Changing Linux system files by malware from another OS. Is it possible?
Is it possible to infect important Linux system files with a malware from another operating system? For example, you are using Windows, you have a disk with the Debian operating system connected. You "caught" (on Windows) a malware that aims to modify Linux system files. Will the Linux kernel notice the change in these files? Does it perform some sort of "integrity check" on system files? Or is it better to unmount the drive with Linux when using Windows or another "risky" OS?
morde last edited by
Is it possible that Windows malware modifies an installed Linux partition?
Let me ask you the inverse: What would make you think that it is impossible? Indeed, when thinking about it that way, it makes it pretty clear that it's at least possible. Nothing really prevents malware from mounting the partition and manipulating the files on the partition, including the kernel.
Does that mean it's likely that malware would do that. Not really. If you think about it, the moment malware runs on your Windows OS, the attacker can already run code on your machine. There is little to gain from writing malware that would only target a fraction of the users (Windows users who have Linux installed on a secondary partition), when they already have an OS they can exploit.
Does the kernel notice these changes?
No, because that's pointless. If malware can directly write to the linux partition, it can simply install its own kernel, which removes this check - would it exist.
Is it better to unmount this drive?
Disconnecting is even better. If the computer has no way to write to a disk, then malware can't overwrite it.
Is Windows a "risky" OS?
Windows is just as secure as Linux is, depending on how you set it up. The fact that most malware targets Windows stems from the fact that 3 out of 4 desktop PCs run Windows.