Re: Security and dual booting/running in VM Windows and Linux
On Mon, 4 Oct 2010 09:39:00 +0100 Lisi lisi.re...@gmail.com wrote: I have no metrics myself against which to measure this. I have Googled, but have found it difficult to distinguish the FUD and biased/inaccurate information from the real - and reliable - information. I would be glad of some opinions from the list. If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? Highly unlikely, windows viruses generally dont run under wine, and windows cant even read linux partitions unless you install a driver. And even then, there are very few linux viruses/Trojans in the wild. Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? Not really. Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? You can get exploits aimed at virtual machines which aim to infect the host, but again, rare and not normally aimed at someone running Windows via virtual box or the like. In general, when dual booting, what happens to one OS only happens to that OS (unless you mess up the partition record or something). If the worst happens, you can just whip out the windows partition and reinstall. The main headaches with dual booting are, having to reboot (obviously), bootloader issues (windows overwriting grub, other iffy drm overwriting grub, see adobe stuff), but you gain all the advantages of running the OS on the metal. VM's are nice for running one or two programs from within the host OS, but if your application needs high performance 3D, you will find using a VM lacking, also, on a lower power system, running windows on-top of linux can leave you running into ram and cpu limitations. Sorry if this ramble about general VM stuff is unneeded! The short version is, the risks with dual booting or using a self contained vm (eg not a vm which shares the hosts kernel) are minimal and not worth worrying about. Thanks, Lisi -- Regards, Angus Hedger Debian GNU/Linux User PGP Public Key 0xEE6A4B97 signature.asc Description: PGP signature
Re: Security and dual booting/running in VM Windows and Linux
On Mon, 04 Oct 2010 09:39:00 +0100, Lisi wrote: (...) If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? No, unless you are runing WINE inside Linux. Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? It does not matter. Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? Linux is not less secure by having to share the computer with Windows. Having a VM will allow you to run your Windows system inside Linux but it has pros and cons. If your main concern is about Linux security, this won't decrease by having a Windows system as an OS partner :-) Stored data is another thing. When running Windows just take the recommended steps to avoid your system from being infected. Data is OS- agnostic. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.10.04.09.04...@gmail.com
Re: Security and dual booting/running in VM Windows and Linux
On Mon, Oct 4, 2010 at 12:07, Lisi lisi.re...@gmail.com wrote: I have no metrics myself against which to measure this. I have Googled, but have found it difficult to distinguish the FUD and biased/inaccurate information from the real - and reliable - information. I would be glad of some opinions from the list. If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? If your basic assumption is that your Windows system is less secure than your Debian system, then yes, it might. Even though Windows itself doesn't understand filesystem information etc. for Linux, Linux is open source, so it's hardly a secret how that works. There is userspace software for this. It is, however, extremely unlikely that someone will attempt to break into a Linux partition on a Windows box through an automated process: there are so few people doing this compared to the mass of Windows boxes, that there is little profit in it for script kiddies and crackers. So, yes, it does jeopardise the security, but not significantly, and probably less so than the Linux installation jeopardises the Windows installation. Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? No. Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? I think you may be approaching this the wrong way, and that you instead should ask yourself: How can I secure my system(s) in the best possible way? If your main fear is that a Windows security vulnerability might screw up your Linux data, use encryption for your Linux partition, e.g. with dm-crypt (http://www.saout.de/misc/dm-crypt/), and _do not store the password in a file_. -- Jan
Security and dual booting/running in VM Windows and Linux
I have no metrics myself against which to measure this. I have Googled, but have found it difficult to distinguish the FUD and biased/inaccurate information from the real - and reliable - information. I would be glad of some opinions from the list. If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? Thanks, Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201010040939.01084.lisi.re...@gmail.com
Re: Security and dual booting/running in VM Windows and Linux
