[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security and dual booting/running in VM Windows and Linux

On Mon, Oct 4, 2010 at 12:07, Lisi <lisi.reisz@gmail.com> wrote:
I have no metrics myself against which to measure this.  I have Googled, but
have found it difficult to distinguish the FUD and biased/inaccurate
information from the "real" - and reliable - information.  I would be glad of
some opinions from the list.

If I set up a computer to dual boot Windows and Linux (specifically Debian
Lenny) does the fact that Windows is sharing the computer in any way
jeopardise the security of the Linux installation?

If your basic assumption is that your Windows system is less secure than your Debian system, then yes, it might.

Even though Windows itself doesn't understand filesystem information etc. for Linux, Linux is open source, so it's hardly a secret how that works. There is userspace software for this.

It is, however, extremely unlikely that someone will attempt to break into a Linux partition on a Windows box through an automated process: there are so few people doing this compared to the mass of Windows boxes, that there is little "profit" in it for script kiddies and crackers.

So, yes, it does jeopardise the security, but not significantly, and probably less so than the Linux installation jeopardises the Windows installation.

Does it make any difference whether they are in separate partitions on the
same disk or on separate HDDs?


Would running Windows in a VM from Linux make the Linux host less secure than
dual booting, or more so?  Would the Linux host in fact be more/less/equally
secure than/as it would be if Windows were not on the box at all?

I think you may be approaching this the wrong way, and that you instead should ask yourself:

How can I secure my system(s) in the best possible way?

If your main fear is that a Windows security vulnerability might screw up your Linux data, use encryption for your Linux partition, e.g. with dm-crypt (http://www.saout.de/misc/dm-crypt/), and _do not store the password in a file_.

Reply to: