is a dual boot secure?

[alank2]

Alan, but that is not virtualization, but a hack to dual/multiboot your machine 

You are correct, it is not.

Similar programs have been around for ages, e.g. System Commander.

I remember System Commander all right.  It was pretty cool in its day.  It doesn't separate partitions like my product does, but I used it for a couple of years.

[NiHaoMike]

Dual boot is so 1998... Nowadays, virtualization is usually the better choice.

Except dual booting and virtualization serve different purposes.

Virtualized OS is never going to function equally well as when it is running native on the HW. If you need only one odd application from the other os, by all means, virtualize. But you will suffer a lot if you need full performance from your peripherals, graphics, etc.

http://en.wikipedia.org/wiki/Xen

[janoc]

http://en.wikipedia.org/wiki/Xen

And your point is?

Moreover, Xen is a paravirtualization platform, it doesn't run unmodified OS if you want good performance. Good to run a large amount of servers, but I don't see a home user running that on their desktop in order to run Windows from Linux. If anything then VMWare or VirtualBox would be more relevant.

[NiHaoMike]

Xen supports direct hardware access.

[Mechanical Menace]

I'm guessing its starting here (for a powered off net boot attack):
1) Computer power supply is providing standby power to BIOS
2) Computer is chilling, ignoring everything that comes in on the LAN connection (except for a few unique "triggers")
3) unique trigger comes along the LAN cable, causes computer to power on and...

can you be specific though, like describing what happens in various hardware sub systems during this chain of events?

is it just the bios? or does it start from NIC firmware? is there a diff using a plugin NIC card (pci, etc)

WOL won't turn on your PC, it'll only wake it from sleep mode. And if you don't have netboot enabled your system won't try to boot from the NIC. And they'd need to change the settings on your DHCP server and set up a TFTP server on your network to implement that.

And nah, as far as your PC is concerned the onboard NIC is just another PCI/PCIE device.

[Leiothrix]

WOL won't turn on your PC, it'll only wake it from sleep mode.

Yes it will.  As long as it is enabled in the BIOS & NIC anyway.

[Mechanical Menace]

WOL won't turn on your PC, it'll only wake it from sleep mode.

Yes it will.  As long as it is enabled in the BIOS & NIC anyway.

But that's hardly standard settings and if you can get enough access to a machine set that up and set PXE or whatever up on on the network you might as well not bother.

But also yeah, good point too.

[SArepairman]

so, is a computer thats turned off but connected vulnerable or not to some kind of a attack which comes in from the LAN cable ??

[miguelvp]

If it has on wake up LAN, then maybe?

[abaxas]

Nothing is ever truly secure. Once you understand that, you can chill out a bit more.

[Sigmoid]

I heard a very good computer security maxim from one of my professors:
"If someone else has physical access to your computer, it is not your computer."

Most security measures an OS can provide are "alive" only when the OS is actually running. If you are able to run another OS on the same computer (not just through dual boot, booting a USB stick or DVD are very common attacks), the file systems of the non-running OS are just data, free to be read or modified at will.

The only way you can defend from this is by using a hard drive encryption system. This still allows an attacker to destroy your installation, but will likely thwart most attempts to steal data. (That said, there is no such thing as a perfect protection.)

[Mechanical Menace]

(That said, there is no such thing as a perfect protection.)

People don't seem to get that locks aren't meant to stop a determined attacker. They are designed to slow people down and should make any successful tampering very evident. So many common popular physical locks are only any good as a form of social contract and couldn't stop anyone who wanted to bypassing them.

[janaf]

If I wanted to dual boot windows and linux on the same hard drive, is it possible to somehow modify the linux files from within windows to compromise the linux installations security?

Physically swap hard disks feasible?