[SOLVED] File system and password protection

wagaboy · 07-15-2010, 11:01 AM

Hi
I was under the impression that login password would protect my file system in Windows XP & 7. But after accessing NTFS partition from Linux, I think it's not protected.

I have 2 questions:
-------------------
1. Is it possible for someone to mess with Windows registry using Linux (using dual boot)? If so, does Windows have some sort of integrity checks to detect if registry file has been tampered with ? If not, is there a way to protect it ?

2. Is it possible to access files belonging to ext3 partition by using windows or other means(other than using sudo or logging as root) even if file rwx has been disabled for group and others ?

sag47 · 07-15-2010, 11:11 AM

Quote:

Originally Posted by wagaboy

Hi
I was under the impression that login password would protect my file system in Windows XP & 7. But after accessing NTFS partition from Linux, I think it's not protected.

I have 2 questions:
-------------------
1. Is it possible for someone to mess with Windows registry using Linux (using dual boot)? If so, does Windows have some sort of integrity checks to detect if registry file has been tampered with ? If not, is there a way to protect it ?

2. Is it possible to access files belonging to ext3 partition by using windows or other means(other than using sudo or logging as root) even if file rwx has been disabled for group and others ?

Answer #1: In my experience windows does not have an integrity check on the registry for modification protection. It is possible for someone to mess with the registry using freely available tools. One could also import a Windows registry into the wine registry to access keys. There is a way to protect it and that is to encrypt the filesystem. This makes recovery difficult if not impossible if you lose the encryption key/password to your encrypted system. In Windows 7/Vista Ultimate the feature called bitlocker is Windows protecting the filesystem with encryption. You could also use a free tool which works very well called TrueCrypt (google) for Windows, Linux, or Mac. For just Linux there is dm-crypt. For Mac only there is FileVault. And as I've already mentioned a Windows only utility called bitlocker.

Answer #2: It is as easy to mount a Linux partition and modify it with a live disk as it is to mount an NTFS partition. With a live disk permissions don't matter because if necessary the user can take control of any file or folder with chmod and chown. The solution is to use filesystem encryption.

Remember there is no such thing as a 100% secure system. Locks are for honest people and even hard drive encryption has been proven to be circumvented.

Read this princeton research lab article and watch the video on hacking bitlocker (or any hard drive encryption program).

http://citp.princeton.edu/memory/

wagaboy · 07-15-2010, 11:28 AM

sag47
Thank you for the reply !

I have an encrypted partition on my external HDD. I never bothered to protect my internal HDD(with ext3 partition)as I thought ACL would protect it.

sag47 · 07-15-2010, 12:25 PM

ACLs are all well and good for a logged in system. But remember that you can change ACLs when logged in as root. Using a live cd with a root login without a password still has the same permissions on a filesystem as the actual systems root. It only matters how you mount the filesystem through fstab.