G+_Ben Reese Posted February 8, 2016 Share Posted February 8, 2016 I was watching TNSS #38 and Nathaniel from Perth wanted two different Windows installs - one for gaming and one for school. His concern was that he might pickup CryptoLocker on one install which would infect both (since both installations of Windows can see both drives). These are both software solutions which they were trying to avoid on the show, but software solutions are also cheap and usually easier... 1: Unmount the other drive/partition in Windows Disk Manager (or using the DiskPart utility). My understanding is that CryptoLocker typically searches all attached drives - which requires that they're mounted. Unmounting drive-D essentially removes access to that drive and admin rights are required to re-mount that drive letter. 2: Install one or both to VHDs. Windows 7 and higher let you create a Virtual Hard Disks and install Windows to them. It's a bit of work to setup at first, but works great once it's going. I don't think the physical drive/partition has to be mounted inside the OS, which would also limit viruses to only that drive. The downside to this is that I don't know that booting to VHDs is supported by UEFI, so BIOS may need to be set to "legacy" boot mode. Any thoughts on why this is a bad idea? Link to comment Share on other sites More sharing options...
G+_Steve Martin Posted February 9, 2016 Share Posted February 9, 2016 A VHD is just a file on the operating system FS. So if CryptoLocker can see it, I imagine it can encrypt it and hold it hostage. Taking the volumes completely offline seems the best bet. Link to comment Share on other sites More sharing options...
G+_Ben Reese Posted February 9, 2016 Author Share Posted February 9, 2016 Yes, but my point is that the file doesn't have to be accessible by the OS. For example, I've been booting to VHDs for a few years on my desktop. Here's a screenshot of the drive where that VHDX file lives currently: https://goo.gl/photos/xfN98jLVV2hVw3sE8 I just unmounted that volume (screenshot with the drive letter gone: https://goo.gl/photos/n48mBxqgDWzvuV347), but Windows is still running fine. I can multi-boot with other VHDs or physical partitions. Link to comment Share on other sites More sharing options...
Recommended Posts