LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-27-2007, 05:00 PM   #1
Miah
LQ Newbie
 
Registered: Apr 2006
Posts: 20

Rep: Reputation: 0
surfing w/o harddrive using knoppix, secure?


I am going to try surfing web with no anti-anything software.

I'm planning on removing my hd, running knoppix from a usb pen drive, downloading to a second pen drive.

Anyone see any problems?

I will erase the usb knoppix after

Thank you if you respond!
 
Old 02-27-2007, 06:14 PM   #2
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Not wanting to scare you but the most ingenious virii do not install one thing on the harddisk, they stay in RAM as long as the machine is on.
You want to run it from a usb key rather than a harddisk. What's the difference? You can also wipe out your harddisk everyday if you have some time to waste...

Or maybe your talking of a writeprotected stick, which is like running it from the CD?
In this case, no file will be altered ok. No write possible..
Still your personnal information (from your 2nd stick or whatever writeable storage including RAM) can be extracted/modified
And your machine can still be used as a relay to attack others.

In theory, I'm not sure there is an advantage of such system.
In practice, unless you have some very interesting information on your system, most people only get hit by automated tools (with no AI behind) and they might fail with your setup if write access to / is disable.
If also you are sure that your second usb stick cannot run binary (by using special mount options) then it will be impossible for the attacker to leave a backdoor so that he comes back later if you have patched the first breach.

Being paranoid a bit?

Last edited by nx5000; 02-27-2007 at 06:15 PM.
 
Old 02-28-2007, 10:35 AM   #3
Miah
LQ Newbie
 
Registered: Apr 2006
Posts: 20

Original Poster
Rep: Reputation: 0
Thank you for responding, nx 5000. Often I'm too cryptic because I'm at library (time constraints).

I dislike intrusiveness of Norton etc. When new Norton was installed at my library everything slowed down.

Also I'm too "thrifty" to pay Norton etc. I'd rather buy linux CD's and hardware.

You have shown me an advantage to running Knoppix from ROM CD, I was thinking mainly of speed with the usb stick-and the freed up cd drive.

I want to remove my hd to save and protect my OS's and applications-don't want to wipe my quadruple boot setup!

I am not sure my 2nd stick cannot run binary-any tip on where to look for the mount options you referred to? Also, what does "with no AI behind" mean?

My concern is that I will pick up something bad in the download stick and bring it back to my desktop. My plan is take a laptop to a wireless internet cafe, remove my quadruple boot hd, surf with knoppix,download to 2nd usb, power down (RAM), erase knoppix usb, and bring home info to install on my desktop.

My desktop is not online so my usb stick is the only way in. I guess maybe I am paranoid-but that doesn't mean "they" are not out to get me!

Thanks again! Miah in Maine.
 
Old 02-28-2007, 12:20 PM   #4
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Quote:
I am not sure my 2nd stick cannot run binary-any tip on where to look for the mount options you referred to? Also, what does "with no AI behind" mean?
man mount:

Quote:
nodev Do not interpret character or block special devices on the file system.

noexec Do not allow direct execution of any binaries on the mounted file system. (Until
recently it was possible to run binaries anyway using a command like /lib/ld*.so
/mnt/binary. This trick fails since Linux 2.4.25 / 2.6.0.)

nosuid Do not allow set-user-identifier or set-group-identifier bits to take effect. (This
seems safe, but is in fact rather unsafe if you have suidperl(1) installed.)
In fstab, you should have these options set for your usb stick.

AI=Artificial Intelligence

Norton? Yeah a bit intrusive
I would tend to say a bit useless from what I have seen compared to other antivirus but some like it, some are forced to buy it with their new PC.

Anyway, I dislike antivirus because it's not a sure science and it's always possible to debug the antivirus to find its weakness.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why doesn't knoppix 3.9 read my harddrive? spw100 Linux - Hardware 5 10-24-2005 10:36 PM
Having a secure online harddrive bignester Linux - Software 5 09-12-2005 03:50 PM
How can i install Knoppix to my Harddrive? Jengo Linux - Newbie 1 09-02-2004 12:34 AM
Knoppix - install to harddrive smaida Linux - Software 8 06-11-2004 12:20 AM
knoppix harddrive install porous Linux - General 5 10-20-2003 01:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration