ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

How safe is it to run portable apps on public computers?

<< < (5/9) > >>

mouser:
you could just use a program that can calculate hashes of the files.

actually that would make a very nice portable app -- a program which when run scans the drive and creates hashes of all files found, and compares to previous set of saved hashes, reporting any differences and new files.  bonus if it also did this on boot records.  goal would be to make it super easy to use with no real options, just run it and wait for it to tell you nothing has changed most of the time.. or report on new files.  on rare malware infection it will report the changing of some files.  (be smart if it flagged changed exe's more dramatically than changed .txt files).

could be extremely useful for portable file use.

in fact, it might very well make sense to run it immediately after inserting a drive to see if any malware wants to try to infect any executables on your usb, kind of like a honeypot.

this would make a great NANY 2011 project for someone..

f0dder:
mouser: I had the same idea, but you have to keep in mind, though, that the really nasty malware is capable of hiding itself, so it's not going to be 100% foolproof... you'd have to run a guaranteed clean version of the hash-checker, not the copy from the usb stick.

mouser:
..you'd have to run a guaranteed clean version of the hash-checker, not the copy from the usb stick.
--- End quote ---

i think this is where we diverge into the superspy paranoia vs real world risks.

while it is conceivably possible that someone could write custom malware that would infect and modify the hash checker to trick it into reporting fake hashes, this is just so unlikely as to make it not worth worrying about (you could also make that quite hard by putting some protection on the program itself).

so yes, the malware could infect the hash checker (though you could do some stuff to make that hard), but it's not going to make it report false hashes, so it would still do it's job of reporting an infection.

and after it did, you would not trust the files on that thumbdrive to be safe any more, as they would have been trojaned, including the hash checker.. but that's ok, the point is to DETECT the infection.

f0dder:
Oh, I wasn't worried about the hash-checking program intentionally having it's checking functionality disabled - but along the lines of the program getting infected on one machine, and when running on the next spreading the infection. If the infection was with a nasty piece of self-hiding code, the hash-checking would be ineffective without having been explicitly targeted.

jdd:
If the drive is write protected, would I have to worry about any of these infections?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version