peter green wrote:

>> No particular OS... AFAIK, you can do this with all common OSes. For
>> example, just create a few partitions and install Windows or Linux
>> several times, one installation per partition. A boot menu allows you
>> to choose which one you want to boot to. 

> how does doing this achive anything security wise? in a dual boot setup
> both OS installs (whether the same os or different ones) have complete
> access to mess with each others drives.

(I'm talking about Win2k+ and NTFS in the following. Some of it may also
apply to other systems and file systems.)

I'm not sure, but I think that the large majority of trojans, viruses and
other animals won't (and probably can't) access disks in the system that
are not registered as disk drive letters. If the goal is separating the
systems, you of course would not have the other drives present as disk
drive letters. I also think that most of them infect running programs
(including system parts), which are separated as you don't run system and
application executables from the other systems. 

Furthermore, I'm not sure it is possible to access files on an NTFS
partition if you don't have the proper credentials. I think it is not
possible (unless access is set to Everbody or any of the general groups
like Users). On a normal multi-user system, you have the problem that every
user may want to install and run programs that have their files in strange
places or require changes to the system areas during installation. This
makes it quite difficult to "harden" a typical Windows system with multiple
users from this angle and is the reason why most Windows users run as part
of the Administrators group. However, if it's only you as user, it is easy
to make all files only accessible (maybe only writeable) by you. I'm not
sure, but I think another user, from another installation, won't be able to
access (write to) these files. (I'm not sure how the SYSTEM user and other
similar system users come into play here. They may complicate things a
bit.)

I'm not quite sure about the NTFS access restrictions cross-system. OTOH,
the first part may be enough (that the viruses won't access files on
partitions that are not present as drive letters). Has somebody ever
actually had a system cross-contamination in such a setup? I haven't, but I
haven't had any contamination to speak of at all, so I really can't tell.

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist