My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux.

From: grunes (grunes_at_yahoo.com)
Date: 05/25/03 

Date: 25 May 2003 10:25:00 -0700

-----------------------------------------------------------------

My Solution to Securing Windows 98, ME Against Network
Modification and Spying, using Linux.

(Caution: I am not a security expert, merely paranoid.)

Written by Mitchell R Grunes, grunes@yahoo.com, May 25, 2003.

-----------------------------------------------------------------

A fundamental flaw of Microsoft Windows is that it is not a
secure operating system, because there exist deliberate and
accidental security back-doors that let a remote computer user
break into, spy on, and modify your system. This is inevitable.
Tens of thousands of people were involved in creating it, or in
the drivers used to run 3rd party devices. If even 25% have
included their own deliberate back doors, and there are others
due to simple error, that is a lot of people with access to your
system.

To some extent this is also true of Linux, though what is
included in Redhat Linux, and many other Linux installations, is
"Open Source", where you can see the source code, which tends to
make it a little harder to create such back-doors, so Linux, and
open software in general should be considered a little more
secure. But accidental and sneaky deliberate back-doors still
exist in Linux.

-----------------------------------------------------------------

The closest thing to a secure operating system for PCs may be
OpenBSD (see http;//openbsd.org), but most software is not
available for OpenBSD. The big market is still Microsoft Windows,
and almost everything is available for it, and some web pages
only work with the extremely insecure Microsoft Internet
Explorer. It is slightly plausible, though unlikely, that
someone has created a hidden back-door in OpenBSD as well. Even
in that unlikely event, OpenBSD is still likely to be more
secure against ordinary hackers than anything else. Only my lack
of knowledge of OpenBSD prevents me from using it for this
application instead of Linux.

-----------------------------------------------------------------

Security and privacy are desirable for several reasons. It is
generally accepted that many software programs, such as almost
everything from Microsoft, Netscape, Real Player, CD-ROM burners,
etc., create detailed logs of things installed or used on your
computer, places you visit, music and videos copied, perhaps of
passwords, credit cards, etc., and send them off to various
internet sites. This may seem fine if all of your software is
legal, and you haven't used or copied any copyrighted music or
videos (if you have, privacy would really matter; I suggest it
is a good idea to be safe and legal in spite of the cost), but
it isn't, because what you use with these software programs may
be private information. Passwords and Credit card numbers can
be quite dangerous. Further, bad people may remotely use your
computer for illegal or immoral purposes, such as spam, stealing
info, or storing pirated software, music and videos and porn, for
which you are legally and financially liable.

Another issue exists if you leave a microphone or video camera
connected to your system. People can use them to spy on you.
A sneaky program can store the information when you are off-line,
then send it when you connect. I bet this is a lot more common
then most people realize. (They might even use it in a
commercial porn movie, though not legally.) Leave these
disconnected when you don't need them!

Once people manage to remotely install software on your computer
system, which they can do without your knowledge, it can do
anything bad that computer programs legitimately installed on
your system could conceivably do.

-----------------------------------------------------------------

A complete solution to computer security does not exist
(some internet sites like doubleclick.com may record information
in their own storage, instead of on your hard disk), but it is
possible to be more secure than most people. I am told that
hackers consider that they "own" most people's computer systems.
I.E., most people's computers have been broken into to spy on
them, or to use for their purposes. It might even be true.

-----------------------------------------------------------------

A very good solution to this problem is mentioned in

  http://www.heise.de//ct/english/99/11/206

in which you run entirely from CD. If you use a removable hard
drive (hard drives can be mounted on removable trays), then
there is nothing that windows can write to, other than its
temporary RAMDRIVE, and everything is forgotten when you turn
the computer off (I'm not sure a mere reboot wipes memory).
I haven't played with this yet, and can't speak to it.

-----------------------------------------------------------------

Here is my own solution, not nearly as good as running completely
from CD, but a little more convenient for me:

-----------------------------------------------------------------

I partitioned my hard drive, to leave room for multiple
partitions. The version of Windows that will see the net is on
one partition. Since disk space is cheap (Western Digital
recently briefly made 120 GB drives available through Circuit
City for $80), I will be quite wasteful. The following
partitions are desirable.

