Why am I allowed to access protected Windows files when I boot Ubuntu from USB?

The file and folder/directory permissions on an operating system are managed and enforced by... you guessed it right, that operating system (OS). When the operating system is taken out of the picture (booting a different operating system), then those permissions become meaningless.

One way to think of it: You hire a big bodyguard (OS) to protect your house. You give him a list (permissions) of the allowed guests (users) and which areas (files and folders) they're allowed to visit. How useful are those lists when the bodyguard is asleep (not booting from that OS)?

Generally, it is assumed that once an attacker has physical access to your system, they own your system. Even a BIOS password won't help you in this case. One way to solve this problem is using full-disk encryption using software such as TrueCrypt, Bitlocker, and others.

The problem, in your case, is that you'll have to setup a password (or key) to be inputted whenever you reboot the system. Weigh in your options and decide.


Because Windows only shows you what they think you should see, and other operating systems don't necessarily care and just show you what's on the disk. That is the gist of it.

It's not a Microsoft conspiracy; Microsoft protects Windows' system files from being damaged this way. You can access it if you know some fairly sophisticated tricks and manage to run explorer with "SYSTEM" permissions (these go above Administrator), or simply boot another operating system that does not implement these restrictions.

Sidenote: Viruses love these places. Almost every virus I've seen nested itself in System Volume Information, a folder in the root of each Windows drive where you cannot normally go without system permissions. Even the Administrator, who can usually get access to every file even if he denies himself all possible permissions on it, cannot go into that folder. Luckily anti-virus products also go there and they detect anything that shouldn't be there, but it's a caveat to keep in mind. For example I used to scan my computer from a remote machine with read-only permissions, but that is not enough because remotely (using SMB) you usually can't access these system protected folders.

If you want to protect people from simply reading what's on your harddrive, you need disk encryption (which will ask you for a password upon booting, just like a BIOS password would). Otherwise it will always be trivial to boot another OS and read the harddrive's contents. Even if you have a BIOS password, it's still fairly trivial to take the harddrive out. With most laptops and desktops, provided that noone is around, you can get a harddrive out, copy a few gigabytes, and put it all back within 5 minutes.


Isn't there a way to prevent people from doing this, without putting up a password on the BIOS?

There is a way to prevent people from doing this and it is called Full Disk Encryption


Here is the Mac attack vector: http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/

The only sure way to prevent unwanted root access to your system is by simply enabling File Vault’s full disk encryption (not home folder encryption!).


TrueCrypt - recently there was a fundraising campaign - http://www.indiegogo.com/projects/the-truecrypt-audit - to audit the source code - http://istruecryptauditedyet.com/

Operating Systems Supported for System Encryption - http://www.truecrypt.org/docs/sys-encryption-supported-os - only Windows


Regarding BitLocker:

  • http://www.reddit.com/comments/1m773a

enter image description here

  • https://twitter.com/obs3sd/status/366218010727424000

enter image description here


Why am I allowed to access protected Windows files when I boot Ubuntu from USB?

There is a car (hardware). But you happen to swap all the electronics (operating system). Now you have access to engine, steering wheel, indicators, lights and electronics itself, allowing you to wipe out other, already existing, operating systems.