Windows guru requested - Securing Windows

[Peter Fairbrother]

John Brazier wrote:

> Peter asked:
> 
>> Bot from CD, create a memory FS, union mount it to the main windows fat-32
>> FS, with the fat-32 fs mounted read-only, boot Windows? That way any
> changes
>> to the files would be wiped out when the power was switched off, and the
>> fat-32 fs would remain untouched.
> 
>> Mount a steganographic FS read/write on eg a USB key (or a different
>> partition) on / with a hard-to-guess name. Secret files should be saved to
>> this fs.
> 
> If your expertise is in something like Linux, why not just boot into a Linux
> CD distro and give it a 'Windowsy' GUI for the user? You can still access
> FAT32 or NTFS disks (which you want read-only), and I suspect you'd end up
> with a lot more memory.

That's what I did in the early versions of m-o-o-t, except the OS was
OpenBSD-based. 

I could improve on that, maybe do a Linux/Knoppix version, but it still
would not drive some hardware, and it would still not be what the user was
used to.

In order to include the real luser newbies, it occurred to me that it might
be good to just let them use their ordinary setups, with just a few extra
programs and tweaks. New GUI background so he knows where he is, a slightly
different mail program, and _no unintended writes_. Intended writes go to a
SFS on a USB stick.



It's just brainstorming at the moment. I am considering completely changing
the form m-o-o-t will take.

I have a "bootable" USB stick, which is giving me all sorts of ideas too.


> In direct answer to your question, please see http://www.litepc.com/.

Had a quick look, will look some more.


-- 
Peter Fairbrother