Can windows viruses affect my encrypted linux partition on the same disk?

Question

Can Windows viruses affect my encrypted Linux partition on the same disk? I just want to use Windows but I am concerned.

Answer 1

Only indirectly: Windows also has BIOS/UEFI malware. That could affect your ability to boot your system including non-Windows systems like Ubuntu. A full disk wipe is also possible.

Only viruses targeted at Linux would affect Ubuntu. There are currently zero viruses active that are targetting Linux the way Windows can be infested. We desktop users are still a lot more better protected out of the box than Windors users.

A fully updated current Ubuntu could have an unknown bug in a software someone could abuse to get a virus onto your system but there is currently not a method where a malware infects millions of systems by releasing that virus. Your system would be targeted specifically to attack you.

You can install a virus yourself by downloading it as part of another software but that would be from an unsecure source and we just do not do that. All of our ways of installing software are through trusted sources.

If possible I would suggest to use two separate systems if you want to use Windows and Ubuntu. And you can then also use the Ubuntu system to check all incoming traffic to the Windows system.

When you ...

• use a decent admin password and do not input it when you do not expect it
• use backups for your essential data and store them with a timestamp on another machine
• keep your system updated
• do not install software you do not need
• use it as a desktop (so no server tools like an ftp server, fileserver, website on yours system). If you use those you are in need of some extra tools.
• preferably stay away from Windows; but you can use clamav for instance to scan Windows

the chance of having a virus are close to zero. But these are basically normal things for an Ubuntu user and not specifically to prevent a virus.

Answer 2

Yes: malware on Windows could modify the bootloader of you Linux system. This modified bootloader could then for example save the encryption key to your disk once you provide the password to unlock your disk or it could further infect the then unlocked disk. There are no known virusses doing this, but it's entirely possible this exists and just has not been detected yet.

A way to defend against malware modifying the bootloader is Secure Boot. Unfortunately, a lot of Linux install tutorials make you turn Secure Boot off.

Answer 3

Short answer: yes.

Longer answer: yes, but unlikely (too rare target to bother) and if they do, they will more likely destroy/damage your Linux partition than access data there (it's possible, but way too tricky for most malware).

About why and how is said enough in other answers.

Answer 4

Yes, absolutely. Any program running on your user account has the ability to do anything that you can do - that includes modifying disks, as long as you have access to them in Explorer. Raw disk access requires administrator permissions, but there are still a lot of evil things that you can do as a standard user account to corrupt a Linux installation, like formatting the partition.

Note that Windows is a fundamentally insecure OS, and if you are concerned about it being able to tamper with your Linux installation, you should be running it in a sufficiently sandboxed virtual machine.

If your computer has a TPM (most recent machines do), it might be possible for you to enable Secure Boot with disk encryption, which would prevent a bare-metal Windows from reading your Linux data (but not corrupting it). It would also prevent it from installing a rootkit in kernel-space (...by bricking your Linux install if it tries), but it wouldn't prevent reflashing/infection of the BIOS like some of the other answers here describe.

Note that UEFI is not separate from the BIOS as some answerers claim. UEFI is simply an interface that some modern BIOSes implement as an alternative (or the only) way of booting the system. Therefore any "UEFI malware" is actually just BIOS malware.

Answer 5

Malware, yes. Viruses yes. If it had access to the disk it can wipe it, or just tracts of it, even.

Bear in mind a virus must live long enough for the host to reproduce and spread it.

So can badly written software though.

In the mid 1980's I used Norton Utilities to wipe the free space on my C: drive. I had a D: drive on the the same physical disk. It erased the D: drive entirely as free space. Recovering from 360K floppies was not fun, and ultimately not successful. Lesson learned.