Jump to content

Boot Manager advice

horus

By horus
in Software Hangout

 Share

Recommended Posts

horus

horus

Posted
Posted

Hi,

I want to install 2 independent/isolated OS's on a 500GB HDD and I'm looking for a suited boot manager.

OS1- 2 partitions: 30GB+120GB.

OS2- 2 partitions: 30GB+250GB.

and the rest of the space unallocated for the moment.

I want to have the higher HDD speed on OS2, how should I partition the HDD? Which is the faster zone of a HDD? The beginning or the end?

Coming back to the Boot Manager, I need a boot menu with a timer and a default Boot option(OS1), and a password protection for OS2.

I also need to be able to set the isolation between the OS's. Sometimes, for a short period of time, I'd need to access OS1's partitions while booting from OS2.

Also, can I partition the unallocated space later and asign the partition to one of the OS's?

If the OS's are completely isolated, are there any chances that OS1 to infect OS2 by any means? Boot viruses? Anything else?

Supposing I would achieve all of these requirements, let's say I'd take the HDD out, and stick it into another PC that has it's own OS. Would I be able to see the 4 partitions?

Thanks in advance.

Link to comment
Share on other sites

jaclaz

jaclaz

Posted
Posted (edited)

Boy how do I hate "philosophical" questions. The ones that have as subject "File A", "Directory B" and "Program C", and a "certain OS", and "another OS" :realmad:

Which actual, real OS is "OS1"?

Which actual, real OS is "OS2"?

You see, different OSses may have limits that could prevent the use or one or the other bootmanager, or a given partition order, and what not. :ph34r:

Also, different OSses may already come with their own bootmanager capable of doing all the work. ;)

An OS (depending on WHICH OS it is) may be able to access the "other OS", another one may not.

Boot virii tend to be pretty much OS agnostic, though. :whistle:

And which is the third OS that should see the 4 partition?

How do you want them seen "untouched", modifying the disk is allowed, iusage of a program is allowed....

Can you post a detailed example of WHAT you would like to do? :unsure:

jaclaz

Edited by jaclaz
Link to comment
Share on other sites
horus

horus

Posted
  • Author
Posted

I'm sorry, I forgot to mention, both OS's will be WinXP. I also forgot to mention that the HDD is empty, so there's no problem installing a bootmanger before actually installing the OS's.

And which is the third OS that should see the 4 partition?

I don't understand this question.

How do you want them seen "untouched", modifying the disk is allowed, iusage of a program is allowed....

Well, I want them isolated, independent, etc. They shouldn't know that there are other partitions/OS's on the HDD.

They shouldn't be able to write outside their partitions.

There might be some rare situations when I'd need to copy some files from OS1 to OS2, so I'd need to remove the "isolation" before booting.

Supposing I would achieve all of these requirements, let's say I'd take the HDD out, and stick it into another PC that has it's own OS. Would I be able to see the 4 partitions?

What I meant here? Let's say I take this HDD out of my PC and stick it into a friend's PC so he could copy some files. Could I access those files( or it would depend on the boot manager)?

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

There is no problem in making a setup so that 2 partitions are visible and 2 partitions are hidden, and choose which "couple" is visible and which is hidden when booting, but when you connect the drive to the "third" OS, let's say the XP on your friend PC, it will see EITHER one or the other "couple" of partitions, unless you use some tool (which you will have to have on BOTH couples of partitions in order to make sure that one is always visible) to hide/unhide the "other".

I hope the sequence is clears if we call the first two partitins "XP1" and the second two "XP2", when booting you can choose to see "XP1" or "XP2", this setting is "sticky" until mext reboot, thus if you switch the system off when "XP1" was visible and you put the drive in your friends PC, only "XP1" will be visible (unless you use something to "change this situation).

