I have specific needs for a live OS

For discussions about security.
Message
Author
Sideshow Todd
Posts: 6
Joined: Sun 14 Nov 2010, 20:43

I have specific needs for a live OS

#1 Post by Sideshow Todd »

This post explains why I need a live OS and my requirements and qualifications for a live OS must meet.

I travel and work during the summer from June to October. I must email my family or post to face-book. I don't have a laptop and couldn't carry one anyhow, so I must use public computers: hotels or libraries.

Hotel computers are a risk, for they -more times than not- lack proper security restrictions: such as lags in security updates for the OS and anti-virus, improper firewall settings (if it has a firewall), or they leave the entire C drive accessible to any tom dick, or harry, giving anyone the opportunity to install malware for there own purpose, criminal or otherwise. My my user-names and passwords are in jeopardy. And then there's the privacy issue too.

Sometimes Libraries can lack security sensitivity too, but not so much as many hotels.

And then there's those damn firewalls that I sometimes get caught behind. Sometimes the restrictions are so strict that I'm lockout of legitimate sites. Sometimes I can't chat with my family on face-book. Sometimes I can work around the filters and firewalls, but sometimes the admin knows what he's doing - giving me no hope of bypassing the restrictions.

The qualifying live OS candidate is as follows:

1. The live OS must be able to run entirely in its own environment on a USB. NOTHING must be left on the hard drive that I'm leaching from, not even swap files. I don't want Puppy to touch the local drives or the OS - unless I want it to. Except the UBS thingys that must be use to reconize the Flash drive - of course

2. The USB live OS must be reliably bootable on MS Windows XP, Vista, Windows 7 and Linux.

3. I must be able to use a locally ran VPN. Sometimes all security measures are run on the server side.

Yes or no. Does Puppy meet my qualifications? Is Puppy going to be reliable?

PS. My stick will be 8Gb....surely roomy enough for the job. Yes? But I'd rather go with a smaller stick, but if it's in a contained environment and must use swap files, I'm not sure if I dare go lower.

User avatar
trapster
Posts: 2117
Joined: Mon 28 Nov 2005, 23:14
Location: Maine, USA
Contact:

#2 Post by trapster »

"NOTHING must be left on the hard drive that I'm leaching from"
This is comforting.
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#3 Post by noryb009 »

Puppy Linux doesn't touch the hard drive at all, and should be bootable on most computers (unless the BIOS is password protected).

1. Yes. Puppy leaves nothing on the hard drive(s)

2. As good as it can get. You can look for a "Press key to select boot medium" (or something like that at startup), and select the USB from there, or change the BIOS (most places don't bother with a password).

3. I'm pretty sure, someone else might be able to answer this better.

And 8GB is plenty, you only need 1GB or so. Also, I would stay away from a swap on a flash drive, because flash drives have limited writes. It would be hard to find a public computer with less then 1GB of RAM now a days, but you can create a swap if puppy crashes because of RAM.

Sideshow Todd
Posts: 6
Joined: Sun 14 Nov 2010, 20:43

Problem

#4 Post by Sideshow Todd »

Can't I run puppy with have to reboot and shut down MS Windows? Can't I simply run from the stick.

This presents a problem because when I'm at a public library I won't be able to restart windows because most of the time a password is need load MS Windows. I think the librarians will be looking at me crossed eyed.

What I need is to go to node, plug the stick, and fire up Puppy without having to shutdown MS Windows. That is: run in the stick over MS Windows, like a shell. Can Puppy do this? Then I'll need not be bothered by a password protected BIOS either.

And 8GB is plenty, you only need 1GB or so. Also, I would stay away from a swap on a flash drive, because flash drives have limited writes. It would be hard to find a public computer with less then 1GB of RAM now a days, but you can create a swap if puppy crashes because of RAM.

You say that Puppy doesn't touch the MS Windows hard-drive. This means that's there no swap-files used or needed?

Seems like that Puppy would have problem on occasion with no virtual cache.

