I'm interested in adding a second drive to my computer in order to
make a dual-boot system.
When the computer is booted off my "secure" disk (for financial
transactions only), I want the other boot disk to be powered off, and
vice-versa. If my regular disk gets infected surfing the web, I don't
want it to be able to infect my "secure" boot disk.
Can I simply switch the +5V supply to the disk drives and set them
both as master on the same IDE?
Will a partially un-powered disk drive hanging on the IDE hurt
anything?
Any other ideas to accomplish this goal?
My second disk drive could also boot off of the currently unused SATA
bus.
<joelnews@hotmail.com> wrote in message
news:1186313125.332760.236340@x35g2000prf.googlegr oups.com...
> I'm interested in adding a second drive to my computer in order to
> make a dual-boot system.
>
> When the computer is booted off my "secure" disk (for financial
> transactions only), I want the other boot disk to be powered off, and
> vice-versa. If my regular disk gets infected surfing the web, I don't
> want it to be able to infect my "secure" boot disk.
You won't know when you regular disk gets infected. Then you'll power
your "secure" disk and it will get infected. Other than a layered setup
to protect against viruses, spyware, and other malware along with
regular backups (which do incrementals with you keeping several fulls so
you can walk back to a point where you aren't infected), not installing
downloads off the Net and disconnecting from the Net is your only safest
means of computing. Keeping a disk powered off hoping it won't get
infected when you power it up won't work - unless you also power down
all other disks.
Not all pests go BANG right away when they find your host. You won't
know when a nasty is sitting on your drive waiting to get triggered. To
truly isolate one hard drive from all the others, you would need to
power off or disable all hard drives except the one you wanted to use.
If you are concerned about your surfing habits and exposure to infection
on your regular drive, what makes you think that same lack of layered
protection and bad surfing habits won't also expose your secure drive to
the same hazards? If you have a safer means of using the Net when you
are using your "secure" disk, why are you not doing the same when you
using your regular disk?
If you happen to accidentally or deliberately power off a drive while
the system is still powered on and the OS still running, you can corrupt
files or lose data because of the cache both in the OS and in the hard
drive. That cached data won't get committed into the file system for
the OS. Rather than splice in switches into the power leads for all
hard drives and hope you configure them all correctly before powering up
and hope you never or nothing else hits those switches while you are
powered up, you could go into the BIOS to determine which drive
controller is enabled. If a port is disabled, no OS or malware is going
to get to any drives on that port. Just as with the switches, you would
need to make sure that when you enabled one drive port that you also
disable all the others.
Rather than trying to disconnect and reconnect power to the hard drives
(something that you could end up doing accidentally while the host was
still powered on), or having to bother going into the BIOS and wade
through the menus to enable and disable ports, use swappable hard
drives. You will still be required to shutdown the OS to properly flush
the drive caches. When powered down, you insert whichever drive you
want to use.
> Can I simply switch the +5V supply to the disk drives and set them
> both as master on the same IDE?
There are both +5V and +12V lines in the 4-pin connector to the hard
drive. You would need to use a 2-pole switch. You would need one for
every drive so you could select which drive(s) to power up and which to
leave unpowered. Flipping in your secure drive while your regular drive
is powered up obviates the whole exercise of you trying to protect your
secure drive from pests that got onto your regular drive.
> Will a partially un-powered disk drive hanging on the IDE hurt
> anything?
Why would you only *partially* unpower a hard drive?
> Any other ideas to accomplish this goal?
>
> My second disk drive could also boot off of the currently unused SATA
> bus.
If you put the hard drives on different controllers (i.e., ports) then
you could disable that port in the BIOS so it isn't reachable by
anything, including your OS. However, then you have to remember to boot
into the BIOS when you power up, pick which port to enable, pick which
port to disable, and make sure that you did both the enable and disable
as a paired action so both don't get enabled at the same time (both
being disabled at the same time would be recoverable by going back into
the BIOS and fixing your mistake).
