If someone figures out my ip address (or any other way to get on the computer and sends a RAT to my computer and I am using a livecd, can a sophisticated RAT get onto my livecd (ubuntu/ linux)?

2... is there a linux version for livecd's that makes it harder for a RAT to get on the computer?

sidenote: in the past, when a RAT from this particular person got onto my computer, everytime it would install an ALTERNATIVE OS. Can an alternative os be put on my computer if the rat got onto the livecd?

If i am using a livecd but have the win os as the main host on the computer, is the win os still vulnerable to a RAT attack if someone knows my ip address even if i am booting from the livecd?

If yes, what would i have to do to shut-off the win os so that it is not a vulnerability while using the livecd?
thanks

I heard that you can check the livecd to see if there is a RAT on it. How would you do this?
thanks

You would have to mount the Windows partition to do any thing to any files on it during a Linux LiveCD session disc.
So, you'd have to intentionally want to mount it to accidentally trash it.

Please do not post the same question more than once, your other question has some better details so I'm recommending this thread by closed.

You are repeating variations of the same question on multiple threads in this same forum. Please do not do that, it will cause a lot of confusion.
http://www.linuxquestions.org/questi...at-4175592109/
http://www.linuxquestions.org/questi...at-4175592112/

The only way anybody can install software on your machine is if you help them.
If you don't want other people installing software on your machine then don't visit dodgy websites*, open email attachments or install software from unknown publishers.
As mentioned above, with a live CD you would also have to help the person install the software on your Windows partition by mounting it for them.

*Yes, OK, this is a little tricky but looking into things like NoScript nad AdBlock Plus can mitigate the risk for more general browsing.

thanks. I heard that if someone is personally targeting you and they know you are using ubuntu linux, for example, they can create a RAT specific for this OS.

So you are saying, basically, even if they did this, the RAT still wouldn't work during a livecd session? Secondly, I think i asked this question in another thread but if you know, how do you check the livecd to see if there is a RAT on it?

I appreciate the help for a novice!

RAT means Remote Access Trojan, right? The keyword here is "Trojan". A trojan is something that looks like legitimate software, that you install but in fact it is a fake version that includes some sort of backdoor.

The big question is how the attacker fools you into thinking this is legitimate software, and gets you to install it. The typical way you install software on Ubuntu, whether it's booted to a LiveCD or a permanent install, is via Ubuntu's package management system. This downloads software from Ubuntu's servers on the Internet. The URL addresses it accesses are defined by /etc/apt/sources.list, rather than by you going and finding some software out there to download (the way most software is downloaded/installed in Windows).

This makes it far more difficult for an attacker to somehow fool you into downloading and installing fake software. You never actually go out and download it yourself, you let the package management system download it from Ubuntu's servers.

However, that still leaves some potential lines of attack. If the attacker controls the internet infrastructure between you and Ubuntu's servers, it is possible for the attacker to fool your computer into thinking it is communicating with Ubuntu's servers when it is, in fact, communicating with fake servers. This is...well it's an interesting challenge for the attacker to pull off. It not only needs to control internet infrastructure, the attacker needs to fake the web site signing certificates. Not saying it can't be done, but we're talking State level resources to do so (does Vladimir Putin personally hate you?).

OTOH, there is a non-zero chance of there being another security flaw out there like the infamous Debian openssl random number generator bug.

n/m. Sorry.

That depends. Do you think that the distribution creator wants to spy on you? If so, then don't use that distribution as there's no (practical, easy, one-size-fits-all) way to detect that -- you have to trust your OS at some point. If you merely want to make sure that the OS image you are burning to CD is the correct one then you use the hash, Ubuntu's website shows how this can be done.

Like rtmistler said: please do not post the same question more than once.
*I've merged your threads and I've merged respective initial posts...

The malware would have to be specially crafted for live CDs.. If you use a CD-R which is only readable and not writeable you should be fine..

Optimally, I would like to just use the livecd for email and surfing only. Let's just pretend there is no downloading needed.

It seemed like the posts above referred to downloading and not trusting the server where the iso image is downloaded from. Let's say the iso image I download fits the hashtag - so its good. And I don't download anything - just surf and open emails.

But I'm using some sort of wifi device with a pka2 (whichever is most secure) - 40 character password with symbols, letters, numbers etc which has never been hacked before by anyone anywhere - according to many people. I am guessing that if they can figure out my ip address or some other unique identifier (imei # or sniffing packets or something), they can send a RAT to my computer. This is what I am worried about the most. Let's just say that they are able to figure out my mac or ip address, etc and they send a RAT to me.

If I am using a Linux livecd - will it work? I don't understand/ know anything about "infrastructure" so I can not see how it applies here, sorry.

I deeply appreciate the help! And yes, someone from Russia is trying to hack onto my computer, but they live locally, believe it or not!
Thanks again!!

I shall repeat: Nobody can install something onto your computer without you allowing* them to. They cannot put anything on your computer just because they know your IP address quite apart from the fact that you're probably behind a NAT you won't likely have any service ports open and those ports you may have open likely just won't accept connections.
People cannot simply install software on a given remote computer without having already installed something while sitting next to it or the help* of the person running the remote computer.

*This help may be inadvertent by, for example, sending a link to a malicious website or a program disguised as something else.

Is there some specific reason you are only concerned with a Remote Access Trojan? As a trojan, it is not something that someone would "send" to your computer. Instead, it is something you download and install. This might be done manually, if someone fools you into downloading and installing something. Or it might be done automatically, if there is a vulnerability in a web browser or Flash plugin that lets a malicious web site or advertisement download and install something onto your computer (this is mainly a problem with Windows). But even in that case, it's not something that is "sent" to your computer. It's something that you inadvertently pull from the malicious web site by going to visit it.

If there is a particular local individual who is trying to hack onto your computer, then you should be concerned about other things, like physical security of your computer, securing your passwords, and keeping your software patched up to date. An individual is unlikely to have the resources to control internet infrastructure, so you don't have to worry about that.

The most common way that RATs (remote administration tools) get transferred is through phishing email scams, drive by downloads, or downloading stuff from unfiltered user supplied content like drivers (and drivers have most of the same permissions as the kernel). From there their able to install fully undetectable (FUD) remote administration tools & root-kits. FUD is when is hides the malware processes from the task manager. A task manager's job is to request info from the kernel about all processes running (unless theres a root-kit installed which would then redirect those requests to itself) So essentially root-kits make it so processes can be hidden from security software like antivirus. You can often use specialized software like rkhunter to attempt to get rid of root-kits.
So just becareful what you click on, download, and sites you visit. Using a terminal based browser like Links can decrease some of these attack vectors, and since LiveCD's run in RAM (which means everything goes away after every reboot) that should be decent..