I have been given an windows tablet which comes which has windows 10 already installed. How to install to ensure a clean install with no contamination from previous install or usb install media?

I want to know how to make sure I am starting from scratch as in I want to know no malware could get on via the windows install. What I did so far is download the arch livecd to usb via the tablet, in windows 10, and reboot and it went in to load arch from the usb just fine. I have not continued further yet as I then started to think that maybe the windows install could be compromised. No specific reason to think that as it was given by my mother and she barely used it since she had a second one but she did for a while and she is generally lax with security stuff, just relying on automatic windows updates, and, just generally it is windows with the larger attack surface considerations.

So just for peace of mind really how can I install to it knowing it will be clean? Just download to a usb stick via my own desktop PC arch install?

She also gave me a usb stick so again I would feel paranoid about 'contaminating' my desktop pc with that one. I could use one of my own but this one is smaller and thus more suitable for a livecd and to use for such in general. No problem using my own if it would be better but would like to know the steps to clean this one if it would be all the same once cleaned. So how could a possible non secure usb also be used? Should I load up a livecd linux vm within my desktop and then flash it with arch from that? Dd not necessary before right since dd is done while flashing the drive? Or maybe dd with random to be super sure?

So enter livecd vm, flash usb stick, insert to tablet and install as normal? Sound ok? Any more considerations?

Arch has excellent documentation so have you gone to their site and read through the installation instructions? You haven't indicated whether you intend to keep windows. If not, simply erase the disk and install Arch. If you intend to keep windows, I'm not sure what problems you expect. You do know that a default installation does not read or write to a Linux filesystem. If you have an EFI system, some windows updates can change things and temporarily prevent booting Linux but you might post specific concerns you have.

Writing a Linux iso file to a usb will generally overwrite anything previously on it. If you have concerns about the usb, you can use dd or software such as shred to overwrite anything on it.

IF you read carefully, OP is UNreasonably worried that M$Win10 on the tablet which they used to download and write the USB, is stealthily infected with something that will infect those two steps! They also fear that if they plug the USB into their desktop PC, it will infect that PC.

There have been threads about beyond-extreme suspicions in the past..

If you have a USB stick from a trusted source, then download and write Linux using a PC you trust, i.e. which your mother has not accessed, then I believe you can choose to feel safe.

1 members found this post helpful.

The first thing I always do with a computer that has been running Windows is to boot it with SystemRescueCD and dd the entire hard drive with zeros. Then I format and partition the drive.

I buy my memory sticks in well-known stationery shops, not online. I consider that this is enough to make my initial installation secure.

2 members found this post helpful.

Indeed you read it right. Well if I do not know the risk I don't know if it is extreme or not. I imagine it is probably far from necessary but I like a "belt and braces". Sure I am ocd but I would have anxiety I guess if I didn't do all steps to allay my fears.

I don't know if it is total paranoia as my mother constantly complains about her machine slowing down and has to wipe it back to defaults every once in a while. Sure that is no proof of malware but like I say better to err on the side of caution and have a clear mind I am starting from scratch.

Any livecd could be a drop in replacement for SystemRescueCD right? However...in this case there is no cd so back to the same situation of first quarantining the usb stick and wiping for usage in order to make it bootable.

Yes, probably. Most installation images have the right tools on them. But I swear by System Rescue.
I own a small freestanding cd/dvd reader that plugs into a usb port. I find it very useful, especially for laptops..

From post #1:

I can't see the need myself. The HSE here was hacked by ransomware and they started talking about new hardware. But even that can possibly be infected, if you have imagination enough.

OTOH, if you have some big or illegal business there, and really can't afford to be hacked, that probably provides a budget for new hardware. I'm sure the James Bonds of this world keep fresh kit.

I think that “infected USB sticks” is mostly a myth …

Someone elsewhere linked this.

I guess I wasn't really thinking about a hardware problem but somehow if just downloading the archiso via windows would somehow contaminate it. I know do checksums but I didn't see how you can do checksum on the created usb after you put all the other stuff on there for bootloading and other stuff. Maybe possible but not readily accessible like an iso checksum.

However from what people say it seems the consensus is that is way overboard to think about anyway and not an issue to be concerned with.

Using Linux, you can verify the iso was written correctly to a usb device. You might be able to do that with windows but you would have to do an online search as I don't use windows so don't know. The boot files are part of the iso you put on the usb so there is no 'other stuff'. Windows doesn't boot an EFI install of Linux nor can a default windows OS write to a Linux filesystem. It is possible to extract an iso file and modify it and recreate it in Linux but it is a very convoluted process. I expect it can be done on windows also but I don't use windows so can't tell you. I would think third party software might be needed but that's just a guess.

To achieve this, downloading the Arch Linux LiveCD to a USB stick via installing Arch on your desktop PC is a good idea. This way, you can ensure that the geometry dash world tag is free of any potential malware or compromised files.

Practically speaking, most of us don't have to worry about attacks like badusb.

If we buy from retailers or online, they will have bought bulk. If they're getting 100% returns on one item with negative feedback, that's a red flag for an online retailer.

If you are planning on using encryption, I would use /dev/urandom instead of zeros

But zeros is just as good for taking care of the Windows problems.