You do not even need a bootmanager, (if you want one, I can suggest grub4dos)

http://diddy.boot-land.net/grub4dos/Grub4dos.htm

but a simple "special" MBR should do:

http://mbldr.sourceforge.net/

I have no idea what level of experience/knowledge you have of these tools or of these approaches, have a look at the docs in the meantime, then ask your questions. :)

jaclaz

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

Well, I, for one, definitely recommend GRUB4DOS. It opens one so many possibilities, besides and beyond its original intended use, that I think it's clearly the way to go. You intall it, and it'll serve you well for a long time. GRUB4DOS rocks! :thumbup

Link to comment
Share on other sites
horus

horus

Posted
  • Author
Posted

XP1 will be used by many people, and can/will get infected easily.

I really need to be 100% sure that XP2 does not get infected from XP1, and that it stays clean no matter what.

So, what boot manager should I pick?

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

That's another reason to go the GRUB4DOS way. It'll allow you to include an option to boot also, say, Vista PE or Win 7 PE or Bart PE, straight from an almost damage-proof ramdisk-maped .ISO image, to use as a last line of defence, in case all else fails.

Link to comment
Share on other sites
DigeratiPrime

DigeratiPrime

Posted
Posted

What's the purpose of OS2, to clean OS1?

IMO best way to prevent getting infected: don't logon as an Administrator. Easier to manage since Vista with UAC, again improved in 7.

IMO best way to protect against boot viruses is: Bitlocker using a TPM. Bitlocker introduced with Vista, improved upon in 7.

Since Vista you can repartition, shrink or expand volumes in Disk Manager without rebooting.

The RAM disk idea is not bad, but you're not really supposed to do production work in PE.

Other things to consider: Truecrypt, RAID, NTFS permissions, Deepfreeze/Returnil type software.

Link to comment
Share on other sites
horus

horus

Posted
  • Author
Posted

The purpose of OS1 is to control some other machines from the network via RDP(yeah, it would be bad if it gets infected), and to be a fast recover/repair option, in case something happens to OS2.

I don't know all the boot manager types, but if a boot manager installs itself on a OS used partition, wouldn't it be pretty easy to get exploited?(Grub4DOS installs itself in C:)

What other types of boot managers are? The ones that install themselves in MBR, are they safe? Can these keep OS's completely isolated? Can they keep the MBR inaccessible for viruses/malware/etc?

What about the ones that install themselves in their own separate partition?

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted
dencorso, where should I install GRUB4DOS to obtain maximum isolation/security?

NOWHERE.

You DO NOT need grub4dos in your intended setup. Mind you not that it is not good, but would a good bicycle be more useful to a fish than a normal one? :w00t:

If you are so preoccupied about the security of your setup, you should completely change your approach, and use a cloned image in a crypted container or any of the alternatives DigeratiPrime listed.

If you want to use grub4dos nonetheless, you will probably want to install grldr.mbr to the MBR (and few subsequent hidden sectors) AND copy grldr to any of the partitions.

As always there are trade-offs, with grub4dos you can have more choices, but you give a more powerful tool theoretically accessible on the machine.

jaclaz

Link to comment
Share on other sites
horus

horus

Posted
  • Author
Posted
If you are so preoccupied about the security of your setup, you should completely change your approach, and use a cloned image in a crypted container or any of the alternatives DigeratiPrime listed.

Yes, this is my main concern. What do you mean by using a cloned image, in a crypted container?

Getting back to DigeratiPrime's post:

IMO best way to prevent getting infected: don't logon as an Administrator. Easier to manage since Vista with UAC, again improved in 7.

I'm going for XP, and accounts won't provide enough security unless I sacrifice the freedom of use by a lot[do not install software, do not modify X, do not access Y, etc].

IMO best way to protect against boot viruses is: Bitlocker using a TPM. Bitlocker introduced with Vista, improved upon in 7

Again, I'm not going to use Vista/Win7.

Other things to consider: Truecrypt, RAID, NTFS permissions, Deepfreeze/Returnil type software

Truecrypt is not good against viruses, the container can be deleted/modified just like any regular file.

RAID has nothing to do with what we're talking here. Or, I can't figure it out.

NTFS permissions aren't flexible enough either. Anyone can understand why. I don't think there's a need to give an example.

Deepfreeze/Returnil aren't good either, since the OS1 will always be in a continous movement. Every restart would take me to the beginning.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...