1. Windows 98, created in a slightly under 2 GB (2047 MB)
partition, just in case I run into any uses that get confused at
the 2 GB boundary. This was a clean new load, containing nothing
but the original software and device drivers. I did let
Microsoft's

  http://update.microsoft.com

update it for security (and to be really paranoid, first
downloaded and applied some of their security fixes on a seperate
load), but otherwise the machine had no network access during
this entire disk setup. NOTE: The only real way to make sure the
network can't see the system while you are setting it up is to
disconnect phone and internet cables! Windows 98 actually only
needs a few hundred MB, I was just leaving more extra space than I
actually needed. This allows room to grow, and room for virtual
memory swapping if you want to use large memory programs. (I
admit it slows down the back-up process a bit to have the
partitions this large.) Before installing the first windows 98,
you will want to use the FDISK and FORMAT commands from the
installation floppy to clean your disk of bad blocks created by
improper shutdowns:

fdisk/mbr (Installs a new master boot record. Will
                        later be replaced by GRUB boot loader.)

fdisk c: Use to create a single large partition
                        that encompasses the whole disk.

(reboot) (DOS/Windows need to be rebooted anytime
                        you re-partition, or they mess up the
                        partitions.)

format c: /u /c (Cleans everything, creates a new bad
                        block table.)

scandisk c: /surface (Looks for bad blocks; this takes a
                        long time.)

fdisk c: Get rid of that partition, create a new
                        2047 MB one, an extended DOS/Windows
                        partition containing the rest of the
                        disk, and any other desired DOS/Windows
                        partitions, as discussed below. FDISK
                        calls partitions inside "logical
                        drives". There is something to be said
                        for making all DOS and Windows
                        partitions the same size, so you can
                        easily over-write the backups of one
                        with the other, if you decide it is
                        more useful. The only problem is that
                        2 GB may be a bit small for Windows NT,
                        2000, 2003 and XP.
(reboot)

format c: /u /s (Will hold Windows 98.)

scandisk c: /surface (Because I'm not sure that the bad block
                        table survives repartition and format.)

                        You should also format and scandisk
                        partitions to be used for other Windows
                        installations. But note that to be usable,
                        DOS and Windows partitions for versions
                        prior to Windows 98 must be formatted
                        with the FORMAT from their own version,
                        because they can't use Windows 98 VFAT.

f: (or whatever drive letter corresponds to
                        the CD-ROM containing the Windows 98 CD,
                        including setup.exe)

setup Follow directions to install Windows 98.
                        Then install any device drivers you need.
                        If you need to download these from the
                        net, you will probably first want to go
                        through this whole document, back-up the
                        Windows 98 partition, download the
                        drivers to the exchange partition, then
                        restore the Windows 98 from back-up, and
                        apply the drivers. This prevents the
                        device driver web sites from
                        contaminating your setup, though some
                        device drivers may themselves be spyware.

-----------------------------------------------------------------

2. The DOS extended partition contains the remaining partitions,
as follows. Both the Windows partitions, and the extended
partitions should be created using Windows 98 FDISK, to make sure
everything is done right. Furthermore, it is essential that the
first partition, and the first partition in the extended
partition (partitions inside the extended partition are called
logical drives) be created by Windows, because Linux FDISK does
not always get all the btyes right when used to create partition
tables, according to its own documentation.

-----------------------------------------------------------------

3. A second Windows 98 partition, that will never see the
network. I use grub's HIDE command (see below) to alternately
hide different Windows partitions from each other. You could
also use the Linux fdisk command to change their partition type
to something Windows doesn't recognize. For now, you just create
this as an an empty formatted partition of the SAME SIZE as the
first Windows 98 partition (so it can be copied to from the
original, as mentioned below).

-----------------------------------------------------------------

4. An exchange partition which can be temporarally unhidden to
allow safe exchange of temporary files between operating systems.
This should be of type VFAT, which is what Windows 98 FDISK and
FORMAT usually create, because everything can read and write to
it. However, if you wish to use anything prior to Windows 98,
you may need a standard FAT partition. (The problem is that FAT
partitions don't handle long or mixed case file names right.)
You probably want this to be at least a GB, maybe another full
2047 MB.

-----------------------------------------------------------------

5. Any other DOS or Windows versions you want--e.g., 95, ME, etc.
There are a number of special issues associated with Windows NT,
2000, XP and 2003, that I haven't played with, because they need
a special boot loader. In partitcular, you would need to install
their boot loader, then, in a later step, use the GRUB bootloader
installation to make a copy of it that GRUB can boot. As I said,
I haven't tried this with this setup, so I can't help you.

