Multiple operating systems to enhance security

Multiple operating systems to enhance security

How do you comment about the security benefits of such a setup?
Drive C: Empty or dummy OS
Drive D: Windows XP Pro SP3 (for normal usage)
Drive E: Windows XP Pro SP3 (dedicated for online banking, shopping and the like)

Security benefits:

1. Non-default drive letter: Minor benefit but you are *slightly* less likely to be hacked if Windows resides on a drive other than C since the vast majority of people install Windows to their C drive. I know it's minor benefit but it doesn't hurt to do
2. Dummy OS for easy target: You may optionally install a dummy OS. Its purpose is to sit and wait for infection. It's to give a false target for the hackers to attack.
3. Dedicated Windows for mission-critical tasks: You only boot from this system to perform online banking, shopping and the like. Login --> Go to bank website --> Do transaction --> Log off. It's next to impossible to get infected in this case. You can install no security software or just a firewall in this dedicated Windows.

This setup is much better than the expensive security setup with anti-virus, anti-trojan, anti-spyware, HIPS etc. Still they can't help getting infected by the ever-changing malware technology.

This setup is 99.99% safe against new unknown malware, and even personalized/rare malware, unless this setup becomes so popular and malware writers start to write virus to infect multi-operating systems.

What do you think? How true is it?

 

It probably wont work because malware will target %systemroot% as opposed to the full path.

 

Are you commenting on "non-default drive letter" benefit? Yes it's only useful if the malware targets the absolute path. If it uses %systemroot% it doesn't matter where you install. I would consider a minor benefit against some crude malware.

 

just use two os to enhance ur security , if one of them fails to boot u can use the other to restore the first by its image........

 

I dont think it helps because presumbly you will be running NTFS on all the parititions so that Windows will recognise them. The virus can easily install itself in the other partitions.

 

I think a virus is less of a concern. You should still have some proper protection and prevention measures of the Windows for normal usage, or you may get hit by a destructive virus as an example which tries to delete everything in your computer. But it isn't a big deal if you have proper backups.

The most intimidating ones is unknown trojan/keylogger which can't be detected by your security product, and you never know you get infected (they don't show any signs of appearance). The split of work by two OSes seem to defend against this kind of risk very well. I don't think a trojan is able to steal login password when I'm not booted from the infected Windows. What do you think?

 

To further ehance the interesting idea of split work between 2 OSes, you may do those extra steps:
- replace with Linux if you can manage to get used to it
- install a security product which prevents any change of the dedicated operating system. It discards any changes made last time every time you boot from the dedicated Windows. With the help of such a secrity product, this multi-OS setup seems to be feasible and fail-safe way to defend against any kinds of trojans, keyloggers, rootkits.

 

Just use a LiveCD and save the space you have to put in to the other two operating systems.

I'm not trying to offend you and I know you have put some thought into this but this is not as a good idea as you think it is.

 

LiveCD? What is this? How does it work?
Can we have a Windows LiveCD so we simply boot from this Windows (on CD) --> online banking --> shut down??

Edited: Looks like the Windows LiveCD is a better alternative, offering the same failsafe protection.
How fast can I boot Windows from a CD (same as normal Windows?!)? Can I still perform at ease or do I need to setup the Internet connection every time I booted from LiveCD?

I didn't put a lot of thoughts in it because the original ideas don't come from me although I find this setup interesting.
Instead of knowing it's a good or bad idea, I want to know the why's (reasons), or if there are better alternatives.

 

You have the right idea. A LiveCD is one that you can boot straight from a CD. You can create windows LiveCDs but there are many linux ones you can download.

I've already mentioned why it is not a very good idea. You are creating 3 different partitions but because you are using NTFS (otherwise you wont be able to read them), a virus can see it to and will just jump over.

The smarter solution is to either use a LiveCD, use full virtualizaion software like Virtual Box, disk virtualization like Returnil or sandboxing with sandboxie.

 

If I really want to be safe, I use vmWare box. I make a snapshot, get online do banking or whatever, then go back to snapshot. About the same as using Returnil or sandboxie as far as you go back to clean slate. The advantage IMO, you can keep that vmbox if you reisntall or move to a new computer. And you can create mulitple snapshots, make the hdd's read only, still install all of your fave security apps etc.

