jaclaz Posted January 20, 2010 Posted January 20, 2010 The ONLY possibly "secure" way, as I see it, is having two disks, and use a hardware switch to turn the "good" one off.All the rest are subject to possible corruption/access.Something like this:http://www.dvhardware.net/articles4.htmlwith a lockable switch.This bootmanager goes into the same direction:http://www.msfn.org/board/wwbmu-need-some-...ber-t23622.htmlhttp://lab1.de/Central/Software/System-Tools/WWBMU/But if the actual disk drive is powered, it can be accessed, and it is "unsecure".jaclaz
Multibooter Posted January 20, 2010 Posted January 20, 2010 I want to have the higher HDD speed on OS2, how should I partition the HDD?HDD speed is the last thing I would think about when making a partitioning plan for multi-booting.I need a boot menu with ... password protection for OS2.System Commander, which I have been using for many years, has quite a sophisticated security arrangement, probably for corporate use, but I never used it, I don't want to lock myself outI also need to be able to set the isolation between the OS's. Sometimes, for a short period of time, I'd need to access OS1's partitions while booting from OS2.For my old laptops I have removable left-bay modules and removable right-bay modules. Each module can hold a separate HDD, i.e. up to 3 HDDs in the laptop. By installing an operating system to a removable module, and keeping it subsequently out of the laptop, I can be certain that there is no undesired interaction between 2 operating systems. I have many mutually visible operating systems, and cross-infection is in general not very likely, although many years ago I had a virus which started to encrypt various partitions, and thereby impacted other operating systems.You can specify in System Commander which partitions you wish to hide after you made your OS selection. Malicious code will then not see these partitions. I am not experimenting with malware, so I prefer to have all partitions mutually visible. Different Windows operating systems, however, do have some interaction. Windows XP, for example, surreptitiously changes the partition type of an NTFS 3.0 partition [Windows 2000] to NTFS 3.1 [Windows XP type].Boot viruses? Upon each computer restart, System Commander checks whether the boot code was changed and if so, asks whether you want to accept the change or reject it. Unless you accept a changed boot code, System Commander replaces the boot sector and the previous boot files with clean stuff stored in a separate folder for each operating system. Boot sector viruses are not an issue if you use System Commander.
horus Posted January 20, 2010 Author Posted January 20, 2010 (edited) The ONLY possibly "secure" way, as I see it, is having two disks, and use a hardware switch to turn the "good" one off.All the rest are subject to possible corruption/access.( I can't do it with a switch, it's unsafe. What happens if someone touches the switch while the PC is running....I wouldn't risk it.What's my second best option, jaclaz?Multibooter, System Commander sounds very promising, but I can't find it.Any other boot managers that can protect the MBR from being overwritten?I just can't believe there isn't a software that could virtually split a HDD in 2 isolated zones and then allow me to select the zone that I want to use for OS install, partitioning, etc. Edited January 20, 2010 by horus
uid0 Posted January 20, 2010 Posted January 20, 2010 Any other boot managers that can protect the MBR from being overwritten?Nope, but you may have an option for it in your bios.
