0

I am looking for the way how to set up the my environments as I need more than one OS at once. I care about privacy and securities the most, that is my priority. But I can't refuse Windows in full. Because of that I need to know if Windows logs activities of other OS runned on same hardware ? Is there any way to run exploit under Windows that would get some informations about activities or data saved while the other OS was runned on same hardware ?

I want to ask about such a scenarios:

A. Let's say I have linux distribution as well as Windows normally installed on one physical disk.

B. What if I have just Windows installed on physical disk and have Virtual Box or similar application with Linux distribution powered ?

C. Is there a way if I power on Linux distribution from USB live or better – live cd ? Lets say I have Windows installed normally and I run Tails from Live CD. However if still secure I would prefer to run some more casual distribution of Linux rather than Tails.

Is it only good solution to have 2 different computers for different OS to be sure Windows and some online activity would not take ANY piece of important data operated on linux with little online activity involved ?

GuessMe
  • 91
  • 5

3 Answers3

2

Yes, in regular configuration, Windows can read the Linux partition and vice versa.

If you want to prevent this, you can encrypt your Linux partition and Windows partition with separate encryption keys. This way, only one partition can be unlocked at a time, so neither OS can get data from the other. In Linux you can use LUKS, and Windows you can use BitLocker for this purpose.

Note that some very advanced malware exists that can infect the hardware/BIOS and persist between dual boots and OS reinstall. These types of malware are relatively rare and often very hardware specific, but these types of malware may have the potential to cross between OSes despite dual booting and encryption.

There are also malware that may infect the boot partition. This type of malware can be prevented to some degree using Secure Boot.

Virtual machine changes this slightly. The host machine would be able to access the guest machine's date, but the guest machine won't (depending on configuration) be able to access the host machine's data. The only exception is a blue pill type of malware that can break out of the virtual machine. This type of malware is also relatively rare.

In short, if you want absolute guarantee of separation, then separate hardware is the only way. However, in practice, using disk encryption would make it very, very, very hard for most malware to steal data from the other OS.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
1

A. Let's say I have linux distribution as well as Windows normally installed on one physical disk.

I cannot foresee anything within Windows that can do this as officially Microsoft has not included EXT2, EXT3 or EXT4 supports by default.

You could enable LUKS (full-disk encryption) within the Linux drive. However, if particularly intent, it is possible for the unencrypted /boot/ to be overwritten with a bootkit. Which when the Linux drive was booting and decrypting could record the plaintext password used to decrypt the drive and then write a rootkit or spyware into the now decrypted Linux based OS.

B. What if I have just Windows installed on physical disk and have Virtual Box or similar application with Linux distribution powered ?

This would have the same problem of trusting the host OS (Windows) is not tampering with the VM.

C. Is there a way if I power on Linux distribution from USB live or better – live cd ? Lets say I have Windows installed normally and I run Tails from Live CD. However if still secure I would prefer to run some more casual distribution of Linux rather than Tails.

In this scenario, the only attack vector would be hardware related, or your BIOS firmware (during an update within Windows) installed a malicious firmware, which would monitor any OS booted. See, Malware that can survive BIOS re-flashing which should give some clarity about malicious BIOS firmware.

This would be something less to worry about, but none the less, a very real concern.

Despite this attack vector, the Live CD or Live USB is the better more secure option. Note, that a USB could be modified after having data written to it, consider either using a write-blocker, such as those used by SD cards or using Live CDs.

Is it only good solution to have 2 different computers for different OS to be sure Windows and some online activity would not take ANY piece of important data operated on linux with little online activity involved ?

This would depend on your OpSec. I personally share the same host machine. Can this be bad practice, as your entire security is only as secure as the weakest OS? Yes. However, I have not yet experienced issues regarding this.

If you can afford the finance and physical space for having two machines then this would, of course, be more advisable having two machines, one per OS. However, the ideal is not always viable.

safesploit
  • 1,827
  • 8
  • 18
  • IIRC, SD card write blockers switch are usually implemented in software. A malicious software can in theory install and use an SD card driver that ignores the write blocker position. – Lie Ryan Sep 15 '18 at 12:39
  • Just because Windows doesn't support Ext filesystem doesn't mean that Windows can't read the bits stored on the disk. Also, ext2fsd is an implementation of ext2/3/4 filesystem driver that can run on Windows. – Lie Ryan Sep 15 '18 at 12:48
  • That is a valid point, I should have made a note to ensure the write-blockers were hardware based only. While this is true about EXT2-4, I only stated Windows cannot access EXT2-4 partitions officially, but this is an attack vector. Hence, why I made the final conclusion I did. – safesploit Sep 15 '18 at 13:40
1

Yes, it's possible on the file system level. If the windows user you logged in have access to the file system of other operating systems, then the user can access required data.

Kay
  • 396
  • 2
  • 4