Web/surfing protection- Ubuntu - thumb drive OS

Hi all,

I have a few questions about linux and web safety.

Backround - I'm sick of Windows and virus/maleware problems (Norton/Malwarebytes) and don't have the money for Mac. I'm not a computer guy but I read that the new Ubuntu 12.04 is the most user friendly form or Linux to date - it is - even for a computer nooby. I downloaded the dual OS version and even got my ATI graphics card to work (4 reinstalls later)

All that said, I read conflicting opinions of Linux safety online (I've even used Puppy on a laptop -fun). Some say that the latest Ubuntu is safe as it reasonbly gets because your not logged on as root and linux hackers and viruses are limited to begin with...

Then I read - It's much safer to use an OS loaded by USB/DVD.

Why is this so important me? I do online bill paying ....so...


Help!!


Thanks in advance

 

I agree with all these comments regarding immunity to viruses and malware. I've switched from Windows to Linux about 4 years ago and have never looked back. I'm an Ubuntu fan, and I typically use the latest Long Term Support (LTS) release, currently Ubuntu 12.04; although ANY version/distro of Linux will provide this immunity, IMO. I haven't had any malware attacks/virus infections since I switched, and my experience is pretty typical. You are about as safe as a computer user can get online.

There are several reasons Linux is immune to viruses, mostly revolving around design of the malware. Your comments regarding "normal" users and "root" privileges are part of it, but so is the fact that virus/malware executables are designed to attack the largest 90+% of users...windows! Even if someone could engineer a virus/malware to trick you into allowing a "root" installation, Linux is too small of a share to be a viable target. Furthermore, the virual/malware executables are designed to be executed on a Windows-design file structure...the Linux structure is completely different. To be fair, Linux can be a "carrier" of the virus, but cannot be infected by the virus. As a responsible user, you MAY want to consider installing Clam Anti-Virus (it's in the default repository of the Software Center) and run it occassionally to ensure you're not sending a "carrier" virus to Windows users. All in all, you're as safe as a computer user on the internet can be.

The comments regarding a LiveCD/usb stick being safer are true. A LiveCD/usb stick boots and runs in RAM memory, you do your online business, then shut down your system...the RAM is wiped clean for the next boot. In theory, this "Live" system only exists for the duration of its use, then it is vaporized. Think MISSION:IMPOSSIBLE...."this system will self-destruct upon shutdown". The flip side of this is that you will have no "persistence" of data storage. So it may not be practical to you.

Perhaps a practical setup for you would be an Ubuntu everyday system, with ANY linux distro as a LiveCD/usb stick (I'd suggest something "lighter" than Ubuntu, such as Lubuntu or Bodhi, so it loads quicker with less "bloat") for your online banking business, then shut down when you're done and reboot into your base everyday system.

Or just use your everday base system and relax in the knowledge that you're as safe as an everyday user of the internet can be. Only you can decide the level of security that is practical for the business you conduct.

 

Hedon,

Thanks for the information on Linux and web surfing - much needed. I'm going to use Ubuntu on my desktop and Lubuntu on the laptop for bill paying. I've installed Clam from the Software Center so I don't become a "carrier" of viruses.Can't thank you enough for the input

One more question - public wireless. Ubuntu a lesser of the evils?


Sidebar - Win7 gripe

After a full cleaning of my girlfriends laptop by Norton logging in (from India) and going through the registry to clean out viruses and maleware - two days later she had safesearch .net virus that had to be cleaned in the same way - logging-in from India. That's some product combo Win7 and Norton.

 

plodr's advice is good. i was under the impression you already installed Linux. if you have not, use a LiveCD/usb stick to verify you CAN bank online using Linux before you install. You'll probably be okay, but better to be certain.

As far as public wireless, I would NEVER conduct financial transactions over a public network. You never know who is lurking with a sniffer, intercepting logons, passwords, etc... I just wouldn't....ever! But that's me...

 

A USB stick can be infected while you are using it, so it really is no safer, than using a regular OS on a hard drive. It is not the Operating Systems causing the infections, it is the user's habits, that causes the computer to be infected.

 

. - Will check that - good info.


----------------------------------

My fault, I wasn't clear. I would never use anything but my home network for financial stuff. I was just asking about web surfing (starbucks for example) like news, sports etc. and not logging into personal email or doing financial stuff.

----------------------------------------


All this is great and just what I'm looking for - unbaised advice from knowlegable guys. It's hard for me to trust various magazine published advice since advertisors pay the bills.

