Multiple operating systems to enhance security

Discussion in 'other software & services' started by Wai_Wai, Sep 11, 2008.

Thread Status:
Not open for further replies.
  1. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Compare what you have said here

    To what you have said here

    Both types of scenarios can. Yet you seem extremely worried about the zero days and percieve it as a threat where as you dont seem to care about the customized keylogger where in fact you have no idea how often either is used to exploit machines.

    Because none of the computer users in these agencies exercise good practices. People are the weakest link, not security systems.

    Then why are you defending your position?

    So is it still possible for programs with low disk access to see these partitions?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,534
    Wrong. When I did some testing a while back, the stuff I was playing with installed on both disks. It was inert on the 2nd disk, but if you switched to booting to it, bingo.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,361
    Location:
    U.S.A. (South)
    Cleverness comes by experience and plenty of testing by malware makers.

    I agree with Pete, a troj/keylog "can be" stealthy landed or implanted as you say to the other system without activity, but log into that system and it can suddenly begin it's chore, whatever that may be.
     
  4. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    10,340
    Location:
    NSW, Australia
    When A is booted there are no other partitions. After using A and then shutting down the computer there is still only one partition in the master partition table. So if you use a DOS boot disk only one partition will be present. The A partition.

    The other partitions don't enter the partition table until B or C is booted.
     
  5. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    So it is actively re-writing the partition table?
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Use portable apps from a USB flash drive in conjunction with Ultimate Boot CD for Windows or similar. Use a USB flash drive with hardware write lock. Alternately, Ultimate Boot CD for Windows has the ability to add plugins during the build process, but I have no experience personally with doing such.
     
  7. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    10,340
    Location:
    NSW, Australia
    Correct. You get a different partition table in LBA-0 for each boot item. BING of course knows about all partitions and this information is stored in the Extended MBR (LBA-1 to LBA-7). BING puts the partitions that you desire into the partition table (in LBA-0) for your chosen boot item.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yeh there is a performance hit when running virtual machines however i simply pause the vm when its not in use so all its uses is ram which i have plenty of anyway.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,534
    From a security point of view, yes this might keep some of the malware from jumping partitions, but it wouldn't stop the malware that attacks the mbr itself. While there may be excellent reasons for doing this, for security it seems it would be more trouble than having images and just restoring them.
     
  10. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    In some cases yes. Some not.

    Well, good question. It's hard to say especially I'm not a native English speaker. Roughly speaking it is a way to see and learn the other side of the argument. I don't believe this setup is 99.99% secure either. But I know to see how limited this setup is. I see it is more limited than what I initially thought. I learned something new after the discussion after all. That's great.
     
  11. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Anything else, especially from the security point of view?

    What's the PC requirement of running such a setup? The host will actually be idle most of the time, so most work are done in the virtual machine. How much RAM is required? How fast the CPU is required? What about 4GB & dual-core CPU, more than enough?

    A new problem that I can think of is a malware is able to detect the virtual machine. It may either stop working (preventing researchers from identify it), or simply break out of the virtual machine and infect the host.
     
  12. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Some only?! Why? It appears it can keep a vast majority of malware to infect other partitions.

    The MBR problem can be solved if it is being protected by another security software.
     
  13. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I have 2 laptops which i run vm's on. One is a core 2 duo T7700 @ 2.4ghz, 3gb ram running windows xp. The other is a core 2 duo X9000 @ 2.8ghz, 4 gb ram running windows vista 64bit. Both can run multiple virtual machines with good performance as the core duo cpu has hardware virtualization support. How much ram is required depends on what OS you are running in the VM. I usually give about 512mb for XP or a linux distro and a gig or more for vista although you can run vista on 512mb depending on what you gonna do with it.
    Yeh theres malware that won't execute in a virtual machine, thats a reality. However malware thats able to break out of a VM i have yet to see. I guess if its able to take advantage of an exploit in the VM software then it might be able to do that but i'd say it highly unlikely as the developers are usually quick to patch vulnerabilities. I'd say the main way malware is gonna get out of a vm is through file sharing between the vm and host.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,534
    Absolutely, but then why bother with this messy configuration in the first place.
     
  15. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    farmerlee,

    It sounds good that such a PC configuration can run the virtualization software and the virtual machine smoothly.

    Does the virtualization work as expected? Does it emulate so well? Do all software work a virtual machine?

    What virtulaization software do you use or recommend? Why?
     
  16. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Virtualization works far better than i ever thought possible. I've run up to 4 OS's simultaneously and my laptop still performs well. Amazingly my windows xp & server 2003 virtual machines actually boot faster than my host system. The only software you can't yet run properly in a vm is anything to do with 3D graphics. 3D graphics card emulation is still in the experimental stage as far as i know.

    I use both vmware workstation and virtualbox. Vmware is great yet its very expensive, i'd only recommend it to those serious about virtualization. It has a lot of advanced features not found in other programs. For the average user virtualbox is fine, its free and is sufficient for most. The reason i use both programs is i've found certain linux distros don't always install that well. Some work better with virtualbox some with vmware, i'm no linux guru so i'll use the easiest option available.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.