Personally, I'd get the x86-based laptop and go with Linux (System76 is a good route, but pricey. You can also find great deals on HP Elitebook/Dell XPS type machines on ebay, and they work fine). With this option, you can run Windows if you want, but you might not need it.
A Mac will hamstring your options, plus I find the restrictiveness and opacity of Apple OSes to be unacceptable. With Windows, at least I can modify most settings if I really want to.
use windows, it will make your life easier and less troubleshooting in windows realted to cybersec tools.
I don’t think MacOS is as private as people think. Iv got Littlesnitch running on my MBP and the telemetry is pinging every few seconds even with everything “off” on the settings. Luckily you can use tools (such as little snitch) to block it.
Graphene1 How did you differentiate the telemetry from the connections essential for operating MacOS?
Get an x86 laptop, run Linux on it, and run Windows and x86 MacOS in a VM. If you really need to run Windows natively for some reason (a course on Windows kernel hacking or something), dual boot.
Apple hardware is great, but you are limited to MacOS and the Arm versions of Windows and Linux in a VM (or Linux on the metal if you go Asahi), which have their limitations. If the power efficiency isn’t critical to you, an x86 platform is more flexible in terms of both what you can run on it, and what the hardware will let you do (eg you can swap out your SSD for a bigger one).
If you run your ‘dangerous’ OSes in VMs, you can eg disable networking, or install dodgy apps then delete the VM/rollback to a previous snapshot, which are harder to do running natively.
For a cybersecurity course I’d imagine a good number of the students will be running Linux, maybe the teacher too, so I wouldn’t expect you to be unusual. Although one thing you could do is keep your current machine and then find out what machine you need once you’ve started - maybe you need a big compile box for projects, or maybe they do everything on servers and an iPad would be fine.
[deleted] depends what you mean by essential. I don’t use any Apple services such as iCloud, iMessage etc.
Iv got two profiles, one blocks all outgoing connections to Apple, the other everything other than what’s required for updates.
Once I week I switch to the update profile, check for updates, update if needed then switch back over to block all profile.
Foggy Thank you for the coherent reply that answered what I asked. For everyone, I already use Linux. This is strictly for school use only.
VMs are a good suggestion but they aren't perfect and they run quite slow especially with a Windows guest which I have tried.
My main concern is privacy and software compatibility. Trying to find the Goldilocks's zone. I guess I'll have to give it some time before the program starts.
Graphene1 Are you talking about xp.apple.com? As fa as I am aware this is the domain needed for updates. By essential, I meant something like OSCP which should not be blocked as it checks if downloaded apps' certificates are revoked or not. Gatekeeper should not be blocked either. My point is, when I was running Lulu on my MacBook, there were many connections being made. I don't believe they were for telemetry purposes but background tasks that may be beneficial like OSCP and Gatekeeper that I am not familiar with. This is why I asked if you were able to tell the difference between the telemetry domains and the domains that have actual functionality.
yore I would recommend getting a light linux distro, kicksecure seems good as i use it myself. On kicksecure you would have a vm, and since your host distro is so small i imagine you would have a better performance than you would with a heavy linux distro and a windows vm. I would also think about debloating your windows vm to increase the performance even further, hope that helps
yore
I think definitely check with the course instructors at your university. They'll tell you exactly.
In my software development program they told us on day 1 of classes what kind of a system we'll need.
Also i tried to go about this while trying to stay private by going linux. It was an absolute disaster. I had to quickly revert to windows.
But your program might be different. A lot of security software is on windows and linux. So do check with them.
Also privacy might go out the window because they'll require to quickly sign up for "this and that". Often you'll have to make a google and microsoft accounts because a lot of collaboration work is done on these very unprivate platforms. So.
I'd say expect to be forced into extremely unprivate scenarios, having to sign into different services and giving email, phone number, etc; having to use google drive and docs.
Make sure your laptop is at least 15" or you'll face much pain. Id say dedicate a laptop to this school work and consider it totally unprivate and use without headache. If you stress trying to be private on it you might run into a lot of headache.
Lastly, if you have freedom of choice then go with the platform that you are most familiar with to eliminate extra troubleshooting headache.
In my program it simply became impossible to keep with my privacy routines, going as far as being requested to install apps like slack and discord on my phone, which i refused. Not doing so caused a lot of headche and trouble for me as well as many side eyed looks. Just a heads up.
yore in the case of software development the programs I needed to install were, Eclipse, slack, node server, Microsoft office, adobe pdf, zoom, java and c runtime environments (i think), and maybe a few more i cant recall right now. Also had to sign up for several free and "free for students" online services some of which required personal info (github, slack, atlassian, figma, trello, google, microsoft, discord, etc). Also had to sign up for multiple government websites to get a student loan as well a FORCED to install 1 gov ID app on my phone.
Students were able to use windows and macos just fine. There were some students who were just fine on linux too. Problem with linux is, if you run into trouble who is gonna fix it for you? I wasn't adept enough with linux.
Running vm bacame quite a pain. I thought i could have a linux laptop for privacy and just run windows requiring software inside a windows vm. This quickly became a lot of pain, slowness and battery drain. Not to mention i ran into network issues on the linux os when connecting to university network which i didn't know how to resolve. Also the linux os didnt work perfectly with the laptop and i had other issues with that too.
See?
Even using privacy browsers to log into sites was being a problem. I had to revert to some default browsers in some cases which undermined my other efforts.
All this aside from the massive toll it took on me to juggle all this crap.
Im not saying all this to deter you. Your case might be different than mine. But i wish i had known all this on day one, which is why im telling you now.
If i had to do it all over again, id simply give up on the privacy aspect, dedicate 1 laptop to all my school related work and not have to worry about "browser finger printing" and "ip hiding" and not worry about hiding my identity or email address either (make a dedicated email address for your entire education journey, you'll have to give it to a lot of people and sites and gov sources). Instead Id just keep my private life out of that laptop.
Its ok if that laptop gets fully associated with my identity and accounts. Have a separate platform for your private life. While you are a student a lot of personal information about you will become unprivate unfortunately, including your name, phone number, email address, and even home address being put on papers that get uploaded to google docs or shared online with other students and on their phones and laptops.
Id say take a strategy of "containment" and "walled garden" approach. Be mindful to not associated your other activities with that laptop and browsers.
Dont watch porn on this laptop.
Dont enter your "life holding" passwords on this laptop.
Etc.
yore
Regarding wine, i havent used it, but i think in today's world of VMs, wine is not necessary and probably not worth the compatibility problems.
VM allows the option of cutting off the internet on it as well as passing it through vpn without the VM os seeing original ip, as well as hiding hardware IDs and direct hardware access to VM os. Sometimes this is useful.
For example MS office is highly invasive. I try to keep it in an offline VM
Also almost all programming software is available on linux and mac. But security software might be a different story.
User2288 TBH I think it’s the online services that are more problematic than the OS running on a laptop. You’re effectively forced to sign up to various things because somebody else has chosen to use that platform, and you effectively just have to agree to the T&C to get anything done. If everyone else uses Teams, you can’t insist on using Mattermost or IRC. It’s the same kind of problem as ‘everyone uses WhatsApp’. It is possible the university signs some of these agreements for you (eg institutional Microsoft account) but sometimes your group/project/collaborator will pick a tool and it’s hard to avoid using it.
Then the next problem is the need to install their apps. I think GOS profiles go a long way to helping here, since you can wall them off from the rest of your phone.
