On Mon, Oct 4, 2010 at 12:07, Lisi <lisi.re...@gmail.com> wrote: > I have no metrics myself against which to measure this. I have Googled, > but > have found it difficult to distinguish the FUD and biased/inaccurate > information from the "real" - and reliable - information. I would be glad > of > some opinions from the list. > > If I set up a computer to dual boot Windows and Linux (specifically Debian > Lenny) does the fact that Windows is sharing the computer in any way > jeopardise the security of the Linux installation? >
If your basic assumption is that your Windows system is less secure than your Debian system, then yes, it might. Even though Windows itself doesn't understand filesystem information etc. for Linux, Linux is open source, so it's hardly a secret how that works. There is userspace software for this. It is, however, extremely unlikely that someone will attempt to break into a Linux partition on a Windows box through an automated process: there are so few people doing this compared to the mass of Windows boxes, that there is little "profit" in it for script kiddies and crackers. So, yes, it does jeopardise the security, but not significantly, and probably less so than the Linux installation jeopardises the Windows installation. Does it make any difference whether they are in separate partitions on the > same disk or on separate HDDs? > No. Would running Windows in a VM from Linux make the Linux host less secure > than > dual booting, or more so? Would the Linux host in fact be > more/less/equally > secure than/as it would be if Windows were not on the box at all? > I think you may be approaching this the wrong way, and that you instead should ask yourself: How can I secure my system(s) in the best possible way? If your main fear is that a Windows security vulnerability might screw up your Linux data, use encryption for your Linux partition, e.g. with dm-crypt (http://www.saout.de/misc/dm-crypt/), and _do not store the password in a file_. -- Jan
