I was thinking about this a long time ago and thought about using 2 SSD hard drives.. 1 would be a clean install of windows where I ONLY use it for like banking websites and purchasing things and you know, sensitive information things..
and then the completely separate other Hard drive.. Both have windows installed on them..
which I would just literally swap in and out only when I used it for all the other crap I do that isn't so "sensitive" and could potentially harm me in whatever I do.. like trying beta software or watching risque youtube videos.. so I would have 2 complete separate hard drives that would be only 1 in the machine at 1 time..
then could a virus somehow get to the "clean" system hard drive? I would only ever have the clean system hard drive plugged in whenever I just wanted to do my "sensitive" stuff..
SSd's are like $90-150 now on amazon.. so buying 2 isn't a problem at all..
hope this makes sense
By nature of how computers work, your idea is almost perfect, except for the
risk of other computers on the network.
I'm let you in on a method of mine, which I trust to work.
Disclaimer:
This method of mine is only as secure as the hardware of the computer (example: hardware keyloggers) and network infrastructure (unencrypted traffic is never secure anywhere). A hardware keylogger can't really be beat, so stand public computer practice still applies. "If you don't own the computer, it owns you."
I've used this method for years and haven't had any issues. You avoid the need to swap hard drives quite easily as well.
First you must go to the trouble of making an custom Windows PE. Include some security tools, enhanced firewall, highly restricted, stripped down networking. Add a basic explorer shell, and a web browser. Configure it to not mount any partitions at boot and limit it's drivers to a bare minimum. Then package it up to boot and run from memory. (~200MB to 400MB total size)
Then if you want more security, you create a secure Linux live boot operating system. Same ideas as above. Security by minimalism and lightness (reduced attack surface).
Include tools on both that detect things like arp poisoning and other bad things hackers employ.
Put together a secure boot compatible bootloader, and include a bootloader for legacy BIOS systems as well, package it up into an ISO thats less than 1GB.
Then find yourself an old flash drive and write the ISO to the flash drive and be sure to tell the flash drives firmware to emulate a cdrom and force read only mode.
Then you boot the flash drive when you require a secure environment.