[Wai_Wai]

Multiple operating systems to enhance security

How do you comment about the security benefits of such a setup?
Drive C: Empty or dummy OS
Drive D: Windows XP Pro SP3 (for normal usage)
Drive E: Windows XP Pro SP3 (dedicated for online banking, shopping and the like)

Security benefits:

1. Non-default drive letter: Minor benefit but you are *slightly* less likely to be hacked if Windows resides on a drive other than C since the vast majority of people install Windows to their C drive. I know it's minor benefit but it doesn't hurt to do
   
2. Dummy OS for easy target: You may optionally install a dummy OS. Its purpose is to sit and wait for infection. It's to give a false target for the hackers to attack.
   
3. Dedicated Windows for mission-critical tasks: You only boot from this system to perform online banking, shopping and the like. Login --> Go to bank website --> Do transaction --> Log off. It's next to impossible to get infected in this case. You can install no security software or just a firewall in this dedicated Windows.
   

This setup is much better than the expensive security setup with anti-virus, anti-trojan, anti-spyware, HIPS etc. Still they can't help getting infected by the ever-changing malware technology.

This setup is 99.99% safe against new unknown malware, and even personalized/rare malware, unless this setup becomes so popular and malware writers start to write virus to infect multi-operating systems.

What do you think? How true is it?

[lotuseclat79]

Hi Wai_Wai,

Welcome to TSG!

In the setup you propose, it appears to use Windows nomenclature (C:\, D:\ and E:\), there is one hard drive partitioned three ways, or possibly 3 drives. If malware gets onto drive C, and gains root access, then the game is over.

A more ideal setup is to have two or more cores with the other cores watching and monitoring in real time what is going on in the first core assuming the system is constructed with shared memory between all of the cores.

The first core boots up a firewall, AV, AS, router protected Windows installation - take your pick. The second core boots up a different OS and monitors what is executed and gets pulled down or pushed from the Internet to the first core and automatically scans it in real-time for malicious signature. You could even have a third core that uses a different approach other than in addition to a signature based, aka a pattern based heuristic approach. It is also a good idea to have a HIPS, and real-time monitoring security agents running on your first core - that after installation has been battened down with extra security enhancements and useless software removed.

Your description seems to infer something like a honeytrap to capture malware which is not a bad idea in and of itself but would surely need more expertise to know what to do with it.

It is advisable that with whatever scheme you dream up, you have a hardware router connection to your ISP, and that once installed, you change the admin password to the router (which is a common vulnerability). Also, if malware is ever gets past the hardware router onto your system, you would be well advised to run a software firewall to monitor outbound connections from your system - i.e. an intruder wants to send your data home, so you need to block everything and only approve outbound connections that you know what they are.

My advice would be to rethink your scheme with the above suggestions (certainly, if money is no object you can do a lot).

I use Linux although I have a frobozed WinXP Pro SP2 that I need to reinstall if I so choose to do so in the future. As it is, I have a scheme whereby I run exclusively in a Live CD Linux environment, pay nothing for the OS, or security tools, and when I am connected have the attribute that none of my 4 hard drives are exposed to the Internet - i.e. they are all dismounted (I can even spin them down) and I run the Live CD environment in a GB of memory. Also, if any malware manages to make it onto my system while I am connected, the most harm they can do is store themselves in memory which looks like but isn't a file system - and when I turn the power off on shutdown of my computer system everything goes poof in memory!

-- Tom

[lunarlander]

Your 3 drive scheme would work if you disconnect the 3rd most important drive while using the 2nd one. (unplug the IDE/SATA cable ) If you have all three drives connected, if the virus scans your drives, it would find the 3rd drive.

Another scheme is the use a limited account and software restriction policy, if you have XP Pro. Here're the details:
http://www.mechbgon.com/build/security2.html

Maybe you can cook up something thats a bit of both .