As mentioned above, you initially just create space for the
partition, maybe format them with a version of DOS or Windows
FDISK which is at least as old as the operating system in
question. Later, we will use Linux or GRUB to hide the DOS and
Windows partitions from each other while installing those other
Windows system partitions.

-----------------------------------------------------------------

6. A reasonably full version of Redhat Linux 9 (9 is desirable,
because it can use that VFAT partition), if you want it. Maybe
two, one which will see the net, one not. These versions of
Linux should not mount each other's partitions, though if you
aren't too paranoid, they might share the same SWAP partition.
Each time you will create a boot floppy, and install the GRUB
boot loader on the MBR (master boot record), so you can play with
the new partition, but that boot floppy will not be needed once
the partition mentioned in step 8 has been properly configured. I
generally create Linux in a single partition, mounted as /,
rather than creating a seperate /boot partition, to keep things
simple. Remember: the only time anyone can figure out how to
configure Redhat Linux is at install time, so do everything
right then, or you will end up re-installing.

-----------------------------------------------------------------

7. One or more Linux SWAP partitions, so you can run large
memory programs. I think you can safely use partitions with up
to 2047 MB. If you have space, make two of them, so you can run
multiple BIG programs.

-----------------------------------------------------------------

8. A tiny (say, 750 MB) extremely minimal version of Redhat
Linux 9, that will never see the net, that contains no fancy
utilities that are unsafe. It is this version that will be used
to back up your Windows and Linux systems, and which will contain
the /etc/grub.conf file that configures the final GRUB boot
loader. I haven't yet tried creating this with a /boot partition,
and just using that. Maybe that would let it be smaller, but
I'm not sure it would work.

-----------------------------------------------------------------

9. OpenBSD, or other operating systems, if you want them.

-----------------------------------------------------------------

10. A really big Linux partition, which will just be used for
back-ups, but has no operating system.

-----------------------------------------------------------------

When I create the version of Linux mentioned in step 8, I make
sure to mount the other linux and VFAT partitions. For example, I
associate /dev/hda1 (the first partition on the first IDE drive)
with directory /hda1, /dev/hda5 (the 5th partition on the first
IDE drive) with /hda5, /dev/hdb1 (the first partition on the
2nd IDE drive) with /hdb1, etc. I forget how to use SCSI device
names, as I think SCSI drives are a waste of time and money
(having a SCSI controller seems to increase boot time many fold),
but the idea should be similar. Note also that Linux considers
the first partition inside the extended partition to be numbered
5 (e.g., /dev/hda5), even if there is only one primary partition,
as is true in my proposed setup.

The Linux 9 install will not get all these things right in the
/etc/fstab that configures the mounts. In my case it confused
which partitions were vfat (DOS/WINDOWS VFAT) which were
ext3 (Linux), and which were Linux swap, so, after install, you
may want to make sure it has created all these directories, and
get your /etc/fstab to look something like:

# Version created by mitch. This boot has access to everything.
# Lines starting with "#" are comments.
#Principle Windows 98, with networking
/dev/hda1 /hda1 vfat defaults 0 0
#2nd Windows 98, never connects to network
/dev/hda5 /hda5 vfat defaults 0 0
#Windows ME, never connects to network
/dev/hda6 /hda6 vfat defaults 0 0
#Shared (exchange area) VFAT drive
/dev/hda7 /hda7 vfat defaults 0 0
#Big Redhat Linux 9
#/dev/hda8 /hda8 ext3 defaults 0 1
#Linux swap area
/dev/hda9 swap swap defaults 0 0
#(This) Tiny Linux
/dev/hda10 / ext3 defaults 0 0
#Big Linux partition, used for backups
/dev/hda11 /hda11 ext3 defaults 0 0
#Floppy disk drive
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
#CD/DVD reader
/dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0
#CD RW
/dev/cdrom1 /mnt/cdrom1 udf,iso9660 noauto,owner,kudzu,ro 0 0
#I'm not sure what these are, but Linux 9 adds them, so I do too.
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0

-----------------------------------------------------------------

Obviously that needs modification for your particular layout.

By the way, tabs and spaces seem to mean the same thing in
/etc/fstab. Note that I have left the final field to be 0
for most of the partitions, especially the VFAT partition,
so you will not waste time with fsck at boot time. Besides, I
don't trust Linux's fsck to handle VFAT partitions. Some people
would say the other Linux system partitions should be fscked,
so the last field should be 1 for the other ext3 partitions.
Most of the time that will not take much time at boot, but Linux
always wastes a lot of time on the VFAT partitions marked for
fsck.