Seems a lot more work than needed. Get a multiboot manager, like GAG at
sourceforge.net. Use it to decide from which hard drive you will boot.
Use EFS to protect your files or folders on your "secure" drive. You
can't use EFS on the OS folders but you could use them elsewhere (and,
besides, you could always reinstall a fresh copy of the OS for
recovery). I doubt you even need to protect your applications on the
secure drive. Just use EFS on your data files or folders. When you
boot using the secure drive, that instance of the OS can read the
EFS-protected data files. When you boot using the normal drive, that
instance of the OS can *not* read the EFS-protected data files. Make
sure to export the EFS certificate to a floppy or CD you can import it
later if you need to reinstall the OS to redefine EFS certificate so you
can access your old EFS-protected files; otherwise, with the old EFS
cert, all your data becomes unreadable to you, too. There is no
backdoor to EFS; otherwise, it wouldn't be secure.
It may even be possible to incorporate a whole-disk encryption program
where the decryption in the MBR bootstrap is required to access anything
on that disk. Since it usurps the MBR bootstrap area, it won't work
with a multi-boot manager that also wants to use that area for its boot
code, but maybe some multi-boot managers can
If your surfing habits really are so uncontrollable that you end up
getting nailed by malware, why not surf within a virtual machine.
VMWare Server and Virtual PC are both free. With VMWare Server, you can
install a fresh copy of the OS, do the Windows updates, tweak it however
you want, and then save a snapshot. After you are done surfing, just
revert to the snapshot and you have your clean base state again. With
Virtual PC, you have to make a copy of the folder under which the VM
files are created so you can slide it back in to perform the equivalent
of a snapshot (or restore from backups). Surf however you like in the
VM. Then revert the VM back to its base state whenever you want.
Instead of infecting your host OS, you end up infecting your guest OS in
the VM (which you can revert to snapshot). I use VMs all the time to
trial new programs. I don't even have to bother uninstalling them since
I can just revert to the base snapshot.
If you are worried about your regular drive getting infected, your same
behavior can get your secure drive infected. The common vector for
attack is through you.
"Vanguard" <vanguard.x@comcast.net> wrote in message
news:ydqdnZv_Zcp1ZCjbnZ2dnUVZ_o-mnZ2d@comcast.com...
> <joelnews@hotmail.com> wrote in message
> news:1186313125.332760.236340@x35g2000prf.googlegr oups.com...
>> I'm interested in adding a second drive to my computer in order to
>> make a dual-boot system.
>>
>> When the computer is booted off my "secure" disk (for financial
>> transactions only), I want the other boot disk to be powered off, and
>> vice-versa. If my regular disk gets infected surfing the web, I don't
>> want it to be able to infect my "secure" boot disk.
>
> You won't know when you regular disk gets infected. Then you'll power
> your "secure" disk and it will get infected.
Use a DPDT switch. Connect the 12v and 5v for both drives to the switch.
That way you can only ever have one drive powered up at a time.
With a bit of work I'm sure that someone could come up with something that
would limit the ability of the switch to operate when the PC is off, or only
during the first 5 seconds of being powered on, using a small circuit.
joelnews@hotmail.com wrote:
> I'm interested in adding a second drive to my computer in order to
> make a dual-boot system.
>
> When the computer is booted off my "secure" disk (for financial
> transactions only), I want the other boot disk to be powered off, and
> vice-versa. If my regular disk gets infected surfing the web, I don't
> want it to be able to infect my "secure" boot disk.
>
> Can I simply switch the +5V supply to the disk drives and set them
> both as master on the same IDE?
>
> Will a partially un-powered disk drive hanging on the IDE hurt
> anything?
>
> Any other ideas to accomplish this goal?
>
> My second disk drive could also boot off of the currently unused SATA
> bus.
>
> Thanks!
> Joel
>
You can buy removable trays for hard drives, that allow unplugging them.
Some of these things, have a handle on the front, that provides a
lever action, to help ease the drive tray out of the frame. I don't
see what mechanism exists on this one.