 

Neither a LiveCD nor a Live usb stick can be infected due to the lack of data storage persistence. Shutdown the Live session and any potential infection is nuked from the RAM where it resided.

...unless you're referring to using a Live usb stick which specifically has enabled data persistence? In which case, your statement is true; but the point is to create an additional layer of protection. Acknowledging that a usb stick with enabled persistence can be infected, would you rather re-install over your corrupted OS, or just copy an ISO file back onto the usb drive? Either way, your data is at risk, but I know what I'd prefer.

Lastly, you can mitigate any potential loss of data by placing your /home directory on its own partition. In case of reinstallation, your /home data directory remains intact. :cool

 

You want to bet. Any USB device that can be plugged into a computer can be infected. Even if it is a "Live" or on the go type OS on the Pen drive, it can be infected if the machine you are plugging it into is already infected.

Also there are Keyloggers that appear to be Pen drives. That is that they have storage on them, but can log any keystrokes, while the device is plugged into the computer.

I am sorry, but any public computer will be setup to not allow connection of Pen drives, or will use some sort of "Deep Freeze", that will refresh the image on the drive, or the machine will be connected through a Thin Net, which will further restrict the end user of what they can and cannot do on the machine.

The only time I use a Pen Drive with a live image of Linux on it, is for rescue of machines, not to circumvent the OS that is on the machine, to attempt to hide steps, which are going to be seen through the router logs, or other Network hardware security devices in place, to watch the network.

 

@browniz: most of the things you referred to in #9 are Windows -related. Booting from a USB stick bypasses anything Windows -related like virusses/deep freeze, etc.

 

I'm confused by some of your statements. Either you know a lot more than I do, or we're talking about two different scenarios. I'm not trying to be argumentative, but I'd like to understand more.

I was originally referring to a LiveCD, but also including a Live usb stick without data persistence. From a cold boot, it runs in RAM; there is no permanent write capability; upon shutdown, RAM is wiped. It is my understanding that a virus/malware won't work because of lack of "write" capability, i.e. no persistence. Conversely, even if a virus/malware was detected, it would be wiped out at shutdown, when RAM is flushed. If that is not the case, please correct me, as I don't want to be dispensing bad advice!

Maybe I misunderstood the OP, but here is what I was suggesting based on the question asked:
1. Using a linux-based system is probably the safest an internet consumer can get; assuming your OWN computer/system, not a public access device
2. If you want to do online banking with Linux, test a LiveCD with your bank to verify the bank has no issues with Linux...THEN install the OS on YOUR computer
3. Optional for the supremely paranoid (like me!)...for an extra layer of protection, shutdown your Linux OS and boot into a LiveCD/usb stick for your online banking tasks; upon completion, shutdown the Live Session and boot back into your main Linux OS, thereby wiping all data in RAM
4. NEVER conduct financial transactions, etc... on a public network

Everything I'm suggesting presupposes a Linux OS on your OWN computer/device; not circumventing a public device. I imagine everything you said about public devices to be true...it makes sense. But I don't think we're talking about these steps on a public device (at least, I'm not!), although I am advocating avoiding public networks for personal business.

If I'm wrong, please tell me where I'm wrong and why? Thanks in advance!

 

Yes it does bypass any viri or deep freeze, but still the point is, if the machine is setup to not allow the use of a Pen drive, which if it is a public use machine, Pen Drives should not be allowed used on the workstation.

If you start copying files or downloading infected files to the pen drive, again, you are doing nothing to protect from spreading infections through the use of the Pen Drive.

 

The above would suggest the OP is aware of security issues and thus would hardly be likely to download "infected files to the pen drive" during a banking/payment session. I think it highly unlikely that he would use the same USB drive to copy files either.

 

agreed. furthermore, in addition to your observations, WHO uses a public workstation to conduct personal banking transactions? And WHERE did this scenario come from? I'm pretty sure the OP suggested he had a desktop and a laptop.

I don't know WHY this theoretical pubic workstation keeps coming up, but I would have to agree that it IS theoretically possible to download a windows virus on a linux Live Session, AND save it to that device, and assuming a windows virus/malware affects Linux, could possibly corrupt it on the next boot session...possibly?!

I know Browniz is trying to be helpful, but he's offering advice with respect to a theoretical scenario that does NOT apply to this thread. I would respectfully request this thread to be read from the beginning and then offer the OP any applicable advice that hasn't already been discussed.