-----------------------------------------------------------------

None of the other Linux system partitions should contain
/etc/fstabs that mount each other or the VFAT drives, or they
could contaminate each other.

-----------------------------------------------------------------

A really important step is to reconfigure the GRUB boot
installer in the partition mentioned in step 8. It must hide
system Windows partitions from each other, and from networked
Linux partitions, for safety, and because Windows does not work
right if there is more than one recognizable system Windows
partition. For example, here is a sample /etc/grub.conf file:

#Comment lines start with #. Note that grub boot-time partition
#numbers are one less than Linux partition numbers, e.g.:
#(hd0,0) /dev/hda1 Windows 98
#(hd0,4) /dev/hda5 2nd Windows 98, no network
#(hd0,5) /dev/hda6 Windows ME, no network
#(hd0,6) /dev/hda7 Exchange VFAT area
#(hd0,7) /dev/hda8 Big Linux
#(hd0,8) /dev/hda9 Linux Swap
#(hd0,9) /dev/hda10 Tiny Linux, no network
#(hd0,10) /dev/hda11 Big ext3 file for backups
default=0
timeout=4
splashimage=(hd0,9)/boot/grub/splash.xpm.gz
#Note that makeactive only works right for the primary
#Windows partition, and would mess things up on anything
#else.
title /dev/hda1 Windows 98
        unhide (hd0,0)
        hide (hd0,4)
        hide (hd0,5)
        hide (hd0,6)
        rootnoverify (hd0,0)
        makeactive
        chainloader +1
title /dev/hda1 Windows 98, with shared partition
        unhide (hd0,0)
        hide (hd0,4)
        hide (hd0,5)
        unhide (hd0,6)
        rootnoverify (hd0,0)
        makeactive
        chainloader +1
title /dev/hda5 2nd Windows 98, do not connect to network
        hide (hd0,0)
        unhide (hd0,4)
        hide (hd0,5)
        hide (hd0,6)
        rootnoverify (hd0,4)
# makeactive
        chainloader +1
title /dev/hda6 Windows ME, do not connect to network
        hide (hd0,0)
        hide (hd0,4)
        unhide (hd0,5)
        hide (hd0,6)
        rootnoverify (hd0,5)
# makeactive
        chainloader +1
#Redhat Linux 9 installer does this all wrong. It uses labels instead
#of explicit drive names and numbers, which leads to incorrect booting.
#I did it right.
title /dev/hda8 Big Redhat Linux 9
        hide (hd0,0)
        hide (hd0,4)
        hide (hd0,5)
        root (hd0,7)
        kernel /boot/vmlinuz-2.4.20-8 ro root=/dev/hda8 hdd=ide-scsi
        initrd /boot/initrd-2.4.20-8.img
title /dev/hda10 Tiny Redhat Linux 9, no net, sees all
        unhide (hd0,0)
        unhide (hd0,4)
        unhide (hd0,5)
        root (hd0,9)
        kernel /boot/vmlinuz-2.4.20-8 ro root=/dev/hda10 hdd=ide-scsi
        initrd /boot/initrd-2.4.20-8.img

-----------------------------------------------------------------

If you later install another operating that over-writes the boot
loader, you should use the boot floppy made from the tiny "sees all"
Linux partition to boot it, go into /etc, and type
  grub-install /dev/hda

-----------------------------------------------------------------

Be sure to copy the /etc/fstab and /etc/grub.conf files from the
tiny Linux partition into the big backup partition.

OK. Now for back-ups. Here is a backup.sh file in the big Linux
back-up partition, that you can run using
   source backup.sh
It back ups partition /hda1, the first Windows 98:

#This mount creates an error message, that can
#be ignored, if it is already mounted.
echo "mount /hda1"
      mount /hda1
#We write lots of zeros into the unused part of
#the partition, so it will compress well.
#
echo
echo "cat /dev/zero > /hda1/junkzero"
      cat /dev/zero > /hda1/junkzero
# If the partition were larger than 2048 MB, we
# might want to write more zeros, with something like
# cat /dev/zero > /hda1/junkzero2
# cat /dev/zero > /hda1/junkzero3
# ...
echo
echo "rm -f /hda1/junkzero*"
      rm -f /hda1/junkzero2
echo
echo "umount /hda1"
      umount /hda1
#Copy and compress the disk partition image
echo
echo "cat /dev/hda1 | gzip -c - > hda1back.gz"
      cat /dev/hda1 | gzip -c - > hda1back.gz
#Just in case something goes wrong, make another!
echo
echo "cat /dev/hda1 | gzip -c - > hda1back2.gz"
      cat /dev/hda1 | gzip -c - > hda1back2.gz
echo
echo "ls -lad *.gz"
      ls -lad *.gz