P.S I was ignorant of the limited number of writes of a flash drive....until you came along.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#5 Post by Flash »

I can't see any reason to help someone abuse a service that my taxes pay for. What are you up to, Todd?

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#6 Post by noryb009 »

Puppy can run in windows, but it wouldn't be able to do much. (virtual box on a USB, for anyone wondering)

In a virtual box, there will be no protection against key loggers or other things, though. Your best bet is to use it only at hotels, and windows at libraries.

rokytnji
Posts: 2262
Joined: Tue 20 Jan 2009, 15:54

#7 Post by rokytnji »

What I need is to go to node, plug the stick, and fire up Puppy without having to shutdown MS Windows. That is: run in the stick over MS Windows, like a shell. Can Puppy do this? Then I'll need not be bothered by a password protected BIOS either.
It is not Puppy that is not capable of doing this. It is more of a Question of if The Windows Operating system is capable of doing this. And no library computer has Virtual Box installed in Windows that I know of in my small town. And doing a Virtual Box install of Puppy in Windows in a Library is pointless and wrong. I run AntiX live persistent pen drives and Puppeee persistent frugal pendrives. If one can't access bios ,"password protected", (which most public computers are) then neither of my pendrives will boot unless pendrive is placed first on boot order. Same, Same, with Live CD.

So your way of wanting to do this is not possible in the least. Not a Linux thing. It is a Windows/bios thing.
I must email my family or post to face-book. I don't have a laptop and couldn't carry one anyhow
http://www.mwave.com/mwave/skusearch_v3 ... ntel%20Cel

It runs Puppeee and AntiX and fits in my Motorcycle Vest Pocket (Jean jacket with sleeves cut). Charger to. Works at all free wifi hotspots also.
Just pointing out a alternative since your way probably won't work. You'll be locked out of bios to change boot order to pen drive.

My above suggestion gives you a nice 9" netbook (I have a Asus 900 and a 701SD". It is small and light and easy to transport. You can keep XP on it. You can make a 8 gig Puppeee Pendrive that will boot off of it and everything work out of the box. It will save changes also. You can change boot order by hitting the Esc key. I did a dd on my 701SD (using PUDD in Puppeee) and used 8 gig pendrive to store XP Image. I run Antix internally on my EEEPCs. But I also have a 4 gig SD flash card that runs Puppeee Frugal on both units.

Up to you though.

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#8 Post by Pizzasgood »

Yep, sorry. The only way to be absolutely certain that the existing OS isn't snooping on you is to shut the computer down and boot from your own OS. And even then, it doesn't guard you against hardware keyloggers and such. And don't think that would be overly paranoid. They're very small and simple. Also, in many cases it would be more reliable to drop in a hardware keyboard logger than to try to get administrator access to install a software-based one. Basically, they would just have to unplug the keyboard, plug the keyboard into the keylogger, and plug the keylogger into the port the keyboard was plugged into. A few hours/days later they come back and take it out, and read back the captured keystrokes at their leisure. No amount of software security will protect you from something like that.

(EDIT: Well, I guess you could use a virtual, mouse-operated keyboard to bypass keyloggers. Random snoopers aren't going to bother recording the mouse, since it would be much more difficult to get any useful information that way (though a targeted attack against somebody like a CEO or politician might consider it worth doing - in which case having the software keyboard rearrange the keys randomly every couple minutes would kill that method as long as there are no cameras around to record the screen.))

So you would definitely be better off with your own netbook. Then you only have to worry whether the internet connection is secure, except that you actually don't, because there is No Such Thing as a secure internet connection, so there isn't much point... (In other words, unless you are using end-to-end encryption (ssl, ssh, encrypted vpn, gpg, etc.), assume that bad guys will read any data you send out over the net no matter where you are connected from, even at home.)

