Protect Windows drive from access from Linux?

se
33

Story (can be skipped if you don't like reading)
The school requires the use of Proctorio software for an online exam,
which gets full access to the system. That sounds like spyware (or at least a program with fundamentally dangerous authorization), which we also have to install ourselves.
In order not to expose my Windows system to this spyware, I made a Linux stick. Unfortunately, you still have access to my Windows files, which should in principle not fall into the wrong hands.
What can I do to destroy / block the function to mount hard disks in Linux so that it can no longer reach the spyware?

Set up
+ Windows laptop
+ Linux boot stick

problem
Access to Windows hard drive and all its data
is possible from Linux.

Unwanted solutions
+ Cumbersome switching on and off of the hard disk in the BIOS / UEFI
+ Cumbersome installation and removal of the hard drive
+ Changes to the Windows operating system

Solution I hope for:
What can I do to destroy / block the function to mount hard disks in Linux so that it can no longer reach the spyware?

Sw

Use Virtualbox and install the program in a virtual machine.

se

Is this not noticeable and is prohibited?
I mean that is no longer protected against grinding,
if you can open other programs in your main system…

Sw

I can't tell you if that's forbidden. It can attract attention.

What is "undercut"?

You can't normally open other programs in your main system from a virtual machine.

pl

Dialect for deception / attempted deception.

se

Of course you can.
A Virtual Box window with Linux and some program
a second with Firefox. Leave the mouse pointer set to do not catch
and I can leave the virtual environment whenever I want.
Couldn't the use of a VB be an attempt at deception?
Therefore a possibility to deprive Linux sticks of the feature of reading NTFS.

pl

Remove ntfs3g and, if the ntfs kernel module is present, remove / blacklist. So at least NTFS volumes are unknown foreign country ;-).

se

That sounds like what I want.
Are there any tutorials that are recommended?

Sw

Software that has complete control over the system could also have NTFS support.

se

Yes, I've already thought about it: /

Sw

That's true. The question is whether it really is.

pl

This is somewhat distribution-specific, but uninstalling ntfs3g should be a walk through.

As for the kernel module, you could just delete the file - if the stick is not used otherwise.

Dr

What can I do now to mount the hard disks function on Linux

What could the opposite of mounting be called? Right, unmount! 😉 Make friends with the terminal and unmount the plates that should not be hung. Read the linked article carefully and unhook the plates.

https://devconnected.com/how-to-mount-and-unmount-drives-on-linux/

se

The stick is created for this purpose only.
The distro used in this case is Xubuntu.

pl

Then Brutalinski: Set hard disk size to 0 (DCO / HPA) and then a feature freeze. Then it read out: -D.

se

I know all that, but the problem here is that the spyware certainly knows how to re-mount unmounted hard drives.

Sw

If the application has root privileges, this can also be changed.

pl

No, after a freeze you need a cold boot. Not even a soft reset can help as with a normal reboot.

Sw

Sure a kernel mod couldn't handle it?

se

That sounds perfect!
Are there any instructions on this
(I'm unfortunately not that firm in Linux)?

pl

If at all, then at most with undocumented functions that are manufacturer-specific. When I set up an HPA, freeze and warm restart, the kernel detects the HPA and says it can't reset it.

I should even be able to mask with DCO, i.e. An identify provides something completely different and can also conceal the fact that the HPA exists.

-----

But: To pop around in the area needs to be extremely well considered. Pulling cords is definitely safer and easier.

se

Are we still talking about manipulation of the Linux stick at HPA (Host Protected Area), or have we already reached manipulation of the Windows hard disk?

pl

Hard disk - you ultimately change the configuration context of the hard disk until the next cold boot - you can do this during the boot process.

But as I said, nothing I would do lightly.

se

https://support.blancco.com/pages/viewpage.action?pageId=15181398
After reading this I understood: you shouldn't mess around with it, because you can use it to shoot / overwrite things that you would otherwise not have access to.

Ma

Proctorio is not spyware; on the contrary, it creates a secure testing platform. Full access to the system is only intended to avoid fraud attempts and to lock out possible malware.

https://pruefungendaheim.de/proctorio/

se

+ "no spyware"
+ "Full access to the system"
Um, yes I would rather play it safe…

Ma

You are also spyware because you have full access to the system.

You don't play it safe with an experimental Linux. Since you don't seem to know anything, you're probably breaking more than necessary. Instead, use a second computer or install a second Windows as a pure work platform without access to the previous one.

se

You are also spyware because you have full access to the system.

Yes, but I can spy on myself. It's my data.

Use […] a second computer or install a second Windows as a pure work platform without access to the previous one.

Yes, that was my backup plan. But before that, I wanted to know if there might be a better solution with Linux bootsticks, because this backup plan would require hardware that is not available to me in the long run.

mo

What happens if a third party comes with another USB stick that still has the modules?

mo

The question could also be: how do I protect a Windows system from viruses?

Since Windows does not have a suitable rights system, this is not possible.

se

This is off topic here. This question is about a program with potentially dangerous permissions for which a secure environment is sought.
yes then you would have access to the Windows files again

se

EDIT: not with the HPA solution,
but that would be the case with the ntfs3g solution

mo

There's probably only the encryption of Windows folders and / or files. No Linux program can then read them without the corresponding password. Delete of course at any time.
Unfortunately, Windows does not know how to mount.

Who would have any idea that with me (Linux) there are files in a folder, but which are then "overmounted" when the system is booted, ie invisible?

cr

Does the sudo program have rights? (So whether you have to start the program with the admin password) If no, it can't mount the disks at all.