I use this for online financial stuff some but much much more for testing applications because it gives me a psuedo network to try things on I cannot do on just my pc with say returnil.

Sul.

 

Hello,

I may sound ... boring, but:

Master the knowledge and it won't matter what you use, how many, how often, and to what purpose. It is perfectly reasonable to use a single operating system for anything you may need, without any special extras.

Mrk

 

I wholeheartedly agree 99%. I try many security apps/methods because I like to learn more, but learning what the OS is doing, why and how, and then learning of the possible exploits, and then tweaking the OS to remedy as much as possible is the best way. My system probably does not need much other than a router and obligatory AV. Personally I don't do any banking at all though without vm or sandboxie. I don't feel what little funds I have need to be the 1 in 1,000,000 chance of compromising.

However, the majority of peeps IMO don't want to take the time or just don't want to learn. So I guess if that is the case the questions in this thread are of pretty real importance to many.

But I do like your philosophy on it very much.

Sul.

 

hey sandboxie and antivirus ,virtual system like shadow defender is a must

windows live cd is very good to have.

Among backup and rollback software choose one....
Malware destroys all partitions in general.but having two oses gives u security in cases disasters caused by conflicting applications.

 

Is it possible to update the Windows LiveCD? For example, MS may release new updates/patches and I want it to be included in the LiveCD? If yes, is it easy or difficult to do?

What if I want to include a few applications (eg AV and firewall) into the LiveCD, and keep them updated once in a while? What is the best way to do?

What if it's a trojan/keylogger? A trojan/keylogger isn't smart enough to infect the another inactive Windows. So they can't steal my accounts when I log in from the clean Windows (even better, from the CD which is impossible to get infection).

 

LiveCD is an interesting one since I can boot from a CD which is immune to any kinds of infection. But the problems may be it's hard to keep it updated?!

I don't understand how sandboxie helps. If your host computer is getting infected, sandboxie doesn't help. You can't sandbox everything for normal usage and only do online banking on the host computer. It isn't feasible.

The same applies to full virtualization. You can't do mission-critical tasks in the virtual desktop if your host computer is infected. So what do you do? You carry all sorts of normal activities in the virtual desktop. Is it really feasible that you use the virtual desktop for everything else, and use the host computer only for mission critical tasks?

Also it seems there are a number of trojan/keylogger which can detect whether you are using a virtual desktop or not, and break through it. I don't know whether there are more trojan/keylogger which can manage to infect the host computer than trojan/keylogger which can detect I have two OSes and infect both.

 

Even if you have all the proper common senses and proper measures, it doesn't mean you are immune to infection. I know the risks will be much reduced but it's still there (let's assume the risk is 1%).

If you use the computer to do mission critical tasks, you may not be able to afford even 1% risks. You want 99.99% safe.

This is what I'm trying to help them achieve, espeically the novice people.

Let me give you an example. You are an office clerk who will receive a lot of email every day. You have some basic common security sense. You don't run any executable programs. One day someone sent you a picture asking for help. You downloaded the picture and opened it. Nothing seems special. You used the computer as usual. Actually a personalized trojan is dropped when you open the picture file. It makes uses of the new exploits found in Windows when handling picture formats to infect you.

Since it's a personalized trojan and that trojan never gets into the hands of the security researcher, you never know it is monitoring behind you unless you are computer savvy. The AV/AS won't detect it either. The trojan can stay undetected and without your notice for many years.

This sort of things actually happened. I remeber the news which a malware makes use of jpg exploits to infect client computers. I think a Google of jpg exploits can find it. It is something that someone with common security sense will still fail.

A few years ago, there was no rootkits. A few years later, we know all about the horrible rootkits which can be completely invisible to the system. If we were a first few who encountered such malware in the first place, we would get infected without notice.

It's uncommon a trojan is being added after months or years of release when the trojan is not so popular. I realise it's pretty easy to create a personalized trojan/keylogger which can't be detected by any AV. Some are selling them in the underground. After all it's only a program. There is no definite way to distinguish between a good and bad program. A good program can perform deletion (and in a good way). A bad program can perform deletion (but in a bad way).

