I have a Windows 11 PC, I already hardened it. But lets say I need to also use my computer for different things. I am a student and I dont have my own device for school (they dont offer any).
I use a VPN on my pc, I can use split tunneling but would I be using my ISP’s DNS from outside the tunnel? I dont know.
Would seperate user accounts or browsers be ideal? I dont need to much programs, just a browser to do the work lol.
I’ve been you when I was you and there werent any concept of segmentation of personal and work computers back then.
Try to run VMs on your machine to separate a Windows VM for work/class, Windows VM for gaming and a Linux (Fedora?) VM for personal things.
Under all those VMs is another thing entirely a Hypervisor. Proxmox seems to be one of the cool things that can offer a free commumity supported hypervisor. It takes time to read and learn. As a student you still have the spare time to learn things.
For school provided stuff, you can safely use Tails and a separate USB for your persistent files. Its the only reasonably pivate and secure way to segment it for computers you do not own.
If it’s a managed device you can kiss privacy goodbye either way. Privacy does not exist unless you have full control over the hardware.
Hardening windows more often than not does the opposite unless you’re talking about applocker, wdac or similar functionality.
Is the device yours and unmanaged? If not, you need to get your own device. If yes, use VMs to separate work from personal use it dual boot.
Its my own device. I have used VMs in the past, they are just so slow on my PC. And dual booting gave me many issues, especially linux.
VMs are so slow on my PC, and dual booting gave me issues. BTW, I dont need o download any apps for my school, I just need a web browser to do the actual work. So would that just be overkill?
Then it’s fine, as long as you don’t grant school websites invasive permissions.
Like I said, use Tails. Its an OS that resets to a “stock” config after each boot. Its designed to be used and plugged as a bootable USB drive.
Use it each time you need to do personal things like email, forums, etc. It wont change the underlying OS of the PC it is attached to, so it should save you some trouble in that aspect.
Speaking of trouble, IIRC the whole OS forces all of its connection through a Tor Relay so you might have an issue with having connections through Tor, during your visit to some websites.
Another alternative would be to install the Linux distro of your choice into the USB itself. I havent personally done this and I do not know what kind of issues you will encounter though, so read around online.
In my (limited) experience, it generally is pretty easy to put ubuntu (im not sure whether this holds for debian as well) on a usb. Arch linux is a very manual process though. Also note that applications will probably be painfully slow when running on an OS on a usb because of the low bandwidth (maybe a high bandwidth usb drive could fix that issue?).