Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    2 Star Lounger
    Join Date
    Feb 2012
    Posts
    107
    Thanks
    0
    Thanked 2 Times in 1 Post

    Dual Boot Security

    There was another hacking event on the news the other day. One of the experts being interviewed about it suggested that the best way to protect valuable or sensitive data, such as on-line banking or stock trading information, is to have a dedicated computer that is used for nothing but that; no web surfing; only go to secure sites. I said, hummm? Sounds good. Is it true? If so, I'm wondering if dual booting two OSs would do the same thing? If one OS got infected, is there any way the malware could find its way into the other, for instance, through the BIOS or bootloader?
    Thanks

  2. #2
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by Yobil View Post
    If one OS got infected, is there any way the malware could find its way into the other, for instance, through the BIOS or bootloader?
    Yobil,
    Hello... I can not give a definitive answer to that , However i think that it would be technically possible to mess with BIOS or your bootloader ( depending on how many things you clicked on) ..I run 4 OS's ( Quad Boot) and have done many dumb things over the years ( click on something that i should have known better) The result was always just to "mess" with whatever OS that i had booted to, and never did anything to the other three... Just keep in mind that you can "Update" BIOS or change "bootloader" settings from a running OS ...so the right "malware " could probably do the same.... Regards Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  3. #3
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    If the inactive OS partition or drive were completely hidden from the active partiton or drive, then it would be hidden from a virus as well. Otherwise its a simple matter of finding file paths and settling in whether active or not. Not as likely a virus will look for multiple filepath instances across partitions but certainly can be done.

    AS far as dedicating a computer to secure access, sure, whatever you feel comfortable with, belts and suspenders; and buttons and cross-stitching, riveting, laminating...it is something physical you can do to add a bit of security.

  4. #4
    2 Star Lounger
    Join Date
    Feb 2012
    Posts
    107
    Thanks
    0
    Thanked 2 Times in 1 Post
    F.U.N. downtown,
    I don't know how a bootloader works and I can only set up a dual boot situation if I'm following a good set of instructions. So, I'm not sure what you mean by "completely hidden". In a typical (whatever that is) dual boot system where the first thing that comes up when you turn on the machine is a choice of which OS you want to use, are the two "completely hidden" from each other? Or, do you have to do something special for that?

  5. #5
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Yobil,

    You usually have to muck with the Registry to hide the drive/partition containing the non-active OS.
    DualBootHiddenDrive.PNG
    Registry Entry to Hide Drive.PNG
    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  6. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Northern California
    Posts
    326
    Thanks
    15
    Thanked 142 Times in 91 Posts
    Quote Originally Posted by Yobil View Post
    F.U.N. downtown,
    I'm not sure what you mean by "completely hidden". In a typical (whatever that is) dual boot system where the first thing that comes up when you turn on the machine is a choice of which OS you want to use, are the two "completely hidden" from each other?
    Yobil,

    That can depend on the particular multiboot scheme. Here's a backgrounder I wrote some time ago (but is still valid): "Understanding Multibooting". Note this page in particular which describes the differences between a typical third-party multiboot and a Microsoft-style multiboot. In a Microsoft-style multiboot the partitions are often more visible to each other so the mucking around RG mentions may be necessary. In a typical third-party multiboot Windows completely ignores the alternate partitions. (If you have a typical system from a major manufacturer, you may already be familiar with that phenomenon because some OEMs hide factory recovery systems that way.)

    Rather than a dualboot, you may want to consider using virtualization instead. It's quicker, easier, and provides good isolation, particularly in preventing access from the guest system back to the host. In fact, I typically do most of my websurfing from a virtual machine instead of from the host machine. I also wrote a little introduction to virtualization awhile back. That centered on Microsoft Virtual PC, though today many people use Virtual Box or VMWare equally well for similar purposes.


    Dan

  7. #7
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    There's also physical. Two drives, two separate installations. Shut down and physically switch data and power feeds to the appropriate drive. Not convenient to be sure but securely isolated. As mentioned, a properly configured VM works well too.

  8. #8
    2 Star Lounger
    Join Date
    Feb 2012
    Posts
    107
    Thanks
    0
    Thanked 2 Times in 1 Post
    Interesting stuff. Sounds as if virtualization is the way to go if I decide to do something.
    I read your intro, but not the appendicies yet. It is a few years old. Can you now run a virtual Win7?