Also, if you happen to have reason to believe you are being targeted (you run a big company with fierce competitors, for example, or are the governor of a state), I wouldn't trust ssl either. I haven't really researched this, but my impression is that it is insufficient for satisfying the level of paranoia that should be held by people in such positions. Probably not a concern for the average Joe - but then, I'm no expert.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

Sideshow Todd
Posts: 6
Joined: Sun 14 Nov 2010, 20:43

#9 Post by Sideshow Todd »

Yep, sorry. The only way to be absolutely certain that the existing OS isn't snooping on you is to shut the computer down and boot from your own OS. And even then, it doesn't guard you against hardware keyloggers and such. And don't think that would be overly paranoid. They're very small and simple. Also, in many cases it would be more reliable to drop in a hardware keyboard logger than to try to get administrator access to install a software-based one. Basically, they would just have to unplug the keyboard, plug the keyboard into the keylogger, and plug the keylogger into the port the keyboard was plugged into. A few hours/days later they come back and take it out, and read back the captured keystrokes at their leisure. No amount of software security will protect you from something like that.

(EDIT: Well, I guess you could use a virtual, mouse-operated keyboard to bypass keyloggers. Random snoopers aren't going to bother recording the mouse, since it would be much more difficult to get any useful information that way (though a targeted attack against somebody like a CEO or politician might consider it worth doing - in which case having the software keyboard rearrange the keys randomly every couple minutes would kill that method as long as there are no cameras around to record the screen.))
Reply: I was that Puppy doesn't touch the Host computers drive....though
the swap is use, thus leaving behind.....

So, if I'm running from Puppy, with of course
have it's own keyboard drivers, and I'm not
using the MS Windows system (except for the swap),
then how could any spyware log keystrokes or any other a activity? Doesn't make sense to me, unless I'm missing something.

I can't see any reason to help someone abuse a service that my taxes pay for. What are you up to, Todd?
Reply: Perhaps you didn't read the thread starter closely enough. I want to protect my user-names and passwords. And I want to bypass annoying local firewalls that filter sites and apps I need.

And to search and look at naked pictures of your mother.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#10 Post by Flash »

Uh huh. That's what I expected.

I'm pretty sure that if you're caught doing what you want to use Puppy for, you'll be kicked out and told never to come back. There is a reason why libraries and other public places don't want you doing what you want to do: even if you don't misuse their computers, once you show others how, someone will. That much has been proven beyond doubt.

Sideshow Todd
Posts: 6
Joined: Sun 14 Nov 2010, 20:43

Zooooom Woooooooosh over the head

#11 Post by Sideshow Todd »

The last post being my premise to support my hypothesis - I believe that I can be reasonably sure that you can't quite grasp the consent of humor and sarcasm....that you take yourself way to seriously.

First, it's impossible for me to view porn at any library, for the computers are always in plan view of the staff and the general public.

Two, most libraries have a time limit that restrict me from wasting much time, if any. More times than not, I've barely enough time to fire off my emails and check my facebook page.

In short, I assure you that my actions are quite legitimate.










P.S. Your mother is smoking hot, Dude!

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#12 Post by Flash »

I can see that your actions are legitimate.

Bruce B

#13 Post by Bruce B »

Puppy Linux doesn't touch the hard drive at all, and should be bootable on most computers (unless the BIOS is password protected).
In many cases depending on install type or lack of, Puppy will mount and
search each partition looking for Puppy parts.

User avatar
jemimah
Posts: 4307
Joined: Wed 26 Aug 2009, 19:56
Location: Tampa, FL
Contact:

#14 Post by jemimah »

Unless the proxy is lame and entirely client-side, you won't be able to get around it this way.

You usually need to buy your own server somewhere in the cloud that's not blocked and route your encrypted traffic through there. As Pizzasgood said, your mileage may very on how well encryption will protect you, and it's no good against local hardware sniffers.

There's plenty of proxy avoidance servers on the net, but net-nanny software generally becomes aware of them quickly - which is why you have to host it yourself and tell no one.

Sometimes Tor will work for proxy avoidance - but using that may cause problems on the local network. Not recommended for the library or workplace.

moB
Posts: 116
Joined: Mon 19 Oct 2009, 11:25
Location: Coastal

Re: Problem

#15 Post by moB »

Sideshow Todd wrote:Can't I run puppy with have to reboot and shut down MS Windows? Can't I simply run from the stick.
Sideshow Todd wrote: P.S I was ignorant of the limited number of writes of a flash drive....until you came along.

Although flash media have limited rewrite, you can get what you pay for. Some are longer lasting than others. For example Steve J is moving his product line to solid-state harddrives (read 80+GB flash drives.)


Look here Portable virtualBox: http://www.vbox.me/ (It's a wrapper--so it downloads vbox and integrates the code. Vbox is installed then uninstalled at each runtime.)

Is this what you need?
Best results to you!
moB

"But quitting all these unprofessional attempts,
let us glance at those pictures of Leviathan
purporting to be sober, scientific delineations,
by those who know."
--H. Melville, Moby Dick


ps. Administrative privileges are required, otherwise use the slower qemu-based puppy.

And:
http://www.pendrivelinux.com/using-a-po ... -from-usb/

'Portable' gets the Innotek/Sun/Oracle program and wraps it.

VBox: http://www.virtualbox.org

There's an OSE version, too.

Main competition:

VMWare: http://www.vmware.com/products/player/


ps.

Google says it's time to curb Internet censorship activities
http://www.reuters.com/article/idUSTRE6AE2HU20101115

Bruce B

Re: I have specific needs for a live OS

#16 Post by Bruce B »

Sideshow Todd wrote: My my user-names and passwords are in jeopardy.
Unencrypted usernames and passwords are always in jeopardy, because they
are sent as plain text which could be captured in a variety of places. This
would typically be the case with http:// sites such as
this site.

Encrypted usernames and passwords leave the browser encrypted, even the
OS shouldn't know what it is that the browser sends. Nothing
should* be able to decrypt it except the destination. This would
typically be the case with https:// sites

Keystroke loggers I think could be a risk on any public computer of the kind
you use. But they log keystrokes. I don't think they log copy and paste
maneuvers.

Usernames and passwords can be copied and pasted.

~

* Remember we are living in the era of trustworthy computing. Which I
translate from Microsoft babel to mean - You cannot be trusted. To the
extent the OS Vendor refuses to trust us, who knows what is
possible?

~

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#17 Post by Pizzasgood »

No Todd, I understood. If you were running Puppy, you wouldn't need to worry about Windows spying on you as long as you leave no files behind (the only thing I would worry about is Puppy automatically trying to use swap - I don't know how current versions of Puppy behave in that regard, but worst case you could manually tell it to stop using swap with the "swapoff" command). You are right about that part.

The problem is that you can't run Puppy without risk unless you power down the computer and boot directly into Puppy (we're going to assume the BIOS on the computer has not been compromised).

I do believe that there is a way to get Windows to give up control and switch the computer over to Puppy without rebooting, but doing so would not be secure if you don't trust the computer. You can't be sure that Windows will completely go away if it has been tampered with (though I doubt anybody would have messed with it to that extent).

However, even if it were secure, this would hardly be better than rebooting the computer, because there would be no way to switch back into Windows from Puppy, so you would still need to reboot the computer when you were finished with it.

And no, this isn't just a matter of reversing the process that I mentioned could take you from Windows into Puppy. Running that, if it works correctly, would essentially shut down Windows without shutting down the computer. So if you did find or create an equivalent program to switch from Puppy into Windows, it would be like booting Windows, just as though the computer had been powered off.

The only way you could do what you are asking is if you had a way to save the complete state of a random Windows, switch over to another OS, and then when finished, restore the complete state of Windows, all without rebooting. As far as I'm aware, there does not exist a way to do this at all, with any OS, not just Puppy. And even if there was, the step where you switched out of Windows would need to be performed in Windows, which is a big security hole. And of course initiating the process would require administrator privileges.

