Spectre/Meltdown vulnerability on offline host / online guest

[fleewin10]

I have a 2-3 - year-old Windows 10 PC and Windows has never touched the Internet.

I use a Linux guest which does use the internet.

I'm a bit confused about what to do about Spectre/Meltdown.

I don't want to apply a patch to Windows since it has not been updated since I bought the PC. The lack of updates would probably choke Windows or else take several weeks to complete. In any case, I'd rather not let Windows go online.

OTOH, I routinely use the Linux guest online and it is kept up-to-date with all the latest patches. The browser has been patched as well.

Question: Given that the Windows 10 host has never been online, and my plan is never to have it go online, is my Linux guest -- which does go online -- safe?

[socratis]

How does your Linux guest use the network, and not your host? It's doable, but I want to know your exact setup... For example, do you use your NIC in Bridged mode? Have you disabled the bindings on the host?

[fleewin10]

These are the notes I took on what I did:

Win 10
- Start
- Network Connections
- Ethernet Adapter
- Properties
- Deselect everything but the VM bridging

VM Guest
- Settings
- Network
- Set to Bridged (default is NAT)

[socratis]

These are the notes I took on what I did:

Excellent! That's exactly what I had in mind, the Bridged mode in the guest and the disabled bindings in the host. Kudos!

is my Linux guest -- which does go online -- safe?

Nobody can back up a statement like that at 100%, but with reasonable confidence, I would say that the safety of your guest is a more than safe bet.

[fleewin10]

is my Linux guest -- which does go online -- safe?

Nobody can back up a statement like that at 100%, but with reasonable confidence, I would say that the safety of your guest is a more than safe bet.

Exactly what I needed to know, thanks.