Dne, 04. 10. 2010 10:39:00 je Lisi napisal(a): I have no metrics myself against which to measure this. I have Googled, but have found it difficult to distinguish the FUD and biased/inaccurate information from the real - and reliable - information. I would be glad of some opinions from the list. If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? In the very least, a Windows rootkit or virus could potentially mess up your partition table, or the master boot record; but there are certainly other equally risky scenarious that other list memebers will most certainly come up with. So the answer to your question is definitely yes. Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? For the above scenario, hardly. Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Depends on the virtual technology used. Depends on how well is the particular virtual environment isolated from your host OS and the bare metal on which it is running. In this regard, I'd say that XEN is not equal to kvm (which uses a kernel driver), and kvm is, in turn, not equal to qemu (which runs entirely in userspace, IIRC). Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? Is this meant as a joke or as a genuine question? ;P -- Regards, Klistvud Certifiable Loonix User #481801 http://bufferoverflow.tiddlyspot.com Please reply to the list, not to me. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1286182581.2705...@compax
Security and dual booting/running in VM Windows and Linux
I have no metrics myself against which to measure this. I have Googled, but have found it difficult to distinguish the FUD and biased/inaccurate information from the real - and reliable - information. I would be glad of some opinions from the list. If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? Thanks, Lisi Sorry if my last attempt to send this eventually turns up, so you get 2. :-( -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201010041107.01732.lisi.re...@gmail.com
Re: Security and dual booting/running in VM Windows and Linux
On 10/04/2010 10:39 AM, Lisi wrote: I have no metrics myself against which to measure this. I have Googled, but have found it difficult to distinguish the FUD and biased/inaccurate information from the real - and reliable - information. I would be glad of some opinions from the list. If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? Does it make any difference whether they are in separate partitions on the same disk or on separate HDDs? Would running Windows in a VM from Linux make the Linux host less secure than dual booting, or more so? Would the Linux host in fact be more/less/equally secure than/as it would be if Windows were not on the box at all? Thanks, Lisi I think that running Windows inside Linux (VM) is best option. You can forbid Windows through VM to connect to the internet. If I remember correctly you can disable also that guest (Windows) connect to host (Linux). Running Windows in VM also save you from rebooting. -- Bye, Goran Dobosevic Hrvatski: www.dobosevic.com English: www.dobosevic.com/en/ Registered Linux User #503414 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ca9b06b.40...@dobosevic.com
Re: Security and dual booting/running in VM Windows and Linux
On Mon, 04 Oct 2010 11:00:02 +0200 Klistvud wrote: Dne, 04. 10. 2010 10:39:00 je Lisi napisal(a): [...] If I set up a computer to dual boot Windows and Linux (specifically Debian Lenny) does the fact that Windows is sharing the computer in any way jeopardise the security of the Linux installation? In the very least, a Windows rootkit or virus could potentially mess up your partition table, or the master boot record; but there are certainly other equally risky scenarious that other list memebers will most certainly come up with. So the answer to your question is definitely yes. Other scenario: Windows rootkit - mount linux partitions - replace some binaries/kernel/libs of your Linux installation - compromised Linux system Cheers, Simon -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/i8d15o$bao$0...@news.t-online.com
Re: Security and dual booting/running in VM Windows and Linux
On Mon, 4 Oct 2010 18:59:36 +0200 Simon Brandmair sbrandm...@gmx.net wrote: In the very least, a Windows rootkit or virus could potentially mess up your partition table, or the master boot record; but there are certainly other equally risky scenarious that other list memebers will most certainly come up with. So the answer to your question is definitely yes. Other scenario: Windows rootkit - mount linux partitions - replace some binaries/kernel/libs of your Linux installation - compromised Linux system Cheers, Simon Well, as I agree that the scenario you describe could happen, the likelihood is very low. Most malware these days is out to make money, in some shape or form, mostly via copying/keyloging passwords et al or blackmailware (eg, some stuff will lock/encrypt your data and make you pay to get it back - I have heard of at least one piece of software that will do this), or scamware (eg, fake anti virus applications). And for the most part, targeting linux with these kinds of malware, would be a waste of time, mostly due to a limited end user market, in comparison with windows (Most stuff is social engineering these days, with limited numbers of real remote or local exploits, it would be no more difficult to make someone download and click on a rouge .deb compared to a rouge .exe). Having Windows on a computer and using due care and diligence with booted into it, or in a VM does not make a computer any more or less safe for the most part. I suppose having more than one OS does increase the attack surface of a machine, but with restrictive firewalls, and a good hosts file [1], and a decent anti virus on the windows side (booo hiss) [2] you can be just as secure. If you can avoid using windows, it helps, sure, but at the same time, for home use, if someone is computer literate enough to understand the idea of dual booting or using a VM, I am sure they would understand basic browsing safety precautions. I apologise for the wall of text, I have spent the day doing paperwork, so have found myself in a verbose mood. [1] http://www.mvps.org/winhelp2002/hosts.htm [2] http://www.avast.com/en-gb/index or http://www.microsoft.com/security_essentials/ -- Regards, Angus Hedger Debian GNU/Linux User PGP Public Key 0xEE6A4B97 signature.asc Description: PGP signature