If common sense and proper measures work so well, the security experts wouldn't have so much headache to secure the government and corporations computers. As a matter of facts, software always has bugs and exploits in nature. Even goverment departments, large corporations, financial firms are losing money due to hackers, malware, trojans and keyloggers.

One example: Although not common, some hackers managed to hack into some popular websites in the past and drop some malware in the server. Since the files come from the reputable websites, you are not cautious and run it and......

To balance the viewpoints, it really depends on what you want and what you do. The world is big so it may not be as dangerous as it may sound above. If you strictly go to Yahoo to read news and do online banking only, your exposure is so low and the chance of encountering new threats is slim. The new threat can reach you either from Yahoo/your bank (but they have to hack/infect the server first which is very hard), or find OS vulnerabilties which can infect you computer without your permissions (but a firewall will help cover most of those vulnerabilties. It's also very hard to do).

If you have to receive emails from the strangers, or talk to strangers on instant messenger, your exposure is much higher, and the chance of encoutering new threats increase. The risk of infection is also increased.

If you don't do important tasks in your computer, you don't care much even if a trojan is trying to steal your email account etc. You may not bother doing the extra steps to reduce the small risk further. After all the risk is 1% only.

But if you want to do mission-critical and you can't afford even 1 instance of misery, you need to take extra precautions. For government which process highly sensitive data, they will want to ensure virtually zero chance of hacking and infection. One way to do this is to simply isolate the important computers from the mass. The source of infection is cut. You won't get infected unless you get infected in the first pace.

 

If you create an updated livecd yourself then theres a risk the machine you use to create the livecd could transfer something undeseriable...

If you use someone elses machine then you have to trust their machine...

At some point you have to have a bit of faith or the only way you will get by is building your own chips from scratch and coding your own OS and apps...

 

In essence what you are proposing is having multiple operating systems on your computer. That is what All the virtualization and sandboxing programs provide. In the virtual machine or sandbox, you do all your surfing and emailing. That provides much better containment (because that is what they are designed to do) and are less resource intensive.

 

Best solution if you don't want [to learn/spent time configuring/etc] security apps is to use a LiveCD.

 

I would agree but also just as easily would be to have a vmWare OS and use the vmPlayer. This does require installing the OS in a vm box first, but you can keep it indefinately and it is as simple as starting an application.

Sul.

 

Being up to date isn't nearly as important with a live CD. The entire operating system is burned onto the CD and is "read only". Malicious code can't add to it, modify it, or delete any of it. Being "read only", Live CDs are immune to the vast majority of malicious code. Most live CDs are Linux. One of the easiest ones to start with is Knoppix. I still occasionally use an old Knoppix Live CD, version 3.7 from 2004. It works just fine. On older hardware like mine, it works better than the new ones. FYI, a live CD such as Knoppix is one of the best tools for finding and deleting rootkits on an installed system.

Back on the subject of multiple operating systems. Having more than one OS to boot from can be very handy. If one has a problem, it can usually be fixed from another. I strongly suggest that you do not try to use more than one instance of the same operating system. If you want 2 versions of windows, use XP and 2000, XP and 98SE, etc. I run 3 operating systems, 2000, 98, and Linux, each on its own hard drive. Every OS has its strengths and weaknesses. By choosing different ones, you can make use of each ones advantages as you need. Virtualization has its pros and cons. It's an excellent way to try out different operating systems without the hassle of building a multiple OS setup. There is a price to pay in performance since your hardware is running 2 separate operating systems at once. Myself, I'll try out an operating system on virtualization software. If I decide to keep it, I set up a real one. If you're new to dual and multi-boot systems, I'd suggest using virtualization for now and study up on multiple OS setups, bootloaders, etc as you can. At present, virtual systems are relatively secure. As they get more popular, they'll be targeted more and some of the attacks will be successful. From a security perspective, it's hard to beat a freshly booted live CD.

 

I use a similar approach except in run my multiple OS's virtualzed. Different virtual machines for different tasks.