12 Steps to a malware free existence

[Hudson185]

I assume that the sd cards are read-only and that no hard disk is not mounted. The files on the read only sd card are encrypted with truecrypt and the password for truecrypt is on a Yubikey to decrypt. The passwords are in Keepass a password manager and require keyfile on a separate read only sd card. Also I assume the power user is smart enough to change the default root password and run no-script on firefox.

[chrisj]

I assume that the sd cards are read-only and that no hard disk is not mounted. The files on the read only sd card are encrypted with truecrypt and the password for truecrypt is on a Yubikey to decrypt. The passwords are in Keepass a password manager and require keyfile on a separate read only sd card. Also I assume the power user is smart enough to change the default root password and run no-script on firefox.

Read only or not, it's still accessible. I don't need to write to things, to have the ablitly to start copying your data.

however as root, the command mount -o rw <insert target drive> is a thing as well.

Keypass has stuff in memory, not hard to do a memory dump as root.

As for the power user... At DerbyCON, lots of clue full people there, a network scan turned up over 100 backtrack boxes with default login creds of root /toor.

Like I hinted before, if you want to be serious about it. Load TAILS.

[Hudson185]

TAILS is for anonimity not security Tor's security sucks (http://nspill.blogspot.com/2010/04/tor-exit-node-sslstrip.html) but it's anonymity is good. Using backtrack 5 R3 with vpn is much more secure but it's not anonymous. Also the chances of having a attacker that is dedicated is really low. Compared to Windows and Mac and Ubuntu your much more secure.

[tturner]

Using backtrack 5 R3 with vpn is much more secure ...

More secure than what? a soggy napkin? If you want secure, run a stripped down gentoo or *BSD box with only the bare necessities, no compiler, services disabled, FDE, etc. BT5 not only runs as root (yes you can change but, I run a BT5 VM with a locked down user and su when I need root but it's still very insecure) but has so much cruft installed you will have an extremely hard time making it secure. That's not what it's designed for. Choose the right tools for the job. Hell I'm pretty sure my Windows 7 box the way I have it locked down is more secure than most BT5 installs.

[jinwald12]

Why is everyone saying BackTrack is outdated? It's based off an LTS version of Ubuntu and is still completely supported: https://wiki.ubuntu.com/LTS

it's based off of 10.04 (lucid) which while in theory is still LTS but does not get nearly as much attention as other releases and BT uses different repos then normal lucid for most of it's programs which have out dated versions (with the exception of firefox and a few others) and they slapped on a kernel version that is no where near what lucid was designed to work with.

[ajohnson]

it's based off of 10.04 (lucid) which while in theory is still LTS but does not get nearly as much attention as other releases and BT uses different repos then normal lucid for most of it's programs which have out dated versions (with the exception of firefox and a few others) and they slapped on a kernel version that is no where near what lucid was designed to work with.

I guess that depends on your definition of "outdated" then. A 10.x release is obviously not going to have all the bells and whistles as a 12.x release, but it's not unsupported or neglected either.

Back to the main topic, BackTrack really shouldn't be used as a "secure" distro since that's not its purpose. As mentioned by others, it has numerous changes that make it less secure right out of the gate (default password of toor, root SSH login enabled, etc.) Are you really going to change your password and disable root SSH logins every time you launch the live CD? Why would you even want to deal with having to harden your system every time you boot it? Spend $8 on another thumb drive and use a distro that's designed for security.

[chrisj]

TAILS is for anonimity not security Tor's security sucks (http://nspill.blogspot.com/2010/04/tor-exit-node-sslstrip.html) but it's anonymity is good. Using backtrack 5 R3 with vpn is much more secure but it's not anonymous.

T.A.I.L.S is about more than anonymity. T.O.R. is just one of the things it uses, it's just the one that gets the most press. It has other features built in, so if you're running it, your protected. It boots more secure than BT5r3 does. Firewall on by default. Blocking inbound connections. You also don't have to use TOR on it if you don't want to.

