I'm sure you'll get a mix of replies on this one. I'll keep mine simple.

If those are the only two you're looking at using, setup a dual boot. Reason being (and it's been pointed out in other posts) is that you may not get the same result from using a VM to perform the tests as you would from actually having the OS on the wire.

This will be interesting as far as replies and pseud0 has good advice.  If you are just testing security from the "inside" it really doesn't matter.  You can run some effective scans from windows from the inside. I mean if you are using vulnerability scanners like Nessus or GFIlanguard.   If you dont know linux well, learn the basics of it before you start incorporating it into your "toolbox".  Backtrack is vulnerable to being hacked if you dont know how to harden it. That would be ironic if you think about it,lol. 

On the other hand, if you want to hack from the outside, well then use linux.  My opinion is Backtrack is a great learning tool for tools. But for a serious attack OS, you should compile one yourself.  Its not hard and you will learn much more if you take the time.  Remember there are 2 different attacks we usually see. Internal or external. If you are just testing your internal network, well there are great programs for both linux and windows. If you are trying to hack from the outside, in my humble opinion you should lean to use  linux and that does not mean Backtrack.   Again, Backtrack is an awesome source of tools and a first class way of getting your "fingers dirty" , but as you grow you should learn how to make your own attack OS.  Thats my 2 cents.

For someone new to Linux, I recommend Ubuntu.  This distro has so much support and you will find that most tools compile with little or no problem.

Try installing Kismet. If you can do that, you will find other tools much easier for the most part.  One caveat I would mention about Ubuntu, if you have installed it and you are attending a hacker convention, just lie and say you are using Gentoo, lol. 

For people willing to put together their own attack OS, would you recommend starting with something that has already been made (such as Ubuntu), or something like LFS (http://www.linuxfromscratch.org/) and make it all from source??

I've been using precompiled distros (BackTrack, nUbuntu, Helix, Knoppix STD, Gentoo, Debian, etc.) for a long time, and I am intereted in putting together my own pentesting OS.

Who else has put together their own attack/pentesting OS, and how did you do it?

For my two cents worth.

I've tried setting up a dual-boot MS-?/Backtrack machine on a number of occasions and never same to get that much benefit from it. If your primarily a windows person than just boot backtrack from the CD.(or other, I personally like knoppix-STD although it doesn't seem to be developed as agressively as BT)

This way you get all your usual OS for day-to-day and your Linux tools when necessary. Only time I would consider running BT in a VM is if your trying to study/experiment during quiet moments at work and still need your primary system for 'work'  .

On the build your own side, again I've tried this several times (actually intend to start again...) Previous attempts have been made using Kubuntu and usually end up with me removing something vital whilst trying to get rid of the fluff I'm not interested in. In an attempt to start small, but still gain the advantages that come from the [k]ubuntu/Debian family I'm intending to start with a base install of Debian and build my system from the commandline with the apt system.

But ChrisG may have just thrown a spanner in my plans as a quick look at the Pentoo site makes me think it may be worth investigating further....

I feel having a good understanding of linux is still an important skill for a hacker. The best way is to install a distro and begin installing tools and drivers and rebuild the kernel if need be.  Backtrack is great to get a quick feel for the tools and if all a tester desires  to be is someone that just runs a series of tools that are on a pre-compiled CD then thats fine. But why limit yourself to that? There is going to be a time when you want to write your own tools or tweak the ones you are working with.  Linux is a very customizable OS which is important in this ever changing environment. And as far as running live CDs, most pentesters I know don't do that. Even the creators of Backtrack don't use it like that. Muts told me himself he likes to run it from a hard drive install.  I guess it really all comes down to how far you want to progress as a hacker.  If you are an over worked Admin that has mostly a windows background and just want to fire off a few tools to check your network, then by all means just run something like Backtrack. On the other hand you want to try and develop yourself into a first class hacker, take time to learn linux inside and out.