Note - *before* installing and using this product, I would back up
the contents of both disks. Just in case something were to happen
while you are fitting them.
You can shop around, until you find a nice looking unit that looks
mechanically sound.
"Paul" <nospam@needed.com> wrote in message news:f950mg$8be$1@aioe.org...
> joelnews@hotmail.com wrote:
> > I'm interested in adding a second drive to my computer in order to
> > make a dual-boot system.
> >
> > When the computer is booted off my "secure" disk (for financial
> > transactions only), I want the other boot disk to be powered off, and
> > vice-versa. If my regular disk gets infected surfing the web, I don't
> > want it to be able to infect my "secure" boot disk.
> >
> > Can I simply switch the +5V supply to the disk drives and set them
> > both as master on the same IDE?
> >
> > Will a partially un-powered disk drive hanging on the IDE hurt
> > anything?
> >
> > Any other ideas to accomplish this goal?
> >
> > My second disk drive could also boot off of the currently unused SATA
> > bus.
> >
> > Thanks!
> > Joel
> >
>
> You can buy removable trays for hard drives, that allow unplugging them.
>
> DT51IDEX-P Removable Tray & Frame 3.5" ATA133HD 5.25" with Fan & Lock
> http://accessories.us.dell.com/sna/p...s=19&c=us&l=en
>
> Some of these things, have a handle on the front, that provides a
> lever action, to help ease the drive tray out of the frame. I don't
> see what mechanism exists on this one.
>
> http://www.dstor.com/p_DT51IDEX-P.shtml
>
> Datastor doesn't have a manual for that model, and this is a "manual"
> for an earlier model. This earlier model might have a handle.
>
> http://www.dstor.com/pdf/DT51IDEX-A.pdf
>
> Note - *before* installing and using this product, I would back up
> the contents of both disks. Just in case something were to happen
> while you are fitting them.
>
> You can shop around, until you find a nice looking unit that looks
> mechanically sound.
>
> http://www.directron.com/rh17.html
>
Yep...
I've been using them for years and have never had a problem
I run dozens of different OS's and not one can possibly have any affect over
another one!
On Sun, 5 Aug 2007 11:25:20 -0500, "Vanguard"
<vanguard.x@comcast.net> wrote:
><joelnews@hotmail.com> wrote in message
>news:1186313125.332760.236340@x35g2000prf.googleg roups.com...
>> I'm interested in adding a second drive to my computer in order to
>> make a dual-boot system.
>>
>> When the computer is booted off my "secure" disk (for financial
>> transactions only), I want the other boot disk to be powered off, and
>> vice-versa. If my regular disk gets infected surfing the web, I don't
>> want it to be able to infect my "secure" boot disk.
>
>You won't know when you regular disk gets infected. Then you'll power
>your "secure" disk and it will get infected. Other than a layered setup
>to protect against viruses, spyware, and other malware along with
>regular backups (which do incrementals with you keeping several fulls so
>you can walk back to a point where you aren't infected), not installing
>downloads off the Net and disconnecting from the Net is your only safest
>means of computing. Keeping a disk powered off hoping it won't get
>infected when you power it up won't work - unless you also power down
>all other disks.
If the "secure" drive has an OS on it, and that drive was
unpowered, it obviously can't be infected. If the system is
then shut down from the regular OS installation and booted
to the secure drive OS installation, nothing on the other
drives, even if left powered, can infect the secure drive's
contents because it is a different version of windows that
is clean still, the virus depends on windows mechanisms to
run it. The other other way it would be launched is if the
user inadvertently, manually initiated a launch of the
virus. For example loading an infected office file that was
on the non-secure drive.
>I'm interested in adding a second drive to my computer in order to
>make a dual-boot system.
>
>When the computer is booted off my "secure" disk (for financial
>transactions only), I want the other boot disk to be powered off, and
>vice-versa. If my regular disk gets infected surfing the web, I don't
>want it to be able to infect my "secure" boot disk.
