Using Linx to protect my network from perverted roommate
 

I got a new roommate, who I will be setting up a computer for. He said that he like to go to questionable site (porn). So I was planing on dual booting windows and Linux so that he can use Linux to browse his nasty sites, and not infect my network. I was thinking of using freespire since that is an easy distro. But, I was thinking that might not be enough. Should I install Avast Anti Virius free home edition for Linux on their too? Or is their a way to make it so that Linux can't access windows? I am a total Linux noob by the way.

I wouldn't worry about the anti-virus software for Linux. As far as a distro goes, pick any one you like. As far as "easy distro" goes, I think that is all relative.

Now, when you say, "Linux can't access windows?" do you mean on the same machine or network. If on the same machine, it won't access your Windows drive unless you tell it to (by mounting the drive). Even then, the possibility of corrupting the Windows drive would be low (read almost zero). If you meant over the network, my suggestion would be to assign a static IP to your roommate's computer (same IP for Windows and Linux) and put a firewall rule on all the other computers in your LAN to block traffic from that IP.

If you meant over the network, my suggestion would be to assign a static IP to your roommate's computer (same IP for Windows and Linux) and put a firewall rule on all the other computers in your LAN to block traffic from that IP.
Oh come on, even if you deliberately download a bunch of viruses there is no way they can escape over network and infect Windows PC's. For a Linux box Windows viruses are just harmless binary files or scripts.

If the only thing you want is absolutely safe web browsing, use a LiveCD like Knoppix. There is no need to install anything on the hard drive--Knoppix will boot and run directly from the CD/DVD. It's not as fast as running software off of a hard drive, but it's absolutely safe. By default, Knoppix does not even mount any hard drives.

You can also install Knoppix on the hard drive, if you like what you see but would like to have faster performance and full customizability.

I meant on the same PC, and on the network. What I am really concerned about is since both operating systems will be on the same hard drive, I thought maybe the infection could get on his windows partition, and then infect the network.

I already know about the Live CD method of safe browsing, but I thnk it would be harder for me to persuade him to use a Live CD, thats why I was going to use a dual boot.

That comment was meant for when the roommate was booted into Windows. Just because giantjoebot tells the roommate not to go to sites that may infect his computer while running Windows, doesn't mean that the roommate will listen.

I'm going to be using a wireless bridge for his connection over the wireless internet, that way I don't have to worry about drivers in Linux, but I guess that I could get a DD-WRT capable router instead, and run it in client mode. That way all port porwarding has to go through both firewalls.

Linux is virtually incapable of getting viruses unless you run as root (and even then, there isn't much chance). Windows does a lot of things with superuser (administrator) privileges even if you are logged in with a normal user. That is why it is susceptible to being infected with viruses whereas Linux/Unix aren't.

Once more: Windows viruses do not run on Linux, they just do nothing. How could they "infect Windows" on same disk? You need to copy them manually to your Windows partition (and mount this partition beforehand) if you want them to work.

What is the hardware like? Your roommate could be "wowed" into using the Knoppix liveCD in knoppix3d mode, just because Beryl's 3D window effects are that cool looking. Obviously, this only applies if the computer is powerful enough and has an appropriate video chip...

Cool, thats about all I needed to hear. The problem with firewalling him out is that I want to allow him access to my media server. He is a good guy, and I'm pretty sure he will use Linux to go to those sites if I ask him. Good guy, just likes porn, and isn't too computer savvy.

Redefining the word overprotective here... :)

Any linux distro will do, and no further precaution needed really. Being on a windows network myself, and going for a porn surfing record while never having caused any damage beyond excessive bandwidth usage, your *makes quotation marks in the air* roommate is unlikely to cause any harm.

It really is my roommate OK. I download all my porn through bittorrent, and have yet to have a problem with that. It not that I don't like porn, I don't like porn sites, because they generally have spyware and crap. One thing that I have found, and think is kind of odd. If you go on CL, and look in the erotic services section, sometimes the pics have URLs. If you go to those URL, there are these sites for a certain PROfession. I have found that those site are , as far as I can tell completely clean. I guess it makes since that those professionals wouldn't want to scare off their customers.

Since you are dual booting, and Windows doesn't recognise your Linux partitions, there shouldn't be a problem. However consider not mounting the windows partition in linux to be safe. Or be sure to mount it with the noexec, nodev and nosuid options. Mount your media server the same way. All globally writable partitions should be mounted using these options.

Why not do what every sysadmin and network admin does and tell them no porn on the network. Make him get his own computer and ISP connection if he chooses to do so.. ;)