4

Let's say you're using Windows 7.

For storing Bitcoin on your computer ... is downloading a fresh copy of linux (say Ubuntu), burning it into a CD, booting from it ... safe from trojans?

Are there trojans "in the wild" that would be able to "jump hosts" from a Windows machine via the BIOS into the new linux OS, running from the CD? Is there a good way to make sure your BIOS is clean?

While we're at it - what about dual-boot systems with an encrypted linux partition?

ripper234
  • 1,196
  • 2
  • 8
  • 12
  • 1
    Related (with answers saying that it's possible in theory but not citing any example in the wild): [Is making a clean install enough to remove potential malware?](http://security.stackexchange.com/questions/7204/is-making-a-clean-install-enough-to-remove-potential-malware) – Gilles 'SO- stop being evil' Jan 06 '12 at 09:33
  • Also related, in regards to making sure the download is safe: http://security.stackexchange.com/questions/1687/does-hashing-a-file-from-an-unsigned-website-give-a-false-sense-of-security – Iszi Jan 06 '12 at 15:22

1 Answers1

6

Interesting range of questions here, which you may need to address separately.

Is booting from a freshly downloaded Linux CD safe?

Relatively safe, as long as you download from reputable source and check the hash you can be confident it hasn't been tampered with in transit. There is a small chance the source may have been tampered with, so you should be aware that you can't guarantee 100% security.

Can malware jump hosts via BIOS?

Theoretically yes - but I don't know of any in the wild that does this...yet. You'll be pretty safe here

How can I ensure the BIOS is clean

Not easily - a good BIOS rootkit could subvert updates and overwrites, so this will be very difficult to do.

Dual boot systems

What do you mean by this? Dual boot can be effective at separating the operating systems and is possibly preferable to running a CD boot each time you want to use Linux. Depends on the risk profile.

Back to your stated use - you want to do this to store Bitcoin on your computer. If you use your Windows OS to mine/trade bitcoins the added security of booting into Linux to store these coins is minimal - your Windows OS caches so much data anyway. So I wouldn't bother.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
  • Thanks for the detailed answer. I want to use Windows OS for other usages, and store Bitcoin on Linux - either a completely separate computer, or another partition on the same computer, encrypted with a strong password. I think separating to a physically different computer is a good practice in this case. – ripper234 Jan 06 '12 at 10:23
  • +1 for checking the hash of the ubuntu image. – ripper234 Jan 06 '12 at 10:23
  • Bootsector would be the easiest attack vector for such an infection from a livecd. Although, in theory the virus could write itself to the windows partition too. – ewanm89 Jan 06 '12 at 11:36
  • @rory the 'jumping on' problem: how do I choose whether to trust a particular website when the only information I have relevant to my trust decision is the web? –  Jan 08 '12 at 17:57
  • 1
    @Ghram Don't trust the website, get a signed hash and trust the signer. Or less preferabally get the same has from several independent sites and compare it to the hash calculated on the image. Get different versions of the hashing program and compare their results. Get hashes for the hashing programs and calculate the hash on program a with program b and the hash on program b with program a. I actually did this for md5 hashing. – this.josh Jan 09 '12 at 09:29
  • 1
    @Graham - just for you: http://security.stackexchange.com/questions/10507/how-do-i-choose-whether-to-trust-a-particular-website – Rory Alsop Jan 09 '12 at 09:33
  • `but I don't know of any in the wild that does this...yet` They do exist, but they are very rare. IIRC, there was one for some old version of an AMI BIOS. – forest Jan 30 '18 at 03:09