horus Posted January 15, 2010 Share Posted January 15, 2010 Hi,I want to install 2 independent/isolated OS's on a 500GB HDD and I'm looking for a suited boot manager.OS1- 2 partitions: 30GB+120GB.OS2- 2 partitions: 30GB+250GB.and the rest of the space unallocated for the moment.I want to have the higher HDD speed on OS2, how should I partition the HDD? Which is the faster zone of a HDD? The beginning or the end?Coming back to the Boot Manager, I need a boot menu with a timer and a default Boot option(OS1), and a password protection for OS2.I also need to be able to set the isolation between the OS's. Sometimes, for a short period of time, I'd need to access OS1's partitions while booting from OS2. Also, can I partition the unallocated space later and asign the partition to one of the OS's?If the OS's are completely isolated, are there any chances that OS1 to infect OS2 by any means? Boot viruses? Anything else?Supposing I would achieve all of these requirements, let's say I'd take the HDD out, and stick it into another PC that has it's own OS. Would I be able to see the 4 partitions? Thanks in advance. Link to comment Share on other sites More sharing options...
jaclaz Posted January 15, 2010 Share Posted January 15, 2010 (edited) Boy how do I hate "philosophical" questions. The ones that have as subject "File A", "Directory B" and "Program C", and a "certain OS", and "another OS" Which actual, real OS is "OS1"?Which actual, real OS is "OS2"?You see, different OSses may have limits that could prevent the use or one or the other bootmanager, or a given partition order, and what not. Also, different OSses may already come with their own bootmanager capable of doing all the work. An OS (depending on WHICH OS it is) may be able to access the "other OS", another one may not. Boot virii tend to be pretty much OS agnostic, though. And which is the third OS that should see the 4 partition?How do you want them seen "untouched", modifying the disk is allowed, iusage of a program is allowed....Can you post a detailed example of WHAT you would like to do? jaclaz Edited January 19, 2010 by jaclaz Link to comment Share on other sites More sharing options...
horus Posted January 15, 2010 Author Share Posted January 15, 2010 I'm sorry, I forgot to mention, both OS's will be WinXP. I also forgot to mention that the HDD is empty, so there's no problem installing a bootmanger before actually installing the OS's.And which is the third OS that should see the 4 partition?I don't understand this question.How do you want them seen "untouched", modifying the disk is allowed, iusage of a program is allowed....Well, I want them isolated, independent, etc. They shouldn't know that there are other partitions/OS's on the HDD.They shouldn't be able to write outside their partitions. There might be some rare situations when I'd need to copy some files from OS1 to OS2, so I'd need to remove the "isolation" before booting.Supposing I would achieve all of these requirements, let's say I'd take the HDD out, and stick it into another PC that has it's own OS. Would I be able to see the 4 partitions?What I meant here? Let's say I take this HDD out of my PC and stick it into a friend's PC so he could copy some files. Could I access those files( or it would depend on the boot manager)? Link to comment Share on other sites More sharing options...
jaclaz Posted January 15, 2010 Share Posted January 15, 2010 There is no problem in making a setup so that 2 partitions are visible and 2 partitions are hidden, and choose which "couple" is visible and which is hidden when booting, but when you connect the drive to the "third" OS, let's say the XP on your friend PC, it will see EITHER one or the other "couple" of partitions, unless you use some tool (which you will have to have on BOTH couples of partitions in order to make sure that one is always visible) to hide/unhide the "other".I hope the sequence is clears if we call the first two partitins "XP1" and the second two "XP2", when booting you can choose to see "XP1" or "XP2", this setting is "sticky" until mext reboot, thus if you switch the system off when "XP1" was visible and you put the drive in your friends PC, only "XP1" will be visible (unless you use something to "change this situation).You do not even need a bootmanager, (if you want one, I can suggest grub4dos)http://diddy.boot-land.net/grub4dos/Grub4dos.htmbut a simple "special" MBR should do:http://mbldr.sourceforge.net/I have no idea what level of experience/knowledge you have of these tools or of these approaches, have a look at the docs in the meantime, then ask your questions. jaclaz Link to comment Share on other sites More sharing options...
dencorso Posted January 15, 2010 Share Posted January 15, 2010 Well, I, for one, definitely recommend GRUB4DOS. It opens one so many possibilities, besides and beyond its original intended use, that I think it's clearly the way to go. You intall it, and it'll serve you well for a long time. GRUB4DOS rocks! Link to comment Share on other sites More sharing options...
horus Posted January 15, 2010 Author Share Posted January 15, 2010 XP1 will be used by many people, and can/will get infected easily.I really need to be 100% sure that XP2 does not get infected from XP1, and that it stays clean no matter what.So, what boot manager should I pick? Link to comment Share on other sites More sharing options...
dencorso Posted January 15, 2010 Share Posted January 15, 2010 That's another reason to go the GRUB4DOS way. It'll allow you to include an option to boot also, say, Vista PE or Win 7 PE or Bart PE, straight from an almost damage-proof ramdisk-maped .ISO image, to use as a last line of defence, in case all else fails. Link to comment Share on other sites More sharing options...
jaclaz Posted January 15, 2010 Share Posted January 15, 2010 Well if you want 100%, there is NO KNOWN way. No matter what bootmanager.jaclaz Link to comment Share on other sites More sharing options...
