Banking through Live CD Vs. HDD Install

For discussions about security.
Post Reply
Message
Author
snayak
Posts: 422
Joined: Wed 14 Sep 2011, 05:49

Banking through Live CD Vs. HDD Install

#1 Post by snayak »

Dear All,
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'.
Why "Live CD" way for Puppy is better than "HDD Install" ?

I didn't understand, why a bootup disk is better?
In both cases we are using the browser...


Sincerely,
Srinivas Nayak
[Precise 571 on AMD Athlon XP 2000+ with 512MB RAM]
[Fatdog 720 on Intel Pentium B960 with 4GB RAM]

[url]http://srinivas-nayak.blogspot.com/[/url]

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

Modifications to the operating system, including programs that run secretly in the background to monitor your keystrokes and report back to the mother ship, are automatically saved on the hard disk when you run an operating system from a hard disk. This is what installing a program does: modify the operating system files on the hard disk. Therefore if you pick up some malware from the interweb, it will "install" itself into the operating system and be saved on the hard disk drive. It will be there every time you boot, running in the background, doing its hidden evil. :twisted:

However, if you boot from a pristine Puppy CD and then pick up some malware while cruising the tubes, the bad program has nowhere to store itself. It can only run until you shut off the power, at which point it disappears from your computer. If you are running Puppy with a Save file on a hard disk or USB stick, then the malware may be automatically saved in the Save file without your knowing it and come back to haunt you the next time you boot. So the trick is not to have a save file at all, or to configure Puppy so it only saves if you tell it to, as a multisession DVD does.

snayak
Posts: 422
Joined: Wed 14 Sep 2011, 05:49

#3 Post by snayak »

Dear Flash,

Many thanks for your explanation.

I understood the fact.

Two doubts arose.

1.
... if you boot from a pristine Puppy CD and then pick up some malware while cruising the tubes, the bad program has nowhere to store itself. It can only run until you shut off the power...
If this is the case, we still face the problem caused by the malware, because it runs in ram; it will be able to send the keystrokes for password. How bootup CD then helped doing bank transactions safer?

2.
...or to configure Puppy so it only saves if you tell it to...
How can we configure puppy to save only when we say?
How shsll we be able to know if we are really saving good things and not saving any malware?

Sincerely,
Srinivas Nayak
[Precise 571 on AMD Athlon XP 2000+ with 512MB RAM]
[Fatdog 720 on Intel Pentium B960 with 4GB RAM]

[url]http://srinivas-nayak.blogspot.com/[/url]

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#4 Post by Flash »

snayak wrote:Two doubts arose:
1.
... if you boot from a pristine Puppy CD and then pick up some malware while cruising the tubes, the bad program has nowhere to store itself. It can only run until you shut off the power...
If this is the case, we still face the problem caused by the malware, because it runs in ram; it will be able to send the keystrokes for password. How bootup CD then helped doing bank transactions safer?
You boot from the CD or multisession DVD and do your banking transactions first, before you go to any other website. This applies also to installing programs and saving them on the multisession DVD. Go straight to the Puppy repository and do it before you go anywhere else online.
2.
...or to configure Puppy so it only saves if you tell it to...
How can we configure puppy to save only when we say?
The simplest way, and the only way I've personally used, is to run Puppy from a multisession DVD. Read the threads here if you want to know how.
It is also possible to configure Puppy not to save unless you tell it to if your Save file is on a USB flash stick. I've never done it, so you'll have to do some research in this forum to find out how. I think later versions of Puppy offer that option somewhere in the Menu.
How shsll we be able to know if we are really saving good things and not saving any malware?
Good question. :lol:

Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

spot

#5 Post by Wognath »

Flash,
Forgive me for bringing this up again...lots of discussions, but I get confused. :? How effective is running the browser as spot to inhibit installation of malware? (frugal hard disk install) Thanks.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#6 Post by Flash »

Beats me. All I can say is, I've never done it and as far as I know I've never picked up anything. :)

By the way, here's how to stop a frugal install from saving until you tell it to.

snayak
Posts: 422
Joined: Wed 14 Sep 2011, 05:49

#7 Post by snayak »

Many thanks Flash,

I am grateful for your help and suggestions. I am too convinced. Non-root mode is truly not more secure. Irrespective of the mode in which we are running, a virus may come through browser and simply sit in home and send the keystrokes. Is non-root mode going to deny the virus from sitting inside /home/xyz folder? What can be more worse than stealing all our bank balance? In which other cases we need security?

I too came across great posting of 666Philb, here is my post appreciating his posting.
http://www.murga-linux.com/puppy/viewto ... 373#662373
he has put some idea over there. I have some ideas and suggestions.
Quote:
Puppy booted live with a cd and pfix=ram is more secure than any installed operating system.

This is also true. To know how to play safe, http://murga-linux.com/puppy/viewtopic. ... 292#662292.

Quote:
Even booting a frugal that is on the harddrive or on a usb, all it takes is to check the md5 of the puppy.sfs to be as certain of a pristine OS as with the live CD.

