Can windows viruses affect my encrypted linux partition on the same disk?

windows encryption malware
5,358

Solution 1

Yes, absolutely. Any program running on your user account has the ability to do anything that you can do - that includes modifying disks, as long as you have access to them in Explorer. Raw disk access requires administrator permissions, but there are still a lot of evil things that you can do as a standard user account to corrupt a Linux installation, like formatting the partition.

Note that Windows is a fundamentally insecure OS, and if you are concerned about it being able to tamper with your Linux installation, you should be running it in a sufficiently sandboxed virtual machine.

If your computer has a TPM (most recent machines do), it might be possible for you to enable Secure Boot with disk encryption, which would prevent a bare-metal Windows from reading your Linux data (but not corrupting it). It would also prevent it from installing a rootkit in kernel-space (...by bricking your Linux install if it tries), but it wouldn't prevent reflashing/infection of the BIOS like some of the other answers here describe.

Note that UEFI is not separate from the BIOS as some answerers claim. UEFI is simply an interface that some modern BIOSes implement as an alternative (or the only) way of booting the system. Therefore any "UEFI malware" is actually just BIOS malware.

Solution 2

Only indirectly: Windows also has BIOS/UEFI malware. That could affect your ability to boot your system including non-Windows systems like Ubuntu. A full disk wipe is also possible.

Only viruses targeted at Linux would affect Ubuntu. There are currently zero viruses active that are targetting Linux the way Windows can be infested. We desktop users are still a lot more better protected out of the box than Windors users.

A fully updated current Ubuntu could have an unknown bug in a software someone could abuse to get a virus onto your system but there is currently not a method where a malware infects millions of systems by releasing that virus. Your system would be targeted specifically to attack you.

You can install a virus yourself by downloading it as part of another software but that would be from an unsecure source and we just do not do that. All of our ways of installing software are through trusted sources.

If possible I would suggest to use two separate systems if you want to use Windows and Ubuntu. And you can then also use the Ubuntu system to check all incoming traffic to the Windows system.

When you ...

  • use a decent admin password and do not input it when you do not expect it
  • use backups for your essential data and store them with a timestamp on another machine
  • keep your system updated
  • do not install software you do not need
  • use it as a desktop (so no server tools like an ftp server, fileserver, website on yours system). If you use those you are in need of some extra tools.
  • preferably stay away from Windows; but you can use clamav for instance to scan Windows

the chance of having a virus are close to zero. But these are basically normal things for an Ubuntu user and not specifically to prevent a virus.

Solution 3

Yes: malware on Windows could modify the bootloader of you Linux system. This modified bootloader could then for example save the encryption key to your disk once you provide the password to unlock your disk or it could further infect the then unlocked disk. There are no known virusses doing this, but it's entirely possible this exists and just has not been detected yet.

A way to defend against malware modifying the bootloader is Secure Boot. Unfortunately, a lot of Linux install tutorials make you turn Secure Boot off.

Solution 4

Short answer: yes.

Longer answer: yes, but unlikely (too rare target to bother) and if they do, they will more likely destroy/damage your Linux partition than access data there (it's possible, but way too tricky for most malware).

About why and how is said enough in other answers.

Share:
5,358
anon
Author by

anon

Updated on January 04, 2023

Comments

  • anon
    anon over 1 year

    Can Windows viruses affect my encrypted Linux partition on the same disk? I just want to use Windows but I am concerned.

  • Admin
    Admin almost 2 years
    Well, a Windows virus which wipes the disk device will certainly directly affect your Linux partition, encrypted or not. Good backups are especially recommended these days with a Cyberwar ongoing.
  • Admin
    Admin almost 2 years
    can it read my data on the linux partition?
  • Admin
    Admin almost 2 years
    if the partition is encrypted no; at most someone can copy the whole encrypted partition. Then they would still need your key. Brute forcing a good key would take a lot of years. If the partition can be active when windows is active yes.
  • Admin
    Admin almost 2 years
    ‘Unfortunately a lot of Linux install tutorials make you turn Secure Boot off’ Mostly because it provides little benefit for a typical user on a single boot Linux setup and is known to cause issues on a number of systems.
  • Admin
    Admin almost 2 years
    Malware could modify the bootloader, but unless you're being targeted by someone like the NSA, you're not going to encounter such malware. Almost all malware targets the common case, which is a pure-Windows system.
  • Admin
    Admin almost 2 years
    Brute forcing a bad key could take seconds, however.
  • Admin
    Admin almost 2 years
    If you're turning off secure boot then you won't be able to boot modern Windows anyway. I personally haven't had a problem with secure boot on either of my Ubuntu systems, other than you cannot hibernate.
  • Admin
    Admin almost 2 years
    "all known viruses need to be installed by a user" - That's just not true... There are plenty of RCE vulnerabilities and therefore malware that can exploit them. Sure, they're patched quickly, but not everyone is up-to-date. The thrust of your answer is still correct though.
  • Admin
    Admin almost 2 years
    In what ways is Windows "fundamentally insecure"?
  • Admin
    Admin almost 2 years
    @PCLuddite There are many things that can be corrected manually, like user accounts being administrator by default, and Windows Update destroying your system constantly, but there are also some things that can't, like the general architecture on top of NT being kind of shoddy. The vast majority of the operating system itself has also proven to be quite insecure in practice. NSA backdoors/exploits for example. Linux and macOS are not subject to the same kinds of vulnerabilities that are found in Windows, mostly because the architecture is not only different, but generally more secure.
  • Admin
    Admin almost 2 years
    Note that my comment about Windows being fundamentally insecure was mostly just in passing. There are reasons why you might want or need to have Windows installed, but I prefer to foster a healthy understanding of the fact that Windows is not optimal for any problem. Most of my interactions with it tend to be trying to get it to stay out of the way
  • Admin
    Admin almost 2 years
    Ill rewrite it. I forgot to reread what I wrote and I made a few errors in my sentences :-)
  • Admin
    Admin almost 2 years
    @Rodney, I am running Windows 11 with BIOS legacy mode enabled and secure boot disabled. Rufus disables the UEFI, TPM, and secure boot check in the installer.
  • Admin
    Admin almost 2 years
    @XP1 ah OK, but I think if you want to dual boot along side the factory install of Windows you won't be able to disable secure boot?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using nxlog to ship logs in to logstash from Windows using om_ssl
can windows virus affect Linux machine through wine?
How to Decrypt a Windows folder in Ubuntu
How to install Ubuntu alongside BitLocker encrypted Windows 10?
How to access encrypted Ubuntu 16.04 files from Windows 10 in a dual boot system?
Remove RECYCLER directory from virus infected flash drive
What is the "Wanna Cry" ransomware's possible impact on Linux users?
Use (Windows) BitLocker-encrypted drive on Ubuntu
Windows/Linux dual boot full disk encryption
Veracrypt options disabled