Unfortunately, privacy is not always as convenient as we would like. Since as far as I'm aware what you want does not exist yet, unless you are ready to devote several years toward learning low-level OS architecture so that you could do the programming yourself, your best bet will likely be a netbook - which as I said would be far more secure anyway.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

Sideshow Todd
Posts: 6
Joined: Sun 14 Nov 2010, 20:43

#18 Post by Sideshow Todd »

jemimah wrote:Unless the proxy is lame and entirely client-side, you won't be able to get around it this way.

You usually need to buy your own server somewhere in the cloud that's not blocked and route your encrypted traffic through there. As Pizzasgood said, your mileage may very on how well encryption will protect you, and it's no good against local hardware sniffers.

There's plenty of proxy avoidance servers on the net, but net-nanny software generally becomes aware of them quickly - which is why you have to host it yourself and tell no one.

Sometimes Tor will work for proxy avoidance - but using that may cause problems on the local network. Not recommended for the library or workplace.
Good god, jemimah, you won't believe some of the lame azz security measures that some libraries employ. Many of times I've used public library computer that use firewalls/filter apps that were entirely client side.

And even more lame is those that do use server side firewall/filters, but leave the the hard drive(s) open for anyone to poke around, thus giving one the opportunity to shut the offending apps off or (if passwords get in the way) to do consul/registry hack and temperately shut the security down. Or they allow access my favorite VPN site that I use, with gives me access to any site that please me.

not for porn, as I explain in an earlier post in this thread, but so can chat on face book and to access innocent sites that are sometime block by overly strict filtration rules.

Most of the time restrictions are nothing more than a time consuming pain in the azz to get around, however, sometimes the admin knows what he's/she's doing, thus making it impossible for me to bypass the firewalls/filters.

But if I can figure all this out, then it wouldn't matter if the firewall/filters are on the server side because I'd have my own client side VPN.

REPLY TO moB: Thanx. This post has lead me down a path of thought, and I'll look more into this.


REPLY TO Pizzasgood: I'll look into moB's suggestion, but I'll use the host's swap because of the number write limitation of flash. Feel free to correct me if I'm wrong: I don't think user names and passwords would be left on the swap. I can compromise that much, for it's not like that conducting criminal acts or transmitting state secrets, or doing anything else wrong.

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#19 Post by Pizzasgood »

Any data that you input into the computer could appear in swap. Whether that's worth the risk is up to you.


Running Puppy in an emulator is a great way to be able to operate in a more confortable and familiar OS without having to reboot, but I don't think it provides very much more security. I'm no expert but I kind of doubt that running Puppy inside a virtual machine will protect you from keyloggers. I'm pretty sure that when you type the original OS will first receive the keystrokes. Then it will pass them on to the virtualization software, just the same as it would pass them on into Word or Firefox or any other program. At that point the virtualization software would cause the virtual machine in which Puppy was running to mimic having those keys pressed.

In other words, if you emulate Puppy, Puppy's keyboard drivers aren't going to interact with the physical keyboard. They will interact with a virtual keyboard, which is simulated to match the keys being pressed on the real keyboard based on the information that the real OS gives to the virtualization software. This separation between the emulated OS and the physical hardware is one of the main points behind virtualization.

The ways around that are using copy/paste as BruceB said, or to install a program (in Puppy) that makes a keyboard appear on the screen with keys you can click on, to use for anything that requires privacy (passwords, love letters, schemes for world domination, etc.).

Using Puppy inside VirtualBox or Qemu would still be a bit more secure than directly using Windows though, mainly in that the virtual Puppy would not leave any files lying around on the physical harddrive, and also wouldn't involve running potentially infected programs - for example if the computer's installation of Firefox had a malicious plugin installed, it wouldn't bother you. The main things you'd want to be worried about are keyloggers, programs that scan the RAM for informations, and people/programs who later examine the computer's swap for information. Running a virtual Puppy increases the memory demands of the system, therefor increasing the chances that swap will be used, but also increasing the amount of irrelevant stuff somebody would have to search for to find anything useful, so I suppose it's a tradeoff.

Just my thoughts, so you can make as informed a decision as possible.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#20 Post by nooby »

But would the software installed allow one to run that virtual puppy at all?
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply