Originally Posted by wagaboy
I was under the impression that login password would protect my file system in Windows XP & 7. But after accessing NTFS partition from Linux, I think it's not protected.
I have 2 questions:
1. Is it possible for someone to mess with Windows registry using Linux (using dual boot)? If so, does Windows have some sort of integrity checks to detect if registry file has been tampered with ? If not, is there a way to protect it ?
2. Is it possible to access files belonging to ext3 partition by using windows or other means(other than using sudo or logging as root) even if file rwx has been disabled for group and others ?
Answer #1: In my experience windows does not have an integrity check on the registry for modification protection. It is possible for someone to mess with the registry using freely available tools. One could also import a Windows registry into the wine registry to access keys. There is a way to protect it and that is to encrypt the filesystem. This makes recovery difficult if not impossible if you lose the encryption key/password to your encrypted system. In Windows 7/Vista Ultimate the feature called bitlocker is Windows protecting the filesystem with encryption. You could also use a free tool which works very well called TrueCrypt (google) for Windows, Linux, or Mac. For just Linux there is dm-crypt. For Mac only there is FileVault. And as I've already mentioned a Windows only utility called bitlocker.
Answer #2: It is as easy to mount a Linux partition and modify it with a live disk as it is to mount an NTFS partition. With a live disk permissions don't matter because if necessary the user can take control of any file or folder with chmod and chown. The solution is to use filesystem encryption.
Remember there is no such thing as a 100% secure system. Locks are for honest people and even hard drive encryption has been proven to be circumvented.
Read this princeton research lab article and watch the video on hacking bitlocker (or any hard drive encryption program).