Results 1 to 7 of 7

Thread: dual os

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    242

    Question dual os

    On a pc with a dual os (redhat, windows2000) can the unbooted or inactive os be compromised by a virus or attack on the active os. Can a trojan operate under both os's?

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    For the most part Viruses cant touch Linux, Tux eats em lol. i know you can get one like a boot sector that would maybe stop anything from loading, but other than that, it would be very hard to program a virus (in my opinion it would be hard cause im not to good) that would also go into your partitions. but likei said Linux only has a few virii and they from what i hear dont do much.

  3. #3
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Interesting question! Let me think through this...If, for example, lets assume you are running Windows and Linux on the same box. When Windows is loaded, that OS cannot read the Linux partition, so you can't really do damage that way. On the other hand, if you're loaded into Linux and you had your Windows partition actively mounted as an external filesystem, a hacker could potentially muck around in your Windows files. If he was savvy enough, I don't see why he couldn't modify the registry files in the Windows directory to have some executable that he puts on that partition run when Windows loads again. This would take some real creativity by someone who had to know you were running a dual-boot system. Still, it seems possible to affect the dormant OS while another one is loaded.

    However, I don't know of any trojan's or virii that can operate in 2 OS's equally. Most Microsoft virii, for example, take advantage of Visual Basic and the Windows registry. Linux doesn't have a registry and doesn't run Visual Basic or any of it's dll's. Still, I never rule out human creativity. As long as web technologies are being developed to be more and more comfortable in both *nix and Windows environments, the possibilty exists for someone to manipulate that capability for malicious purposes.

    Excellent question, though!
    /* You are not expected to understand this. */

  4. #4
    Well, if someone designs a virus that exploits some local vulnerability or is executed as root, it can mount the other filesystem, using system calls or even running mount. I don't think it's impossible, but I have never seen it. It would be really disgusting. Damaging the boot sector is another issue, since it won 't allow the boot loader to run.
    Using 2 operating systems in the same computer at home is ok, I do it as well. But doing this in a server, network environment, company, whatever, is just insane.

  5. #5
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    I don't know if this setup is so bad as to be called insane, but it definitely creates some vulnerabilities that you should watch closely. If you find you need to use 2 OS's on a regular basis, why not find some application that mimics the operation of both instead of maintaining 2 separate filesystems? VMWare would be a good example, as you could lock the security down on the virtual machine to almost nil. You could do regular checksums on the virtual disk (usually just 1 file on your filesystem) to make sure it wasn't damaged or compromised. There are other solutions like this for both Linux and Windows. Here's a short list of the main ones:

    If you're running Linux, you could run Windows apps with the following:
    VMWare - allows for virtual systems to run on the host OS
    Wine - allows for Windows apps to run under Linux

    If you're running Windows, you could run Linux with the following:
    VMWare - allows for virtual systems to run on the host OS
    Cygwin - allows you to run a Linux shell on your Windows filesystem
    /* You are not expected to understand this. */

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I would say so, yes.

    There is nothing stopping a piece of mal-ware that has compromised one OS from installing itself on the other. It is technically awkward (particularly difficult trying to write to, say, a Linux ext3 filesystem from win9x), but not impossible.

    If the mal-ware was running under Linux, it would need root (or some other permissions, depending on the set-up) to be able to attack a Windows partition.

    But I think it's very unlikely that someone would bother. Reasons:

    - There are very few dual boot machines out there (compared with single os)
    - Technically very tricky to cover every possible scenario. In particular, a multi-host piece of mal-ware would need to spread in both directions.
    - Most people with dual-boot machines use both to some extent, so even a specific mal-ware program can propogate some of the time.

    Note that this is a *completely*different scenario from a multi-platform worm. Because the worm spreads via a heterogenous network, it is quite advantageous for it to be multi-platform, because it can infect more hosts at once. The only case I know of is nimda, but there may be others.

    On a slightly different note, there are documented cases of people managing to (accidentally) run Windows mal-ware under Wine

    And on a completely different note, I used to use an Atari ST emulator (Atari ST is a 16 bit micro from the late eighties), but unfortunately managed to get my virtual machine infected with a virus (a boot sector virus had spread between by floppy disc images)

  7. #7
    Hmm perhaps insane was a bit too much. But I think that in an environment where the same machine is used by more than one person, sensitive data can be obtained from another partition by someone who shouldn't have access to it. The possibility of mounting the other partition may allow both this theoretical virus or a local user to have access to this data. Sure, I know in many cases, it isn't such a problem (like at home). But in lots of corporative networks, people are bind to a small set of programs, and it's not that hard to confine the choice to a single OS. Users/groups who have other needings, use another other computers, other software and another OS. At least, it's what I find more often.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •