Windows guru requested - Securing Windows

[Peter Fairbrother]

Ivan Krstic wrote:

> Peter Fairbrother wrote:
>> Bot from CD, create a memory FS, union mount it to the main windows fat-32
>> FS, with the fat-32 fs mounted read-only, boot Windows? That way any changes
>> to the files would be wiped out when the power was switched off, and the
>> fat-32 fs would remain untouched.
> 
> I don't quite understand this. The concept of mounting a FS is an OS
> operation, so to say "mount the FS read-only and then boot the OS" is
> nonsensical. 

In eg BSD's you boot a kernel which mounts the FS's which gives the kernel
access to the rest of the OS. The kernel is part of the OS, but in eg
OpenBSD it's about 3 MB, whereas the entire OS is much bigger.

Or something like that, it's been a few years since I last made an OpenBSD
live CD distro.


I am referring to OS plus apps really - I want the activity to leave no
trace. Windows OS stores traces in eg "recent documents" as well as in swap
and temp files, and an application might also store "recent documents"
somewhere (plus, for the worried, there's all BG's backdoors - and for the
knowing, there's the "file last modified" etc variables).

In order that all of this is caught I'd like _every write_ to be either to a
steganographic FS in a USB flash key or stored somewhere it can be erased
when the computer is switched off - and a union mounted ramdisk over a
read-only main FS seems like a very good place for the latter.

I do not have the time, inclination, ability, or access to source needed to
dissect everything a Windows OS does. Something like "Windows Washer" is no
use.


> If taking the Linux live CD route isn't acceptable, your
> best bet would be to start looking at something like BartPE:
> 
> http://www.nu2.nu/pebuilder/
> 
> You might want to contact Bart directly
> (http://www.nu2.nu/contact/bart/) and ask him for advice on how to proceed.

That's a helpful suggestion, thanks.