DigeratiPrime Posted January 16, 2010 Share Posted January 16, 2010 What's the purpose of OS2, to clean OS1? IMO best way to prevent getting infected: don't logon as an Administrator. Easier to manage since Vista with UAC, again improved in 7.IMO best way to protect against boot viruses is: Bitlocker using a TPM. Bitlocker introduced with Vista, improved upon in 7.Since Vista you can repartition, shrink or expand volumes in Disk Manager without rebooting.The RAM disk idea is not bad, but you're not really supposed to do production work in PE. Other things to consider: Truecrypt, RAID, NTFS permissions, Deepfreeze/Returnil type software. Link to comment Share on other sites More sharing options...
horus Posted January 16, 2010 Author Share Posted January 16, 2010 The purpose of OS1 is to control some other machines from the network via RDP(yeah, it would be bad if it gets infected), and to be a fast recover/repair option, in case something happens to OS2.I don't know all the boot manager types, but if a boot manager installs itself on a OS used partition, wouldn't it be pretty easy to get exploited?(Grub4DOS installs itself in C:)What other types of boot managers are? The ones that install themselves in MBR, are they safe? Can these keep OS's completely isolated? Can they keep the MBR inaccessible for viruses/malware/etc?What about the ones that install themselves in their own separate partition? Link to comment Share on other sites More sharing options...
dencorso Posted January 16, 2010 Share Posted January 16, 2010 GRUB4DOS can be installed in an OS Partition, in a Partition Boot Record, in the MBR, in its own (hidden) private partition, and even in a CD El Torito boot loader. Do you need more versatility than that? Link to comment Share on other sites More sharing options...
horus Posted January 16, 2010 Author Share Posted January 16, 2010 dencorso, where should I install GRUB4DOS to obtain maximum isolation/security? Link to comment Share on other sites More sharing options...
horus Posted January 19, 2010 Author Share Posted January 19, 2010 please help. Link to comment Share on other sites More sharing options...
jaclaz Posted January 19, 2010 Share Posted January 19, 2010 dencorso, where should I install GRUB4DOS to obtain maximum isolation/security?NOWHERE.You DO NOT need grub4dos in your intended setup. Mind you not that it is not good, but would a good bicycle be more useful to a fish than a normal one? If you are so preoccupied about the security of your setup, you should completely change your approach, and use a cloned image in a crypted container or any of the alternatives DigeratiPrime listed.If you want to use grub4dos nonetheless, you will probably want to install grldr.mbr to the MBR (and few subsequent hidden sectors) AND copy grldr to any of the partitions.As always there are trade-offs, with grub4dos you can have more choices, but you give a more powerful tool theoretically accessible on the machine.jaclaz Link to comment Share on other sites More sharing options...
horus Posted January 19, 2010 Author Share Posted January 19, 2010 If you are so preoccupied about the security of your setup, you should completely change your approach, and use a cloned image in a crypted container or any of the alternatives DigeratiPrime listed.Yes, this is my main concern. What do you mean by using a cloned image, in a crypted container? Getting back to DigeratiPrime's post:IMO best way to prevent getting infected: don't logon as an Administrator. Easier to manage since Vista with UAC, again improved in 7.I'm going for XP, and accounts won't provide enough security unless I sacrifice the freedom of use by a lot[do not install software, do not modify X, do not access Y, etc].IMO best way to protect against boot viruses is: Bitlocker using a TPM. Bitlocker introduced with Vista, improved upon in 7Again, I'm not going to use Vista/Win7.Other things to consider: Truecrypt, RAID, NTFS permissions, Deepfreeze/Returnil type softwareTruecrypt is not good against viruses, the container can be deleted/modified just like any regular file. RAID has nothing to do with what we're talking here. Or, I can't figure it out.NTFS permissions aren't flexible enough either. Anyone can understand why. I don't think there's a need to give an example.Deepfreeze/Returnil aren't good either, since the OS1 will always be in a continous movement. Every restart would take me to the beginning. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now