable the network adapter itself through the device manager though. Shares on Linux need to be enabled/set up manually, so nothing to worry about here. There should be absolutely no issue with this whatsoever.

Thanks, I'll put that to good use in the weekend. ;)

Now, to answer your questions: Firewall recommendations for windows/linux mint? Or are the ones included with the OSes enough if configured properly? (though I don't actually know how to configure them... any guides for would be much appreciated) I'll be checking avast free since it is also linux compatible. Will do, thanks for the tip. I'm thinking of starting the tryouts with KDE since screenshots show it has the bigger desktop icons. Will try Cinnamon after. Perfect! Does the same apply to os updates on Mint? Still, better safe than sorry since at least one computer will be dual booting windows 7. Enable firewall I can do. Configuring it is what I have trouble with! Not run stuff as root, got it. If I start a terminal on mint it will be a not root one by default then or will I have to dig around to find one I can safely use? Thanks. On both Cinamon and KDE versions of mint?

It includes ABP's filter subscriptions while also allowing import of hosts files lists, but I would advise you to set up the latter OS-wise where they belong, for faster execution and so that they would apply to any process, not just the web browser. Yes, the DM. Make sure you update your router firmware if available on the manufacturer's website. And do it from a clean machine.

Configuring a firewall is a custom-made job depending on your needs. You would have to get a little bit acquainted with system processes and ports, but general rule is to keep all incoming ports closed except the ones you designate for particular purpose (depending on apps you use), which usually goes in hand with port forwarding set in the router, but you don't need to mess with this if everything's working fine for you.

You would usually keep most of the well-known (0-1023) outgoing ports open, but if your machine is infected a clever virus would use one of those to phone home anyway even if all the others are closed. Just like Mint 17 and any other distro which is based on Ubuntu 14.04, support lasts till spring 2019. I have tried it briefly but my vote certainly goes to Mint. Seems more stable and Unity Desktop Environment Ubuntu uses is not to everyone's liking. Certainly. Again you have an option of using graphical or console package managers. Yes, if you mean disabling the ethernet connection. I'm not familiar with current Windows options. As for Linux distros, they all have firewall built in the kernel which means it comes with the OS. You can install graphical configuration tool such as Gufw, which comes with Mint preinstalled but firewall is not activated by default. Here's a little tutorial on Gufw to get you started.

You should be able to resize icons under any desktop environment though. It's not root but a logged in user by default. You would have to enter your password when you try to execute something with admin privileges anyway.

Ok, you lost me. I'll get back to you on this when I have the time to try uBlock out. The cleanest I'm capable of making it is full check with a bunch of security suites, clean as appropriate, and then a format and os reinstall for good measure. Though I've found a guide that claims one can permanently wipe all data that stays hidden after a format by using a linux mint live dvd and a command called "sudo dd if=/dev/urandom of=dev/sda bs=1M" where "dev/sda" is a hard drive name. Should I try this (assuming it's legit) for extra cleanliness or would it be overkill? So, assuming a clean windows system with the os newly installed, everything in my computer that can go online and download data has an entry in the "inbound rules" tab and anything not "system" or "systemroot" I can disable/enable according to what programs I actively use? Eg. I can safely disable all inbound rules for windows media player since I use vlc instead? And "outband rules" I can just leave as they already are? I'll check this out, thanks. That makes things a lot easier. :)

No problem. Don't bother with hosts lists in uBlock Origin for now and if you want to use them in your OS (be it Windows or Linux), drop a line. By clean I meant uncompromised.

The solution you posted is no overkill since one pass of writing your whole drive with random values is bare minimum (although they say enough for modern drives) for wiping the contents of your HDD, assuming it's not SSD. If you want to wipe your whole drive, a faster solution would be to use a specialised tool for the purpose called DBAN.

WARNING: Be extra careful when wiping out individual partitions and even if you operate on your whole drive so you don't overwrite another one by accident. Make sure you know what you're doing, triple check before you start and always prepare a backup of important data beforehand. As I don't use Windows, I don't know how exactly its firewall tables look like, but generally you can save or write down current config and experiment by removing unneeded entries. If any program loses its functionality (ie. can't connect to servers) afterwards, you can always revert.

While on the topic of router, I forgot to mention it would be wise to disable UPnP in its settings since this protocol has numerous security vulnerabilities. You can also visit the following page to check your network's UPnP exposure but even if it passes the test it would be prudent to disable it.

On the same research company's website you can initiate more network security tests.

Is it safe to assume that several passes with that linux command will permanently take care of any virus/malware in the hdd that security suites would be unable to locate and get rid off?

Alright, thanks. I'll experiment.

Edit: I'll see about disabling that UPnP thing as well.

Even one pass would cover you on that, although full format would probably be enough too, but if you want to be completely sure, even theoretically, go for wipe.
Several rounds would serve more as a privacy-preserving measure in various scenarios.

Great! Thanks a lot. :)

Well, KIS includes a firewall as well as AV.

As for Mint, the built-in firewall is fine, just remember to enable it (through System Settings in KDE at least). Unless you're running a server of some sort then the default settings should be fine. I have no experience with Avast so I can't give any opinion about that.

Seriously though, it's really not necessary to use AV on Linux - it'll just be a waste of resources, aside from using it to scan the Windows partition(s) without the risk of any running malware interfering with it. Just make sure to enable the firewall, disable Flash, keep your system updated, don't run any commands you don't understand & don't run any dodgy software and you should be fine.

This may change as Linux grows in popularity, but right now there is very little malware for Linux and the malware that does exist isn't much of a threat. Exploits on Linux are usually patched very quickly & malware that relies on social engineering is easy enough to avoid by simply being careful about what you run. Yes When you open a terminal it will be opened as the currently logged in user, unless you explicitly open it as root (or use the 'su' command to get root terminal access, or use "sudo" to run single commands as root). Anyway, nothing should be able to run as root without you knowing about it as it'll need to ask for your password. I believe so - I haven't looked at shares on other editions of Mint, but I can't see any reason why it would be set up differently between them. Just set it to block all inbound connections, with exceptions only for things that strictly need to be able to accept them (e.g. any servers you might want to run) and that should be enough. On Linux Mint the firewall is set up this way by default, all you need to do is enable it.