-----------------------------------------------------------------

This backup can be restored, and should be every few days, to
wipe network induced changes, or after you have used your credit
card number, by booting up the tiny linux and:

   umount /dev/hda1
   zcat hda1back.gz > /dev/hda1

In fact, you can create your second (non-network) Windows 98
setup by
   unmount /dev/hda5
   zcat hda1back.gz > /dev/hda5

Then boot up that windows version, go into the control panal for
the network, and delete the entries for the modem and ethernet
adaptors, to make mistakes less likely. However, physically
disconnecting the network and modem cables is the only way to be
sure.

I don't know how to make sure a Linux system partition can't
access the net; you must just be careful to keep cables
disconnected.

In general, after you have used this setup to hide Windows
partitions from each other's system boots, you can finish
installing the other windows.

-----------------------------------------------------------------

You can do something quite similar to back up the other Windows
and Linux partitions, other than the tiny Linux partition itself.
I'm not sure that it would work right for a mounted drive, so the
tiny Linux partition probably can't be used to back-up itself. If
it goes bad, re-install it. I guess one could have two safe
(not-networked) partitions, and use each to back-up the other.

-----------------------------------------------------------------

It is a good idea to copy your back-ups and other files from
the big back-up partition to CD-ROM. After all,
a really malicious program could mess up partitions even if they
aren't mounted or its operating system doesn't understand them.
If you only know how to do this using a Windows program like
EZ CD-Creator, just copy the desired backup file to the exchange
partition, bring up the non-networked version of windows to make
the CD, do so, then delete all files from the exchange partition.
Get back into the tiny Linux, and do something like
  mount /dev/hda7
  rm -rf /hda7/*
  cat /dev/zero > /hda7/junkzero
  rm -f /hda7/junkzero
to get rid of all traces of the back-ups in the exchange
partition.

-----------------------------------------------------------------

I hope in the future to migrate to the idea of running off of
CD that was discussed in that earlier mentioned link

  http://www.heise.de//ct/english/99/11/206

but to also include Linux on that CD. Any time I connect to the
net, the hard drive with my private stuff will be out of the
machine. If I must download stuff, it will be to a floppy, zip,
or re-writable CD drive. I'm not yet bright enough to figure how
to do this yet.

-----------------------------------------------------------------

In any event, it is critical that after setup you remember to

1. Disconnect modem and internet cables before booting the
machine from partitions that are not supposed to see the network.
In fact, if you are paranoid, you will disconnect before every
boot, because your BIOS a vulnerability during boot.

2. You must periodically (certainly every few days) refresh the
partitions from their back-ups, preferably CD-ROM versions, to
get rid of what the world has done to them.

3. Also, never use your own machine to post or read email or
usenet discission groups with a mail program or news reader. Much
safer to do email through a website like

  http://mail.yahoo.com

(and click on secure, to get the https link)

and usenet through a website like

  http://deja.com

This is because most email and usenet programs have major
security flaws.

4. Use the msconfig program (Start-up Menu -> Run -> msconfig
to reduce start-up processes to an absolute minimum. Not only is
this more secure, you will crash a lot less often. Use the disk
clean-up (something like Start-up Menu -> Accessories -> System
-> disk cleanup) to clean out everything it will let you often,
then use Start-up Menu, Find or Search to get rid of cookie and
history files. While you are at it, try to set up your browser
to kill cookies at the end of every session. You won't
completely succeed, the bad guys are always hiding things, but it
will make you feel better.

5. Leave your microphone and video camera disconnected any time
you aren't using them, and dress properly when you are.

6. Use a good virus checker, and a pseudo-firewall program like
Zonealarm (zonelabs.com) to make spyware and malware work a
little harder. Most evil people are just as lazy as anyone else,
and prefer to go after those who take no precautions.

6. Pray no one gets too sneaky.

7. Pray that someone takes over Microsoft who cares about
security.

-----------------------------------------------------------------

Relevant Pages