[Hudson185]

Tried out T.A.I.L.S it's cool and user friendly but it lacks wine and truecrypt. So I still would say backtrack 5 r3 is a better choice if your only going to use a live cd.

[Hudson185]

Also posted this on hak5.org encouraging people to come to ethicalhacker.net

157 views so far...
http://forums.hak5.org/index.php?/topic/28192-12-steps-to-a-malware-free-existence-using-a-backtrack-5-r3-live-cd/

[chrisj]

You can install other packages as you need them. Sine T.A.I.L.S. is already dvd sized, it would be worth a try to contact the dev to install those in the next version of the dvd.

[Hudson185]

You can install other packages as you need them. Sine T.A.I.L.S. is already dvd sized, it would be worth a try to contact the dev to install those in the next version of the dvd.

That's defiantly a good idea. It would be great to see wine and truecrypt on a more user friendly OS like  T.A.I.L.S.

[Hudson185]

I wrote the developers I doubt we will see Wine on T.A.I.L.S.
Aslo the developers do not like truecrypt

"... Tails developers do not recommend TrueCrypt. We include TrueCrypt only to allow users of the (old and now unsupported) Incognito live system to access the data on previously created media. In the future, we would like to provide proper alternatives and stop distributing TrueCrypt. This means that you should not create new TrueCrypt media if you intend to stay with Tails in the long run."
I would say that backtrack 5 R3 is still the best choice at the moment

Please add Wine and TrueCrypt
Inbox
   x
Hudson Seiler <>
   
Dec 25 (1 day ago)
      
to tails-dev
Hello recently I wrote an article about avoiding banking trojans and bots on http://www.ethicalhacker.net using Backtrack 5 r3 live cd. I thought that Backtrack 5 r3 was okay for the power user, but not the common user. Then I was told about Tails my only complaint with it is the lack of Wine and TrueCrypt. It would be awsome if you could add Wine and TrueCrypt to the live cd.

article
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9571.0/

sincerely,
Hudson Seiler

Reply

   
5:27 PM (4 hours ago)
      
to Tails, me
> Truecrypt is very useful indeed, but it can be installed on Tails,
> simply download the tar.gz package from truecrypt.org and execute the
> script, it will install it.
>
> I also recommend to the development team that truecrypt should be
> included by default and come with the DVD already.

TrueCrypt is already included in Tails, please refer to the doc:

https://tails.boum.org/doc/encryption_and_privacy/truecrypt/.

Regarding Wine, Tails is not meant to be a general purpose operating
system but a selection of tools designed to answer some particular use
cases, see our design doc:

https://tails.boum.org/contribute/design/

Apart from the fact that I really doubt we want to encourage people
running probably non-free software through Wine. How would Wine help us
fulfil better our goals?

[encryptedmind]

For most of the layusers getting to work on complicated software is not really their thing. A simple truecrypt based encryption works well.

Couple that with a top ranking AV product and a top ranking firewall (free or fee) should do the trick.

2 step verification is recommended. Local downloaded mails should be encrypted as well.

The think I would do optimally is to create a virtual hard disk in vmware and use that sandboxed environment for much of the daily tasks. Keep the fully installed and configured virtual machine image as a backup in an external HD for retrieval.

Use a sandboxed browser like chrome in a sandboxed environment like sandboxie within a virtual machine. Use shared folder only when really required. Couple more security with deep freeze for total recall. Optimally use a vpn / tor.

Take system file hashed once in a while to make sure of the system integrity.

The rest is just net common sense, dont surf dubious link, download software from suspicious sources. Scan files before installation.

THE MOST IMPORTANT RULE OF ALL -- TAKE REGULAR BACKUPS OF EVERYTHING YOU THINK IS USEFUL, EVERYDAY/EVERYOTHER DAY.

The above rule has saved my a*** many many a times.

Computers and computer software are not perfect because we humans are not perfect.