>
>Can I simply switch the +5V supply to the disk drives and set them
>both as master on the same IDE?
Use a DPDT switch to disconnect both the 5V and 12V power.
Set both to cable select.
>
>Will a partially un-powered disk drive hanging on the IDE hurt
>anything?
Usually not, but never say never.
>
>Any other ideas to accomplish this goal?
A removable drive bay or there are systems that just include
the plug adapters and switch so you wouldn't have to wire it
yourself. Unfortunately I don't recall who sells this kit.
>
>My second disk drive could also boot off of the currently unused SATA
>bus.
> If the "secure" drive has an OS on it, and that drive was
> unpowered, it obviously can't be infected. If the system is
> then shut down from the regular OS installation and booted
> to the secure drive OS installation, nothing on the other
> drives, even if left powered, can infect the secure drive's
> contents because it is a different version of windows that
> is clean still, the virus depends on windows mechanisms to
> run it.
Assuming that the secure drive doesn't try and "autorun" the other drive, or
run software found on the other drive, or that the user doesn't access any
of the data on that other drive.
You CANNOT do what you plan. You CANNOT set both drives as Master without
conflicts in the system. Sorry, but what you are trying to do is not
readily possible.
--
---------------------
DaveW
<joelnews@hotmail.com> wrote in message
news:1186313125.332760.236340@x35g2000prf.googlegr oups.com...
> I'm interested in adding a second drive to my computer in order to
> make a dual-boot system.
>
> When the computer is booted off my "secure" disk (for financial
> transactions only), I want the other boot disk to be powered off, and
> vice-versa. If my regular disk gets infected surfing the web, I don't
> want it to be able to infect my "secure" boot disk.
>
> Can I simply switch the +5V supply to the disk drives and set them
> both as master on the same IDE?
>
> Will a partially un-powered disk drive hanging on the IDE hurt
> anything?
>
> Any other ideas to accomplish this goal?
>
> My second disk drive could also boot off of the currently unused SATA
> bus.
>
> Thanks!
> Joel
>
Noozer wrote:
>> You can buy removable trays for hard drives, that allow unplugging them.
>>
>> DT51IDEX-P Removable Tray & Frame 3.5" ATA133HD 5.25" with Fan & Lock
>> http://accessories.us.dell.com/sna/p...s=19&c=us&l=en
>
> The tray may provide hotswapability for PATA drives, but Windows XP won't
> support it.
>
I wouldn't recommend hot swap in any case. Shut down and turn off computer,
add/remove tray, power up and go. That is how I'd use it. I'd need to read
a lot of testimonials that claim it is bulletproof, before I'd change it
while powered.
"DaveW" <nothing@bot.org> wrote in message
news:3eednTaH_Iox0ivbnZ2dnUVZ_rCtnZ2d@comcast.com. ..
> You CANNOT do what you plan. You CANNOT set both drives as Master without
> conflicts in the system. Sorry, but what you are trying to do is not
> readily possible.
I was planning on using a DPST switch and switching +5V to only one
disk at a time. That means that only one disk can be powered at a
time. My "secure" boot disk is only used for financial transactions.
My other boot disk is for general surfing and whatnot.
I can see that a DPDT switch that switches both the +5V and +12V is a
better solution. Of course I would only flip the switch when the
computer is powered down! Isn't there a fourth wire (Ground, +5V,
+12V, ?)?
> Set both to cable select.
>
I didn't realize that a computer could boot from a slave disk when no
master was detected. Apparently it can!
>
>
> >Will a partially un-powered disk drive hanging on the IDE hurt
> >anything?
>
On Aug 5, 12:22 pm, kony <s...@spam.com> wrote:
> Use a DPDT switch to disconnect both the 5V and 12V power.
I was planning on using a SPDT switch and switching +5V to only one
disk at a time. That means that only one disk can be powered at a
time. My "secure" boot disk is only used for financial transactions.
My other boot disk is for general surfing and whatnot.
