Re: is there any Windows virus that affect linux?

To: Anil Duggirala <anilduggirala@fastmail.fm>
Cc: debian-user@lists.debian.org
Subject: Re: is there any Windows virus that affect linux?
From: <tomas@tuxteam.de>
Date: Tue, 12 Dec 2017 11:27:14 +0100
Message-id: <[🔎] 20171212102714.GA16321@tuxteam.de>
In-reply-to: <[🔎] 1513073399.618629.1202223608.5AA7590C@webmail.messagingengine.com>
References: <1300352151.2727070.1513036230786.ref@mail.yahoo.com> <[🔎] 1300352151.2727070.1513036230786@mail.yahoo.com> <[🔎] slrnp2ufqk.2m2.dan@xps-linux.djph.net> <[🔎] 1513071607.611256.1202195408.6EE5AF7A@webmail.messagingengine.com> <[🔎] 20171212100018.GD11973@tuxteam.de> <[🔎] 1513073399.618629.1202223608.5AA7590C@webmail.messagingengine.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Dec 12, 2017 at 05:09:59AM -0500, Anil Duggirala wrote:
>  Think for yourself a bit: technically it is perfectly possible. The
> > Linux partition is accessible from windows and, given some sort of
> > library for "understanding" the file system (probably ext4), files
> > can be modified this way. Vice-versa, the windows partition will be
> > accessible from Linux.
>
> Yes, that is what I am thinking. I have often accesed (viewed) Windows
> files from linux but not the other way around. I trust 10 times more on
> Linux security than in Windows, thus having dual-boot in my mind,
> diminishes my security ten-fold. Is there any safeguard in Windows (or
> in Linux) to avoid this access to a different partition?

Well, in Linux you've to be root to mount a partition (if you are using
a desktop environment, this fact is somewhat "cloaked" by PolicyKit
and friends). On Windows there'll be a similar mechanism, likewise
watered down by some convenience wrapper.

> > So in both cases, and given enough access rights, software can modify
> > the respective "other side". Only perhaps full-disk encryption (and
> > using different keys on both sides, and being particularly suspicious
> > when you get asked for the "wrong" key) might help you here. Except...
> > there's the unencrypted boot partition (cf. "evil maid attack").
>
> How does the boot partition play a role here? Is the software planted in
> Windows (or Linux) and then executed at boot?

That's the idea. In its simplest form, it would "impersonate" the
dialog asking you for your encryption passphrase (up to that point
things have to be unencrypted, remember[1]) and then, say phone home
giving away your passphrase.  Read on "evil maid attack"[2] (a stupid
name, but which has become somewhat standard in the field).

[1] Unless you have some help from the hardware. But given the
   last news on Intel's Management Engine, it's not really clear
   who that hardware is helping (it just seems clear it's not
   the user, though).

[2] https://en.wikipedia.org/wiki/Rootkit#Bootkits

> thanks very much.

You are welcome :-)

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlovrwIACgkQBcgs9XrR2kZa+QCfdmSVblwgpm8j1UaUoGEhmMXK
4e0AnjKWy+Ye8Zssn53+PY66QzrGcgCM
=MA/w
-----END PGP SIGNATURE-----

Reply to:

References:
- is there any Windows virus that affect linux?
  - From: Long Wind <longwind2@yahoo.com>
- Re: is there any Windows virus that affect linux?
  - From: Dan Purgert <dan@djph.net>
- Re: is there any Windows virus that affect linux?
  - From: Anil Duggirala <anilduggirala@fastmail.fm>
- Re: is there any Windows virus that affect linux?
  - From: <tomas@tuxteam.de>
- Re: is there any Windows virus that affect linux?
  - From: Anil Duggirala <anilduggirala@fastmail.fm>

Prev by Date: Re: unison compatibility in stretch
Next by Date: Re: unison compatibility in stretch
Previous by thread: Re: is there any Windows virus that affect linux?
Next by thread: Re: is there any Windows virus that affect linux?
Index(es):
- Date
- Thread