Multibooter Posted January 20, 2010 Posted January 20, 2010 (edited) Multibooter, System Commander sounds very promising, but I can't find it. Maybe ebay. It's not sold or supported anymore by the new owner, Avanquest, after they got the product line of V-Communications. I bought v9.01 at a store in Jan.2008. The online live update feature to the last version, v9.04, does not work anymore, and System Commander is not mentioned at the Avanquest website anymore.I think v9.04 was never released on a CD for an easy fresh install, one would have to make a full install from the CD, e.g. of v9.01 or v9.03, and then in a second step run the previously downloadable version update file SC904_EN.exe and reenter the serial number of any release of v9.No idea why Avanquest didn't document an easier way to make a full fresh install in a single step by extracting the digitally signed SC904_EN.exe and then deleting or renaming \LiveUpdate\setup.log before installation.The alternative DOS installation method, which I prefer, is also hidden somewhere in the voluminous documentation. By running "SCIN.EXE INSTALL" under DOS, instead of Setup.exe, the alternative DOS installer is invoked, which doesn't install the now useless "Avanquest update" (= live updater) and doesn't modify the registry; the 2 .pdf documentation files have to be copied manually from the extracted installation source.One interesting feature of System Commander is its automatic handling of other boot managers built into various operating systems. The operating system selection menu of the NTLDR boot manager of WinXP, for example, does not appear at startup anymore, while System Commander is set as active, even if in "Startup and Recovery" under WinXP the NTLDR boot menu has been selected. With System Commander you have only a single "OS Selection Menu", and System Commander controls the boot managers built into other operating systems including Vista, so System Commander is kind of a top-level boot manager. After the operating system selection has been made, System Commander is not active anymore, it's gone, until the next reboot.The various versions of System Commander have a different automatic handling of operating systems. Old v5 ("System Commander 2000"), for example, does not suppress the boot menu of the WinXP boot loader, WinXP wasn't out in 2000 yet, otherwise old v5 works fine with WinXP, you just have a 2nd WinXP boot menu, which can be handled inside WinXP. v9, on the other hand, came out in 2007 and suppresses the boot menu of the WinXP boot loader, without modifying any Windows files.Except for differences in the automatic handling of new operating systems, the various versions of System Commander don't differ much, only added features, such as a GUI, partitioning and partition hiding. System Commander v9 will probably still be able to handle new operating systems released in 10 years from now. The only major limitation are the maximum of 26 OS selections in the "OS Selection Menu" and that System Commander works only with HDDs having 512 bytes/sector (p.263 of the user manual, under error messages).I have been using various versions of System Commander for about 14 years and am very satisfied with it. There is more discussion of System Commander here Edited January 20, 2010 by Multibooter
jaclaz Posted January 20, 2010 Posted January 20, 2010 The ONLY possibly "secure" way, as I see it, is having two disks, and use a hardware switch to turn the "good" one off.All the rest are subject to possible corruption/access.( I can't do it with a switch, it's unsafe. What happens if someone touches the switch while the PC is running....I wouldn't risk it.A key lock switch is as unsafe as the key that opens it:http://www.directindustry.com/prod/saia-sw...837-282580.htmlWhat's my second best option, jaclaz?For security (meaning that the hidden partition cannot be read), a combination of encryption and bootmanager, Truecrypt and OTFE caome to mind, but there are a numebr of products in this field.For safety (meaning that the hidden partition cannot be accessed/modified/deleted), nothing.Multibooter, System Commander sounds very promising, but I can't find it.It is discontinued AFAIK, last known version is, if I am not mistaken, version v9: http://www.amazon.com/Avanquest-System-Com...9/dp/B000Q1MYIOLatest "real" VCOM one should be 7.05:http://www.avanquest.com/USA/aq-you/suppor...e_releases.htmlAFIAK it is now part of Partition Commander:http://www.avanquest.com/USA/software/part...d-disk-softwareAny other boot managers that can protect the MBR from being overwritten?No software can really protect the MBR, a number of BIOS have a setting to deny access to sector 0 (bootsector virus, or something like that).I just can't believe there isn't a software that could virtually split a HDD in 2 isolated zones and then allow me to select the zone that I want to use for OS install, partitioning, etc.Point is not if such software exists, the point is whether the "hidden" or "protected" "other zone" will be accessible in any way, mainly a "destructive" one as you fear, no software will ever be able to protect 100% this.jaclaz
uid0 Posted January 21, 2010 Posted January 21, 2010 (edited) The ONLY possibly "secure" way, as I see it, is having two disks, and use a hardware switch to turn the "good" one off.If the second drive was in a removeable drive bay, you could take it out when you're not using it, and lock it up.Virtualisation would let you allow untrusted users admin access to a VM, but it wont be as convenient.Or you could ditch the second HD install entirely, and do clean up / remote control from a (read-only) BartPE cd or similar. Edited January 21, 2010 by uid0
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now