From: Van Chocstraw on 16 Oct 2009 09:09 ZDNet is promoting using live Linux CD's for banking, finance and email internet activity. Spyware, phishing, keyloggers and viruses can't write themselves to your CD drive. I suppose you can still get attacked in live memory though, you think?
From: Eef Hartman on 16 Oct 2009 09:57 Van Chocstraw <boobooililililil(a)roadrunner.com> wrote: > I suppose you can still get attacked in live memory though, you think? Yes, but as long as you do not use anything "executable" (including macro's in Word etc. file) from the hard disk, the mal-ware will be erased when you switch of the system, it cannot infect the CD and the "ramdisk fs" is pure temporary. The problem, of course, is that mostly you WILL need stuf from the hard disk, so will have to mount it and then that disk gets vulnerable again. -- ******************************************************************* ** Eef Hartman, Delft University of Technology, dept. SSC/ICT ** ** e-mail: E.J.M.Hartman(a)tudelft.nl - phone: +31-15-278 82525 ** *******************************************************************
From: David Bolt on 16 Oct 2009 10:02 On Friday 16 Oct 2009 14:09, Van Chocstraw played with alphabet spaghetti and left this residue on the plate: > ZDNet is promoting using live Linux CD's for banking, finance and email > internet activity. Spyware, phishing, keyloggers and viruses can't write > themselves to your CD drive. > I suppose you can still get attacked in live memory though, you think? That wouldn't be much of an issue if you're booting up the Live CD just to do your banking. In that case, you'd start the system with the Live CD, go to the banks website, do whatever you were going to do at their site, log back out and shut down. Unless you go looking elsewhere while doing stuff at the banks site there wouldn't be any opportunity for any malware to infect anything. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 10.3 32b | openSUSE 11.0 32b | | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2rc1 RISC OS 4.02 | RISC OS 3.11 | openSUSE 11.1 PPC | TOS 4.02
From: David Bolt on 16 Oct 2009 15:41 On Friday 16 Oct 2009 15:40, houghi played with alphabet spaghetti and left this residue on the plate: > You can download a live CD for just that from the SUSE Studio site. I am > working on just that where the browser pops up and all you have to do is > select what bank and then go through the standard process. It will be > very user friendly and ther will be NO mallware on it. Honestly. > The CD is called MitM-Attack.(1) This is where the issue of trust comes into it. You'll need to know about a download location where you know you are you going to get an unmodified Live CD from, and that you can check it to make sure it's not been tampered with. Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 10.3 32b | openSUSE 11.0 32b | | openSUSE 10.3 64b | openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2rc1 RISC OS 4.02 | RISC OS 3.11 | openSUSE 11.1 PPC | TOS 4.02
From: Van Chocstraw on 16 Oct 2009 16:33
Eef Hartman wrote: > Van Chocstraw <boobooililililil(a)roadrunner.com> wrote: >> I suppose you can still get attacked in live memory though, you think? > > Yes, but as long as you do not use anything "executable" (including > macro's in Word etc. file) from the hard disk, the mal-ware will > be erased when you switch of the system, it cannot infect the CD > and the "ramdisk fs" is pure temporary. > > The problem, of course, is that mostly you WILL need stuf from > the hard disk, so will have to mount it and then that disk gets > vulnerable again. Downloading your statements to a clean thumb drive should be safe. I don't know what "stuff" you would need to send to a bank. |