This is what I am missing and may be everybody missing. I mean, we need to have this automatically done.
Booting with pfix=ram and checking the md5 of the puppy.sfs to be certain of a pristine OS is a great idea and replaces the tension of having a CD.

I think, it shall be great, if there can be a icon on puppy desktop, clicking on which, will automatically reboot the system and boot the system with pfix=ram and check the md5 of puppy.sfs and if found to be good, take us to a safe banking environment/desktop and open the browser, where we can immediately do the transaction. Once we are done, we can close the browser and click on another similar icon on new desktop which can reboot the system back to original desktop from where we have come(i.e. boot with pfix=sda and savefile).

Looks like a dream, but I think, it wont be impossible since we are in root mode. I have also seen, one pfix=ram comes by default in grub4dos menu when we do frugal install. The biggest question is how can we do this arrangement? Any idea/help?

I feel, this can remove the headache of dealing with CD, yet getting the blessings of safe environment, where root shall not be hated so much!

Any loophole here?

Won't it be good? I think this would be lot easier to operate for novices (like me?).


Sincerely,
Srinivas Nayak
[Precise 571 on AMD Athlon XP 2000+ with 512MB RAM]
[Fatdog 720 on Intel Pentium B960 with 4GB RAM]

[url]http://srinivas-nayak.blogspot.com/[/url]

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#8 Post by greengeek »

Puppy booted live with a cd and pfix=ram is more secure than any installed operating system.
This is not necessarily true. If you compare a live CD which has been configured to contain an insecure browser, and an installed operating system that has all necessary security updates fitted, then the live CD can definitely be the least secure of the two.

As you have suggested it is possible for an insecure browser to act as a portal for someone to grab your password information. Even in live session.

And of course, there is no mechanism to prevent a live CD from containing a script that runs after startup and opens up a port and/or hidden program that sends data from your current session without you knowing anything about it.

It comes down to who you trust and how much you trust them. I have used many puppy live CDs and realised afterwards that I had absolutely no idea about the motivations/abilities of the person who assembled that particular version of puppy.

Puppy has a significant advantage in the sense that it tries to be small and lean - so that increases the likelihood of suspect code being detected during the testing phase. But it does not guarantee it. Live sessions are a very good protection, but not foolproof.

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#9 Post by amigo »

Horrah, greengeek! As you point out, bad things can happen at any time. The folks around here tend to think they are 'safe' because they can simply reboot and have a sane system again. This entirely ignores what happens just after you are infected -before shutting down.

And being root is certainly less safe that ruuning as an unprivileged user. It is true that any malware can easily have power over your files in $HOME and may also install and run some malicious code from there -even browser cookies can execute some dirty tricks. But, when running as root, then malware potentially can do much more -like installing a rootkit -which can begin running right away.

Running as root means your machine can easily become part of a botnet which spreads spam or child-porn or any other unscrupulous activity. If you don't mind any of that, well just keep on browsing as root...

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#10 Post by Flash »

Amigo, if you'll re-read the first few posts you'll probably find that this thread started out to be about how running from a live CD without a save file greatly reduces the chances that a rootkit could be installed in the operating system. It is possible that a rootkit could have snuck into the Puppy iso, but that is far less likely than that someone would pick one up on a website somewhere. Rebooting Puppy from a CD without a Save file would get rid of any malware that might have been picked up from the internet during a session.

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#11 Post by amigo »

What I'm saying is that while you are browsing or whatever as root, a rootkit can be 'installed' and start working from the moment of infection. The fact that it doesn't really get *installed* to a writable drive means that you won't still have it when you *restart* your system, but for the moment you are already infected.

rootkits usually involve a kernel module which must be insmod'ed to be used. insmod is one of the many tools which a normal user should not, and usually cannot run.

Other malware can write to the BIOS memory and that change would certainly be present when you reboot. Again, a normal user (or malware running with a normal users permissions) should not be able to do that.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#12 Post by jpeps »

From what I've read, writing to BIOS requires correctly targeting the specific model/version, so while possible is probably unlikely.

For frugal installs, these are good arguments to turn off automatic saves. Personally, I don't run my browser in root, but to each his/her own.

postfs1

#13 Post by postfs1 »

Iptables = an opportunity sometimes to close some door for different users of one Operating System.

Iptables = an opportunity sometimes to close some door for different programs of one Operating System.

Also this thing(or something like this) is important Image
environment: all other users are protected by good passwords(if a function to login/logout exists for user), some users were deleted

Code: Select all

history -c >/root/.history ; printf '\ec'

Code: Select all

history -c >/root/spot/.bash_history ; printf '\ec'

postfs1

Re: Banking through Live CD Vs. HDD Install

#14 Post by postfs1 »

snayak wrote:...

Why "Live CD" way for Puppy is better than "HDD Install" ?
...
Some user can have one version of Operating System onto different types of Compact Disks which were created by different manufacturers, what is cheaper at comparing with HDD system. Scheme of checking the integrity of Compact Disk is not complicated.

Post Reply