security on a multiboot system

[Walter Donavan]

I have a multiboot system with Win 2K, Win ME, and another copy of Win 2K.
Only one system has access to the Internet and only it has my suite of
security tools. All file systems are FAT-32 for ease of use.

My question is this: should I install all my security tools on all three
systems, and frequently update and run all three sets?

I haven't done it so far because two systems can't access the Internet and
therefore cannot pick up malware that way.

AVG Free antivirus checks all four partitions anyway.

Ad-Aware checks all drives, but I doubt it checks all three registries.

SpyBot Search & Destroy, SpyWare Blaster, and SpyWare Guard only protect the
system on which they are installed.

So, short of removing two of the three OS's, would it be preferable to
install all five programs on all three systems, give all three systems
Internet access, and triple my security chores?

Tell me there is an easier way that is just as safe.
--
Walter Donavan
Revelation: The Seven Stages of the
Journey Back to God
www.revelation7stages.com
www.1stbooks.com/bookview/15479

 

[Pegasus]

It depends.

If the various OSs are visible to each other then they
are vulnerable to some extent. If they are installed in
partitions that are hidden from each other then they
are not.

 

[Walter Donavan]

As stated, they are visible to each other (FAT32).

 

[Pegasus]

As stated, they are visible to each other (FAT32).

The type of file system has nothing to do with visibility.
A robust multi-boot system consists of several partitions
of any type, all of which are mutually hidden from each
other.

 

[I'm Dan]

The type of file system has nothing to do with visibility.
A robust multi-boot system consists of several partitions
of any type, all of which are mutually hidden from each
other.

From the earlier thread, "Multiboot with Win ME and 2 copies of Win2K?", I
believe Walter is using Microsoft's method of pseudo-multibooting, so he is
stuck and unable to hide OS partitions from each other.

 

[Walter Donavan]

Yes, I'm using Microsoft's method. So I'm only a pseudo-multibooter? Sob!

Seriously, how could I become a *real* multibooter? I understand there are
programs for this?

 

[Pegasus]

Yes, I'm using Microsoft's method. So I'm only a pseudo-multibooter? Sob!

Seriously, how could I become a *real* multibooter? I understand there are
programs for this?

Check Google for XOSL. It's a proper boot manager, with a graphical
user-interface, and it's free!

 

[I'm Dan]

Yes, I'm using Microsoft's method. So I'm only a pseudo-multibooter? Sob!

Seriously, how could I become a *real* multibooter? I understand there are
programs for this?

XOSL is my favorite, but you'll also find recommendations for BootIt-NG,
OSL2000, V-Com's System Commander, Symantec/PowerQuest's BootMagic (bundled
with PartitionMagic), and several others. The catch is that a genuine
multiboot is incompatible with Microsoft's method, so would require you to
reinstall all OS's (except the first one - the one your system probably
calls the 'C:' drive). Looking at your other thread, it looks like you put
a lot of work into getting where you are, so I'm not sure it's worth the
effort to reinstall everything just to change multiboot methods. OTOH, if
you are inclined to change your boot manager, it's better to do it before
you invest a lot of time tweaking the OS's to get everything just right.
You can read more, with a comparison of the two methods, on my webpage
(www.goodells.net/multiboot - see the Multibooting Principles page) and
decide for yourself. Overall, the Microsoft method works for a lot of
people, but has a number of limitations I don't care to put up with, such as
the inability to keep OS's completely separated from each other.

As Pegasus suggested, if two OS's are hidden they would be completely
shielded from any viruses/worms trying to get in through the third OS. I
use that principle on my kids' machines, each of which dualboots with one
'trusted' partition and one 'untrusted' partition, each isolated from the
other. They do their schoolwork on the 'trusted' partition, connected to
the home LAN with file/print sharing. They do their Kazaa and virus-prone
activities on the 'untrusted' partition, which is blocked from the rest of
the LAN and only internet access. Since nothing vital is on the 'untrusted'
partition, I don't hesitate to wipe it and restore from a DriveImage backup
periodically to keep it clean from malware.

 

[Walter Donavan]

Hi Pegasus and I'm Dan:

I much appreciate your thoughtful replies. I do want to learn true
multibooting because I want to be free to add and remove operating systems
without regard to Internet and security considerations. I am retired and
computers (aerospace stuff), which were my profession, are now my hobby (PC
stuff).

I have the time and am willing to blow away my present operating systems so
I can learn true multibooting. I can keep Win ME (C, and I don't care
about the second copy of Win 2K (H, which was only experimental to try
booting more than one OS. That leaves only my main Win 2K (D that would
have to go to OS Valhalla. I'm willing to do that. My data would be
undisturbed; it has a partition of its own (E.

I have Partition Magic 8. I didn't know it contained BootMagic. I installed
it. It incorrectly said my C: OS was <NT whatever>, doubtless because of the
dual boot boot sector. I put BootMagic on hold for the moment.

I will download XOSL and will study Dan's web page before going further.

Again, many thanks to you both. I'll keep you posted if you wish and
doubtless will be back with more questions anyway.

 

[Gary Smith]

If the various OSs are visible to each other then they
are vulnerable to some extent. If they are installed in
partitions that are hidden from each other then they
are not.

While hiding operating systems from one another is a good thing to do in
many situations, there are some cases where it is not. An example of a
situation where you want two systems to be able to see one another is when
you intend to use one to repair the other or to perform modifications that
cannot be done while the system is running.