Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do you protect your laptop against usb-sticks that can inject malware or usb-sticks filled with software that can extract information from your laptop?
I think the most important step is to not run anything on the stick or attempt to open any files unless you know what the files are. Things like pictures and documents are known file extensions, so opening them should be with the standard, known means to view or edit those types of files.
That is not what I mean. Seen this on television: burglars get into the house and attach USB-stick to computer and with a script on this USB they were able to download valuable information to it.
This was not a movie. This was a documentary on how to break into somebody's house.
If the burglar is in your house with physical access to your computer, then they have easy access to all unencrypted data on your computer. For example: Boot computer with Live USB of any Linux distro, mount your hard drive, copy your data.
Strong encryption is probably the best solution for your particular scenario.
But you can also set up your laptop with the equivalent of a "BIOS password" and to set it up so that it will not boot up from another device without entering such a password.
Also: "ummm, the much-maligned UEFI," which has been bantered-around in these parts as "Microsoft trying to take over the world?" Yes, this is exactly the sort of vulnerability (among others) that this layer of software was designed to prevent. It enables the firmware (once called the "BIOS") of your computer to recognize which operating-systems it should and should not boot from.
Also remember that "scenarios that you see on a television program" may or may not be realistic scenarios. When deciding what to "defend against," you should be pragmatic and a bit skeptical. Quite frankly, I'd expect a thief to steal your computer (and any other potentially-"fence-able" valuable-looking thing in the room), rather than plant malware on it.
Last edited by sundialsvcs; 11-07-2016 at 08:31 AM.
Having numerous computers. Numerous motorcycles, Numerous Bicycles. Numerous period. Plus living on the Mexican Border.
I find visiting the local dog pound and rescuing a dog off of death row. Has been the best type of security for
Quote:
That is not what I mean. Seen this on television: burglars get into the house and attach USB-stick to computer and with a script on this USB they were able to download valuable information to it.
This was not a movie. This was a documentary on how to break into somebody's house.
The sensible thing to do with a laptop is to encrypt /home. Burglars are more likely to be interested in stealing you laptop for resale, but financial information would be a bonus.
Physical access is generally the most difficult to defend against. I think I've seen some of the newer systems have ways to disable usb in password protected bios.
Kind of one of the promises of uefi that devices would have greater control in bios or devices would only be available to the OS by settings. Not sure how well all those promises do.
Easy solution - encrypt your drive and leave the machine shut down when you're not there. Nothing else will keep an intruder with physical access to your computer from getting your files. Not UEFI, not disabling USB, not a super-glued USB port. All those will do is slow them down a few minutes at best.
"Better yet, put your (thank you... pound rescued ...) dog in the foyer of your house, so that s/he might simply eat the would-be intruder . . ."
Can't argue with that plan. Not only does it keep your laptop safe, but it also helps to keep others that the intruder would have preyed upon safe. And cuts down on your dog food bill.
All of my machines' storage is encrypted. Non of them auto mount USB either. I'm also in the habit of locking the screen when I leave the room for a while.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.