Using linux to cheat windows - drive security

tigrmesh · 2008-01-31 19:30:42

I have a windows box for programs that won't run on linux. I'd like to use the 2nd internal drive to make backups of the 1st drive.

The question is how to protect those backups if my windows installation is compromised. This data needs to be secure. I don't care if the solution is time-consuming as long as it's software-based (no crawling under the desk or opening up the machine). Obviously, the most secure way is never to turn on the machine at all...

These are the possibilities I've come up with so far:

1) Format the drive as ext3. Won't that make the drive invisible to windows? I could then use clonezilla or some other live cd to make the backups. Can an ntfs file backed up to ext3 be restored as ntfs?

2) Encrypt the drive and format as ntfs. But wouldn't windows then have access to the data on the encrypted drive?

3) Encrypt the drive and format as ext3. Would I then have to install a distro to that drive to access it?

4) Back up to an ntfs external drive that only gets turned on for the backups. But if my machine is compromised, wouldn't my backup media be too?

Thoughts anyone?

vogt · 2008-01-31 20:53:30

Correct me if I'm wrong, but windows will still be able to remove/destroy the other partition; it has permission to do whatever to your 'apparently' unformated partitions.

ext3 isn't normally writable by windows (in a way that keeps the filesystem alive), unless someone (you?) manages to install drivers or tools named in this tldp howto, which is pretty unlikely, so encryption seems pretty unnecessary (your point is to prevent the backup from being overwritten (which can happen anyways, not being read, which is the point of encryption)

If you just want to have your personal files backed up, you might loose some permissions or read-only flags set by windows, saving to ext3 (though ext3 would seem to be able to keep that data, minus alternate data streams, but those don't seem to be critical or used very much.

As a warning to you when you try to restore the backup: it is likely that parts that system will fail to boot because the windows boot sequence apparently has hardcoded refrences to some files whose positions will almost certainly be changed (so to avoid the reinstallation of windows, you'd have to make images of your windows partition (dd can do it).

So your best solution would be to use the external drive.

Or maybe there is a linux equivalent to that software?

or run the windows binaries using wine, or virtualize windows under qemu; with qemu, you can have that windows installation writing to a snapshot, or have multiple copies of that installation in the unlikely case that you get virii.

tigrmesh · 2008-02-02 03:23:48

Thank you for the thoughtful response. It's given me a lot to think about.

iphitus · 2008-02-02 09:31:51

Why dont you just encrypt it? Truecrypt offers encryption that works under both Linux and Windows.

11010010110 · 2008-02-05 11:52:30

Physically (electrically) disconnect the drive

For IDE drives (idk if it works for sata) - put it single on the secondary ide and disconnect just the power (5 and 12 v) with a switch. The box will be unable to see it (although may feel that there is something on that ide which may cause delay in the bios test screen etc)

This may work when there is another drive on the cable too but it may affect stability or performance of the other drive

Btw - this is how I did multiboot (windows 98 and windows Me) back before I found the linux thing

iBertus · 2008-02-06 04:44:47

I would second the external disc idea. It makes sense to be able to physically disconnect the backup from the system when not in use and also gives you the ability to store the backup in another location. I would worry about drive failure. Because of this possibility you may want to consider multiple solutions.

EDIT: Just another idea. Have you thought about a network attached storage device? This would not be physically attached to the computer and could be configured to allow access only with the proper password. You can even find these that implement RAID so that if one disc fails you don't loose your data.

Last edited by iBertus (2008-02-06 04:46:24)

tigrmesh · 2008-02-07 16:04:11

Thanks, all, for taking the time to reply. Clearly the external drive is the way to go.

@11010010110 - If I ever become willing to open up the case, what would I search for to find the kind of switch that you describe?

iBertus · 2008-02-07 17:05:26

tigrmesh wrote:

Thanks, all, for taking the time to reply. Clearly the external drive is the way to go.
@11010010110 - If I ever become willing to open up the case, what would I search for to find the kind of switch that you describe?

I may be wrong, but I've never seen a cable with the switch build in. I think you would have to modify a cable to have a switch.

tigrmesh · 2008-02-09 16:35:28

iBertus wrote:

I think you would have to modify a cable to have a switch.

Oh. I guess I won't be doing that one. lol!

Arch Linux

#1 2008-01-31 19:30:42

Using linux to cheat windows - drive security

#2 2008-01-31 20:53:30

Re: Using linux to cheat windows - drive security

#3 2008-02-02 03:23:48

Re: Using linux to cheat windows - drive security

#4 2008-02-02 09:31:51

Re: Using linux to cheat windows - drive security

#5 2008-02-05 11:52:30

Re: Using linux to cheat windows - drive security

#6 2008-02-06 04:44:47

Re: Using linux to cheat windows - drive security

#7 2008-02-07 16:04:11

Re: Using linux to cheat windows - drive security

#8 2008-02-07 17:05:26

Re: Using linux to cheat windows - drive security

#9 2008-02-09 16:35:28

Re: Using linux to cheat windows - drive security

Board footer