Joined: Feb. 2007
||Posted: Mar. 25 2008,21:19
|If you run something under a host OS, I would think that you would still be vulnerable to malicious code from the host, such as software keyloggers.|
Correct. Not only that, the moment you insert a USB storage device like a pendrive into a Windows computer, you are at risk of it becoming part of the existing operating system. That's because Windows automounts and often autostarts. The DSL-embedded is on a FAT partition, making it susceptible to any malware on whichever machines it's inserted.
That's why I said it's complete folly to presume invulnerability. Especially when relying on a host OS in circumstances of questionable security all around (the host computer, the network, etc.). I can think of too many worst case scenarios: such as your device becomes a vector for whatever malware you acquire between all these internet cafe computers and then you take it home and think "dee-dee-dee, I'm safe because I'm using Linux." Not.
|As I mentioned before the advantage of the embedded linux does not use the applications on the host OS or the host OS for that matter|
1. You're inserting a USB device into a booted computer that automounts and (probably) autostarts it. If the host computer is infected or in any way compromised, so is your stick. Regardless of what OS you run in a virtual layer above the host OS. How often do you scan that stick?
2. You're using a FAT device in a FAT system. The fact that you have QEMU between Windows and Linux is beside the point. Your data are on FAT. FAT malware and virii don't discriminate between Linux and MSDOS image files, text files, etc.
3. You're only as safe as the host computer.
|because most viruses,malware, trojans are written forwindows not linux this takes care of a great piece of the problem|
Again, what filesystem is your USB device? FAT. Those "viruses, malware, trojans" are written for FAT. Everything on your device is FAT. Therefore, you're susceptible to everything that can be affected by FAT-oriented malware. That includes your data files.
|The first thing I do is rebbot the machine, most places will let you do this. The second is perouse task manager to check for any keylogger apps or anything suspicious and kill anything I dont like. Most software keyloggers monitor certain apps like email or web browsers when opened are used to record keystrokes, this wont happen with me because I dont use any of host os apps. |
First, rebooting the host computer doesn't rid it of malware, virii, or trojans. Second, malware ordinarily doesn't advertise itself in the task manager. If it did, it would be a lot bleeping easier for most people to contain, manage, and get rid of. Third, I again encourage you to research this issue about keyloggers a little more seriously.
|I cut and paste them from a encrypted password app this app never exposes the actual password so this also eliminates shoulder surfing|
If you decrypt it in an insecure setting like on a questionable host computer on a questionable network, consider it compromised.
| I am not ever completely safe in these environments|
You're not safe at all.
|Any further suggestions would be welcome.|
You'd be a bit safer using DSL with USB-HDD install on that device and using its available tools for encryption. That way you boot from a strictly Linux (not Windows-hosted Linux) environment. I don't consider QEMU a security feature. If you could see my NT sandbox, you'd understand why. But I also don't accept that Linux is inherently safer than any other OS. The weakest link will always be the user. That's why I encourage you to not make assumptions, especially on untrusted networks. :-)
EDIT: Here are a few links about how easy it is to **** up computers with USB devices.
1. This blogger had to re-install because of malware picked up on a promiscuous USB device.
2. Brandeis University had a viral outbreak last year due to USB devices.
3. This is old but still applicable because Windows autoplays USB devices by default.
4. And before you EVER insert a USB device, do you know where it's been? Thieves (and security analysts) are turning to planting devices where they can be found and letting curiosity and human nature take its course. First link is about someone who found a device and inserted it only to install a trojan. Second link is by a tech security consultant who breached a client's security by leaving infected sticks around for employees to find, insert in random computers, and collect data to show how vulnerable the client's systems were. (Many security-savvy companies have turned to removing USB ports, filling them with epoxy, etc., to prevent employees from easily removing data or even more easily spreading malware.)
The moral of the story: USB devices are a lot like sexually adventurous people. The more promiscuous, the more likely there's going to be some damage somewhere down the road. The more machines you insert your pendrive, the more likely it's going to be infected -- that's especially true in a booted computer (such as you're doing with embedded Linux). If you're uncertain about the security of any machine and/or network, you're taking a big gamble whether you run Windows-based apps or Linux-based apps virtually. If the machine is infected, your USB device will most likely become infected once plug and play mounts it and either asks if you want to open it or opens straight up by default.
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)