I can see that a DPDT switch that switches both the +5V and +12V is a
better solution. Of course I would only flip the switch when the
computer is powered down!
>
> Set both to cable select.
>
I didn't realize that a computer could boot from a slave disk when no
master was detected (powered on). Apparently it can.
"kony" wrote in message
news:958cb3ttq1nbpjnsf23ebmvel802gn1a59@4ax.com...
>
> "Vanguard" wrote:
>>
>> <joelnews@hotmail.com> wrote ...
>>> I'm interested in adding a second drive to my computer in order to
>>> make a dual-boot system.
>>>
>>> When the computer is booted off my "secure" disk (for financial
>>> transactions only), I want the other boot disk to be powered off,
>>> and
>>> vice-versa. If my regular disk gets infected surfing the web, I
>>> don't
>>> want it to be able to infect my "secure" boot disk.
>>
>> You won't know when you regular disk gets infected. Then you'll
>> power
>> your "secure" disk and it will get infected. Other than a layered
>> setup
>> to protect against viruses, spyware, and other malware along with
>> regular backups (which do incrementals with you keeping several fulls
>> so
>> you can walk back to a point where you aren't infected), not
>> installing
>> downloads off the Net and disconnecting from the Net is your only
>> safest
>> means of computing. Keeping a disk powered off hoping it won't get
>> infected when you power it up won't work - unless you also power down
>> all other disks.
The BIOS will load the bootstrap program from the first hard drive that
it physically detects. The standard bootstrap program can only load the
boot sector from partitions on that same hard drive. So to get the
power-disconnect switch to work with the 2 hard drives, the first hard
drive found by the BIOS when all drives are powered on must the be
"secure" drive. Then:
- When powered on, the "secure" drive is the first drive to be
discovered by the BIOS. The BIOS loads the bootstrap program from the
"secure" drive's MBR which then loads the OS from the secure drive.
Problem: All files from *BOTH* drives are accessible.
- When the secure drive is unpowered, the BIOS won't see it. The BIOS
will instead see the "regular" drive as the first detected hard drive
and load the bootstrap program from its MBR which then loads the OS from
the regular drive. No files on the secure drive are accessible because
it is unpowered.
There are 5V and 12V lines in the 4-pin power connector to each drive so
a double-pole switch is needed to open & close the circuit for both
voltages at the same time. However, the problem noted above when the
"secure" drive is powered is that all files across both drives will be
accessible. This means the protection sought by the OP is lost. All
drives will be powered up and it is possible for the user to run an
infected file on the "regular" drive - and the user is the weak point
and source of the problem. Hoping the user doesn't run executables on
the "regular" drive is no different than hoping the user doesn't
download and run malware on the "secure" drive so the whole exercise of
unpowering the "secure" drive is fruitless.
I still stick by my statement of "Keeping a disk powered off hoping it
won't get infected when you power it up won't work - unless you also
power down all other disks." The "unless" part is mandatory to provide
the physical isolation that the OP wants. That is why Noozer mentioned
a double-throw switch so, in one position, when power was applied to
"secure" drive then it is also disconnected from the "regular" drive
and, in the other position, power is disconnected from the "secure"
drive and applied to the "regular" drive. Only one drive of the 2
drives is powered at a time. A DPDT switch works when just 2 hard
drives are involved. Once 3, or more drives are involved, then you need
something like a rotary switch where all drives are disconnected except
the one at the current switch position.
Consider having to drill out a hole in the case, affix the switch,
contrive a wiring harness to insert between the connectors from the PSU
and those on the hard drive (since the OP probably doesn't want to be
cutting up the wiring harness from the PSU), and doing so for both
drives. Now add the *hope* that the user never flips the switch while
the OS is still running to prevent losing data because the buffers (in
the OS and hard drive) didn't get flushed or written. The power
switching idea is a kludge fraught with problems.
It would be far easier and better to buy one cage to install into an
external drive bay and then get 2 trays to make the drives swappable.
No drilling of holes in the case, no soldering a wiring harness to the
DPDT switch, no crimping on Molex connectors to insert between the PSU
wiring harness and the hard drives. Just a couple screws to mount the
cage in the drive bay, a couple screws to mount the hard drive to the
tray, and then plugging in the power and data cables to the back of the
cage -- and none of which you have to build yourself. The OP gets the
physical isolation that he wants with removable hard drives.
Of course, if all the OP wants to do is protect his financial apps and
data from malware due to his lack of [trust in] a decent security
software suite and due to his poor web habits (which no software can
totally surmount) then using a virtual machine and letting that OS get
polluted would be the easiest and best solution. VMWare Server and
Virtual PC are both free. VMWare Server provides a snapshot feature to
let you revert the host back to a prior known good state (with Virtual
PC you have to copy the VM folder and then slide it back to emulate a
snapshot recovery). There is Sandboxie that provides a VM within the
host OS for applications, like a web browser, but that VM runs under the
host OS and it isn't as safe as using a VM as its own OS environment.
With VMWare or VPC, the OP gets the isolation between the OS running on
the host and the OS running in the VM. He does his unsafe browsing in
the VM. It is also an excellent place to trial unknown or new software.
The power switch & harness scheme seems the least desirable, most
intrusive, and probably the flakiest scheme. The VM scheme is better
and easier but theoretically not as secure as using removable hard
drives.
I have a IDE Hard Disc which on some ocasions for certain reasons, (to get a
certain Boot order )
I leave connected on the IDE cable but without a the power plug in it at
all. Behaves as if its not there at all.
The other drive on that cable & the other 2nd IDE cable drives all work fine
as they should.
As for Sata leaving a data cable in with no Power cable should be ok...tho
its so easy
to unplug both there ed be no point.
Mouse
@@@@
On Sun, 05 Aug 2007 22:04:05 GMT, "Noozer"
<dont.spam@me.here> wrote:
>> If the "secure" drive has an OS on it, and that drive was
>> unpowered, it obviously can't be infected. If the system is
>> then shut down from the regular OS installation and booted
>> to the secure drive OS installation, nothing on the other
>> drives, even if left powered, can infect the secure drive's
>> contents because it is a different version of windows that
>> is clean still, the virus depends on windows mechanisms to
>> run it.
>
>Assuming that the secure drive doesn't try and "autorun" the other drive,
Have you ever seen a virus that would launch when a
non-removable media was set to autorun (which btw, is not
the default config for windows, it would be very unusual
need and occurance for someone to set their non-removable
hard drives to autorun).
>or
>run software found on the other drive, or that the user doesn't access any
>of the data on that other drive.
>
True, it's not impossible to be infected but if one is
aware, they can plan around this just as they'd otherwise
have to plan *something* else to avoid infections.
On Sun, 5 Aug 2007 21:43:23 -0500, "Vanguard"
<vanguard.x@comcast.net> wrote:
>"kony" wrote in message
>news:958cb3ttq1nbpjnsf23ebmvel802gn1a59@4ax.com.. .
>>
>> "Vanguard" wrote:
>>>
>>> <joelnews@hotmail.com> wrote ...
>>>> I'm interested in adding a second drive to my computer in order to
>>>> make a dual-boot system.
>>>>
>>>> When the computer is booted off my "secure" disk (for financial
>>>> transactions only), I want the other boot disk to be powered off,
>>>> and
>>>> vice-versa. If my regular disk gets infected surfing the web, I
>>>> don't
>>>> want it to be able to infect my "secure" boot disk.
>>>
>>> You won't know when you regular disk gets infected. Then you'll
>>> power
>>> your "secure" disk and it will get infected. Other than a layered
>>> setup
>>> to protect against viruses, spyware, and other malware along with
>>> regular backups (which do incrementals with you keeping several fulls
>>> so
>>> you can walk back to a point where you aren't infected), not
>>> installing
>>> downloads off the Net and disconnecting from the Net is your only
>>> safest
>>> means of computing. Keeping a disk powered off hoping it won't get
>>> infected when you power it up won't work - unless you also power down
>>> all other disks.