  9. #9
    Star Lounger
    Join Date
    Dec 2012
    Posts
    54
    Thanks
    0
    Thanked 7 Times in 7 Posts
    Sure, if you have the license to activate it. A VM though, is not a separate computer. It is dependent on the host operating system, which your expert has suggested is the culprit. That's a dependency that can potentially be exploited.

    The next best substitute to a separate computer is booting the OS from removable media, such as a USB drive. This concept was recently discussed by one of the columnists. You can do your work, remove the drive and lock it away.

  10. #10
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Northern California
    Posts
    326
    Thanks
    15
    Thanked 142 Times in 91 Posts
    Yes, Microsoft Virtual PC, VMWare, and Virtual Box all support Win7. All three can be installed on a Win7 host, and all three will also host Win7 guests.

    What makes them so convenient is you don't have to shut down and reboot to switch boot OS's. You can stay booted into your host OS and simultaneously run a virtual machine as a guest. That's a lot easier than shutting down and rebooting, then rebooting again back into your main OS later.

    As I mentioned, I will typically launch a virtual machine to do my websurfing with virtual impunity <g>. When you're done you can completely discard any changes made to the VM during that session. The next time you boot the VM it will start up just as it had before, with no record of what may have happened during the discarded session. Think of what that means for malware that may try to infect the VM. This feature also comes in handy when you want to try out some new software but aren't sure you'll be keeping it--you don't have to risk sullying your main Windows installation.

    One point to be aware of is the guest OS must have its own product key license to activate. Many people use computers with OEM OS licenses, but a virtual machine has virtual "hardware" different from the host's real hardware. It's difficult or impossible (not to mention illegal) to reinstall the OEM OS in the guest using the OEM license. It won't activate. So you'll need to have a separate copy of Windows.

    That's rarely an issue with true multibooting. For example, you can clone your existing OEM OS to a second partition and boot either one. Either one, when booted, will see the same underlying hardware, so activation is rarely an issue.

  11. #11
    2 Star Lounger
    Join Date
    Feb 2012
    Posts
    107
    Thanks
    0
    Thanked 2 Times in 1 Post
    Great information! Thanks.
    Isn't there a "cut-down" version of windows? Is it cheaper? I've thought that if I were to do something along these lines that the "cut-down" version would be smaller and adequate for these specialized needs.

  12. #12
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    Yes, it's called XP, much smaller install base than Win 7. Seriously though, no, Windows 7 is Windows 7 except for a few feature differences in each version.

    And to be serious about XP as well, there's is hardly a dime's bit of difference and if you happen to be using Windows 7 Pro or above now, you can get XP Mode free, which is XP XP3 Virtual Machine and one can even import XP Mode into the more capable VMWare player and use it there. Some folks worry that the end of support means XP will fall to pieces but it has many good years of service to provide yet-until it's not supported well by third party programs, among them, security programs.

  13. #13
    2 Star Lounger
    Join Date
    Feb 2012
    Posts
    107
    Thanks
    0
    Thanked 2 Times in 1 Post
    We still have xp left over from a machine that we don't use any more. Could use that OS and either dual boot it with 7 or VM. My only concern is whether xp will run the banking software. I'll have to check.
    My son-in-law has a little netbook that came loaded with a cut-down version of Win7. That is what I was referring to. I'm not sure what it doesn't have included. And, I don't know if you can purchase it separately or not.

  14. #14
    Silver Lounger
    Join Date
    Oct 2012
    Posts
    2,335
    Thanks
    13
    Thanked 267 Times in 260 Posts
    Windows 7 Starter? Ick!.

    Thankfully I think it's OEM install only and is otherwise unavailable.

  15. #15
    2 Star Lounger
    Join Date
    Feb 2012
    Posts
    107
    Thanks
    0
    Thanked 2 Times in 1 Post
    I don't want to use XP and don't have any other available license to use with in a virtual installation. Therefore, I've elected to set up a dual boot using my existing Win7 license and a non-windows OS. I know that this is a windows forum. So, let's address just Win7. With the non-windows OS installed, it appears that Win7 doesn't even know it's there. Looking at "My Computer", there is no indication of the existence of the other OS. Is there anything I need to do to make sure there is as much separation as possible?
    It occurs to me that if Win7 should become infected, if the malware is windows oriented, perhaps the non-windows OS will be even less vulnerable. Does this have any merit?
    Our intent is to continue using Win7 in a typical fashion where web surfing is more or less unrestricted. We do have virus protection software running. The non-windows OS will be used for financial transactions at secure sites only, such as online banking.
    Now. Be honest. Am I really accomplishing anything positive or am I going to a lot of trouble for little or no gain?
    Thanks

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •