FWIW
@AmpleApricots, I looked into network namespaces following your advice. I'm now set up with one that sees my regular network interface, one that sees the VPN, and a default one that sees nothing but a loopback interface. I assumed this set up would get in the way and piss me off pretty quickly, but I've been happy with it.
Do you or
@Overly Serious have any opinions on
firejail?
I'd love to offer some helpful insights but in fact, you've actually introduced
me to firejail. It looks pretty neat, actually. And I like the look of their virtualized networks. These days I've fallen into just running up different VMs for different purposes. Using RDP or some other remote desktop tool I basically have as many computers as I want all running side by side and can just toggle between them at will. It's a stupidly heavy approach but virtualization these days is so advanced that everything runs just fine, passed through from the guest to the metal with the host OS barely having to lift a finger. Compared to the early days when everything was emulation, it's infinitely more viable. Something like firejail looks like it would be less work, though - definitely worth a try.
That said, when Windows 8 came out I went from being an exclusively GNU/Linux person who'd never even used Windows outside of work (and I wasn't a programmer, it was just Excel, Word, etc.) to a Windows evangelist almost overnight. I retain enough GNU/Linux knowledge to get by and to annoy Linux fanatics who aren't used to the Windows users they criticize knowing their own dirty laundry. But I'm rusty and my GNU/Linux days are probably behind me unless we enter open totalitarianism and I simply can't trust Windows any longer.
GNU/Linux is still an amazing achievement, though. I am tempted to reinstall Gentoo or maybe try Arch. But sadly I just don't have the time. My OS these days, is mainly a tool and Windows does that well.
I just roll with windows defender now - norton, mcafee. cause a lot more problems than they fix (they all install dlls that do crazy shit to your computer and inject themselves into every process.) If you use Chrome and Adblock and you don't pirate software there's practically no reason to ever run the non-ms avs.
Never install McAfee. You literally cannot uninstall it without downloading a special program from the Internet to do so. And they make it really hard to find. Least that was true last time I used it which was about 8 years ago. Doubt it got better. I think nobody voluntarily chooses it these days. Their entire business model is paying OEMs to pre-install it on your PC and then badgering people to enter their credit card to buy a plan.
And Norton - I once saw it pop up a whole series of messages about how its firewall had just protected me, it had blocked a virus, etc. when it literally had no network connection. Norton lies. Don't touch it.