>
>
>The BIOS will load the bootstrap program from the first hard drive that
>it physically detects.
If the user is booting the other drive, no the other drive
becomes the "first" hard drive, unless using a boot menu off
the original drive, but honestly have you seen any boot
sector viri recently?
>The standard bootstrap program can only load the
>boot sector from partitions on that same hard drive. So to get the
>power-disconnect switch to work with the 2 hard drives, the first hard
>drive found by the BIOS when all drives are powered on must the be
>"secure" drive.
No.
It will work just as I'd stated it, or to turn off the
alternate drive completely if that were desired so only one
is running at a time.
On Mon, 6 Aug 2007 03:56:54 +0100, "Trimble Bracegirdle"
<no-spam@never.spam> wrote:
>I have a IDE Hard Disc which on some ocasions for certain reasons, (to get a
>certain Boot order )
>I leave connected on the IDE cable but without a the power plug in it at
>all. Behaves as if its not there at all.
>The other drive on that cable & the other 2nd IDE cable drives all work fine
>as they should.
>As for Sata leaving a data cable in with no Power cable should be ok...tho
>its so easy
>to unplug both there ed be no point.
>Mouse
>@@@@
>
SATA connections are sometimes fragile, it might be better
to avoid frequently plugging & unplugging them.
kony wrote:
> <dont.spam@me.here> wrote:
>
>>> If the "secure" drive has an OS on it, and that drive was
>>> unpowered, it obviously can't be infected. If the system is
>>> then shut down from the regular OS installation and booted
>>> to the secure drive OS installation, nothing on the other
>>> drives, even if left powered, can infect the secure drive's
>>> contents because it is a different version of windows that
>>> is clean still, the virus depends on windows mechanisms to
>>> run it.
>>
>> Assuming that the secure drive doesn't try and "autorun" the
>> other drive,
>
> Have you ever seen a virus that would launch when a
> non-removable media was set to autorun (which btw, is not
> the default config for windows, it would be very unusual
> need and occurance for someone to set their non-removable
> hard drives to autorun).
Wouldn't it be much simpler to just mount a Linux distribution?
--
"Vista is finally secure from hacking. No one is going to 'hack'
the product activation and try and steal the o/s. Anyone smart
enough to do so is also smart enough not to want to bother."
"kony" wrote in message
news:509db39jnv1jvsh51nes2qa42onuu51ilr@4ax.com...
>
> "Vanguard" wrote:
>
>>"kony" wrote ...
>>>
>>> "Vanguard" wrote:
>>>>
>>>> <joelnews@hotmail.com> wrote ...
>>>>> I'm interested in adding a second drive to my computer in order to
>>>>> make a dual-boot system.
>>>>>
>>>>> When the computer is booted off my "secure" disk (for financial
>>>>> transactions only), I want the other boot disk to be powered off,
>>>>> and
>>>>> vice-versa. If my regular disk gets infected surfing the web, I
>>>>> don't
>>>>> want it to be able to infect my "secure" boot disk.
>>>>
>>>> You won't know when you regular disk gets infected. Then you'll
>>>> power
>>>> your "secure" disk and it will get infected. Other than a layered
>>>> setup
>>>> to protect against viruses, spyware, and other malware along with
>>>> regular backups (which do incrementals with you keeping several
>>>> fulls
>>>> so
>>>> you can walk back to a point where you aren't infected), not
>>>> installing
>>>> downloads off the Net and disconnecting from the Net is your only
>>>> safest
>>>> means of computing. Keeping a disk powered off hoping it won't get
>>>> infected when you power it up won't work - unless you also power
>>>> down
>>>> all other disks.
>>
>>
>>The BIOS will load the bootstrap program from the first hard drive
>>that
>>it physically detects.
>
> If the user is booting the other drive, no the other drive
> becomes the "first" hard drive, unless using a boot menu off
> the original drive, but honestly have you seen any boot
> sector viri recently?
