![GreyKnight33 [TX]](https://gnusocial.jp/avatar/6459-48-20220819211401.webp){kind=small}
GreyKnight33 [TX]
onto my next test, lets say you have two different win 10 os on your machine. if one of those win 10 os gets malware/viruses. is there a possibility the attack could bridge to the other os?
i'm guessing it could be possible if accessing the same file b/w the two os otherwise i feel the only way is via the bios. is that possible and am i missing other possibilities?
Sir² Morgan
@greyknight33 are the 2 disks/partitions each separately encrypted? if not, yes, easily. if they are, it could still be spending cycles on the infected install when running to break the encryption of the other. is secure boot enabled? if not, pretty easily via the bootloader, if it is, possibly still via the bootloader but it'd be trickier. otherwise the BIOS is an option but that's very manufacturer specific, so it'd usually be a last resort vector.
in short, definitely possible. likely? no
GreyKnight33 [TX]
@mh well this is an eye opener. didn't know it was easily done without these measures. so first, i think secure boot is enabled but i think i saw the option in the bios so that should be hard to engage. as for encryption, i doubt it :S both drives are the stock win 10 that comes with each machine. is it possible to add an encryption layer on them after the fact?
i'd say, at current, i'm a sitting duck with my current set up given your explanation. asus mobo so i dont' imagine too much security
GreyKnight33 [TX]
@mh holy crap, yup, seems maybe the only way to truly protect your machine is to run any files and internet connections thru a VM (tho i wouldn't be surprised if someone's found a way around that too).
only safe thing i have with this machine, it seems, is windoze can't see any of my linux partitions at all. seems like a windoze virus won't execute on linux so possible that linux/win10 machine doesn't pose a risk tho win/win does
Sir² Morgan
@greyknight33 I saw you posted another toot with more context saying it was an *external* separate ghosted drive? so as long as kept fully isolated from each other (e.g. not using the same USB thumb drive with both), most of the things I said wont be a risk. I was assuming 2 partitions or drives in the same machine. BIOS is still a possible but unlikely option, the real risk then is the network. its a ghosted image, so they're identically vulnerable to whatever caused the original compromise
Sir² Morgan
@greyknight33 there's very few Linux viruses, they could easily be made but nobody does because they're targetting the biggest easy target. that said, just because windows doesn't know how to read your Linux partition and pretends it isn't there doesn't mean its safe from a virus targeting it. you could easily implement the filesystem in user space in the virus and write directly to the disk without windows filesystem support. lots of DBs work with raw disks like this and their own "filesystems"
GreyKnight33 [TX]
@mh yup, external thumbdrive that was ghosted from another machine. my goal was to beat on a win10 machine without fear of the software i'm planning to run (pirated so zero trust). now, the external drive ssd can see the other drives on my host machine despite running off the win10 os on the external. the "data" drive (internal ssd) is fully accessible but the m.2 hosting the other win10 os is restricted. i kinda figured that presents a security hole. maybe not?
GreyKnight33 [TX]
@mh so really, it'd have to be a very targeted virus, aiming at ppl with dual boot win/linux. basically, very little chance of it existing like you said, "biggest easiest target"? still a risk but very small?
Sir² Morgan
@greyknight33 exactly. definitely possible, likeliness to exist now or any time soon? practically zero
Sir² Morgan
@greyknight33 for something like this, unless you really need the bare metal performance (meaning you're just pirating games), I'd just do it in a VM. even better if the VM is hosted in Linux. KVM is quite good for performance. you can keep it quite isolated this way, just make sure you keep your VM software and drivers up on security updates. then ghosting a drive is as simple as making a backup copy of the raw disk image file.
GreyKnight33 [TX]
@mh thanks! KVM, i'll check it out. yeah, i noticed VMware and virtualBox both don't utilize the on board GPU so looking to try others that can get around this.
definitley would host in linux, its far less resource intensive and i take it even harder for something infected in a win10 VM to breach to a linux host?
btw, got 8 cores on this machine and 16GB of ram. lets say KVM handles the GPU no problem, there a minimum resource to leave untapped, like 1 core and 1GB of RAM?
Sir² Morgan
@greyknight33 that question is getting a bit outside of my wheelhouse. I actually seldom need to use VMs at all these days, I haven't needed to use windows personally in about 25 years, or professionally in about 15. these days in the once per quarter off chance I need to run our front end software I just hop on our terminal services server. back when we didn't have that though I would usually restrict the VM to the minimum resources windows required, because it was a waste, to me 🙃
GreyKnight33 [TX]
@mh don't blame you one bit. ever since my shift to linux, i'm barely on win myself. its just Excel. damn that thing is powerful and necessary for my business :P ugh!
i'm going to mess around with KVM tho and i appreciate the recommendation.
never thought malware could jump from os to os. maybe will nab myself a monitor and run all my internet needs thru a pi hehe
GreyKnight33 [TX]
@mh just hit up KVM's page and don't see how to install. is there a repository to hunt for?
Sir² Morgan
@greyknight33 everything should be in your distro repositories. KVM is built into the kernel, so you likely already have that. what you need now is a VM manager and client. virsh is the default TUI manager, but it's more for headless applications. take a look at virt-manager, its a pretty clean GUI one that I think relies on QEMU for the client. So if you can find virt-manager in your repos, it should pull in most of what you need
Sir² Morgan
@greyknight33 was exercising so couldn't pull up the link atm, now I can. :) this should get you going
https://virt-manager.org/
GreyKnight33 [TX]
@mh thanks! just installed and trying to get win10 installed on it now. will report soon!
Sir² Morgan
@greyknight33 that should take care of 99% of the average user's use case. you can worry about learning the trickier parts of managing things with virsh later, if you ever even need to. also, if it didn't install it by default make sure you get the spice support enabled (usually its a separate optional qemu package), it improves UI responsiveness pretty considerably compared to VNC
GreyKnight33 [TX]
@mh holy shit! effin' install automatically connected to the internet! its trying to authenticate via email confirmations. i lied to the pos but WOW! i think its piggy backing my internet on the host machine!
Sir² Morgan
@greyknight33 it will by default. you can control what hardware is exposed to the VM in the settings
GreyKnight33 [TX]
@mh caught that afterwards. didn't even know when setting it up so killed that VM. gonna try again.
was kinda creepy :P
one thing i noticed is it doesn't seem to connect to the GPU. i imagine the video memory usage isn't scaleable?
Sir² Morgan
@greyknight33 you'll probably want to get spice working and read up on that if that's something you need, its not something I've ever been concerned with. the spice documentation does talk about PCI pass through and GL acceleration, so that may be worth looking into
https://www.spice-space.org/spice-user-manual.html
GreyKnight33 [TX]
@mh alright, got an update. VM installed win10 no problem. tried mucking around the video settings and zero luck. one setting actually allowed me to see the VM but was slow af. other settings leave a black screen.
i think i can still work with my USB bootable win10 but gotta look into ensuring secure boot and seeing how to encrypt partitions/drives after they are set up. otherwise i'll need to wipe Mint and encrypt with a fresh install. win10 on this puppy may need to be sacrificed
Sir² Morgan
@greyknight33 bummer, I've never had that kind of trouble but maybe your host just isn't up to the task or something. well at least you maybe learned a few new things for next time :)
GreyKnight33 [TX]
@mh i learned a ton and thanks again for all your help! i'm going to try messing around a bit more but definitely neat getting it all to function. who knows, might get the GPU to pass thru by some fluke lol.
always fun to tinker :D
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.