That wasn't my primary concern. Booting off the other drive but with
*all* drives powered on means the pests that are worried about on the
regular drive are still there and just as virulent to screw up the
secure drive. The expectation (but more like hope) is that user doesn't
run any programs from that regular drive -- but then the user is the one
that got that malware there in the first place. Expecting the user not
to run the infected files on the regular drive while the secure drive is
also powered up is just hoping the inevitable doesn't occur which has
already occurred.
>>The standard bootstrap program can only load the
>>boot sector from partitions on that same hard drive. So to get the
>>power-disconnect switch to work with the 2 hard drives, the first hard
>>drive found by the BIOS when all drives are powered on must the be
>>"secure" drive.
>
> No.
>
> It will work just as I'd stated it, or to turn off the
> alternate drive completely if that were desired so only one
> is running at a time.
Wrong - but as you stated before in your other post. If *all* drives
are powered, it doesn't matter from which one the OS got loaded.
Executables on one drive are just as executable regardless of which
instance of the same OS got loaded from whatever drive. Only if the
regular drive is unpowered when the secure drive is powered can it be
guaranteed that the regular drive can't infect the secure drive - as you
now state. Problem is the same user is involved under any powerup
scenario.
I think we might actually be agreeing.
Secure drive powered
Regular drive powered
Pests on regular drive can infect the secure drive. Doesn't matter from
which drive the OS got loaded.
Secure drive unpowered
Regular drive powered
Pests on regular drive cannot do anything on the unpowered secure drive.
Secure drive is safe.
Secure drive powered
Regular drive unpowered
User can't run pests on regular drive because it is unpowered, so secure
drive is safe.
Only when the secure and regular drives are in opposite power states is
the secure drive safe from any pests on the regular drive. However, if
pests are showing up on the regular drive, they will show up on the
secure drive. Why not also do the same for the regular drive for
whatever supposedly made the secure drive more secure?
While the DPDT switch and its wiring harness is doable, I don't see it
as a better solution than using removable hard drives. The removed
"secure" drive won't be subject to the same shocks, surges, or other
physical damage while it is out of the host. Also remember that we have
yet to address the static that can be transferred through the switch
into the power leads for the hard drives. The toggle arm or rocker for
the switch would have to be electrically insulated from the contacts
cage getting moved inside the switch. An ordinary DPDT would transfer
the static discharge into the hard drives. With removable drives, the
user isn't touching the power or data lines.
On Mon, 6 Aug 2007 01:21:33 -0500, "Vanguard"
<vanguard.x@comcast.net> wrote:
>> If the user is booting the other drive, no the other drive
>> becomes the "first" hard drive, unless using a boot menu off
>> the original drive, but honestly have you seen any boot
>> sector viri recently?
>
>That wasn't my primary concern. Booting off the other drive but with
>*all* drives powered on means the pests that are worried about on the
>regular drive are still there and just as virulent to screw up the
>secure drive. The expectation (but more like hope) is that user doesn't
>run any programs from that regular drive -- but then the user is the one
>that got that malware there in the first place.
Sure, but that's part of why I mentioned the issue - so it
was out there as something to be aware of.
>Expecting the user not
>to run the infected files on the regular drive while the secure drive is
>also powered up is just hoping the inevitable doesn't occur which has
>already occurred.
Seems pretty simple to me - now the OP knows that to prevent
that risk, nothing on the drive should be ran, opened, etc,
that has any risk of containing hostile code.
"CBFalconer" wrote in message news:46B6AC93.19B82876@yahoo.com...
> Wouldn't it be much simpler to just mount a Linux distribution?
<grins>
Only if the critical applications support that platform. Only boobs
pick an OS and then go hunting for their critical apps. We don't know
what applications are required by the OP for "financial transactions".
Could be browsing, might not. Could be a vertial market app that only
runs on Windows.
Switch the +5V supply to disk drive 
Linear Mode
