Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 01, 2015, 03:18:51 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: How safe is it to run portable apps on public computers?  (Read 15984 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,312
  • "In my dreams, I always do it right."
    • View Profile
    • wraith808
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #25 on: June 14, 2010, 09:03:03 PM »
If the drive is write protected, would I have to worry about any of these infections?

No... but I'm not sure that Firefox portable will run on a write-protected drive.  It saves your profile information and cache there if I'm correct...

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #26 on: June 15, 2010, 09:00:46 AM »
How does KeePass insert the encrypted passwords into the other apps? It would be trivial to add a clipboard watcher to a keylogger...

And Dominik would like to see his methods challenged. Note that this is for KeePass 2.x, KeePass 1.x lacks any kind of protection against keyloggers if you rely on AutoType.

Personally, I wouldn't use public computers for anything more than casual browsing these days, unless you know the computers are properly maintained and/or configured (public computers shouldn't be running an account with administrator rights by default), or they have some kind of rollback method. Once you log out, everything you've done disappears.
« Last Edit: June 15, 2010, 09:03:07 AM by Lashiec »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #27 on: June 15, 2010, 09:12:43 AM »
How does KeePass insert the encrypted passwords into the other apps? It would be trivial to add a clipboard watcher to a keylogger...

And Dominik would like to see his methods challenged. Note that this is for KeePass 2.x, KeePass 1.x lacks any kind of protection against keyloggers if you rely on AutoType.
Thanks for that link - it's a decent system he's implemented, I had been thinking of something similar. While it will fool a bog-standard keylogger, there's still some ways to target it. You could (probably) log the clipboard entries when Ctrl+V is sent to the target app (that way you don't have to be part of the clipboard listener chain, nor poll the clipboard constantly). Or API-level hooks could be thrown into the mix...
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 34,975
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #28 on: June 15, 2010, 02:57:22 PM »
ghacks has a nice article on this issue today:
http://www.ghacks.ne...-on-them/#more-26616

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 7,043
    • View Profile
    • Just for mouser.
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #29 on: June 15, 2010, 06:52:12 PM »
So basically what you guys are saying is that I shouldn't be doing my online banking at the Library?

Or for that matter, I shouldn't be doing anything that uses my username and password while on a public computer?

I was actually just wondering about this yesterday. How safe would it be to use PuTTy to ssh into my shell account from a public PC or on a public/open network? A keylogger would be an obvious risk for a public PC, but what about if it's my computer transmitting data over an open network? Any other probable risks?


Clive

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 107
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #30 on: June 17, 2010, 03:04:17 AM »
Here in Australia most public 'puters are set up with limited rights i.e. not admin so you can't actually launch apps from a usb. Similar in the USA /Europe?

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 637
  • I will eat Cody someday.
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #31 on: June 21, 2010, 04:44:35 PM »
Here in Australia most public 'puters are set up with limited rights i.e. not admin so you can't actually launch apps from a usb. Similar in the USA /Europe?

Here you have full admin rights and comuters are protected with Faronics Deep Freeze, so you get a fresh-installed desktop each time, at least on most cybercafé/school networks.

Kamel

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 138
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #32 on: June 21, 2010, 04:52:32 PM »
there are even physical monitoring devices that can capture your username and password... and who's to say that if the computer is fine that the network itself isn't vulnerable?

point blank, it's risky to use nearly any public connection or computer, no matter how safe you are. it's like having sex with a hooker, they could be clean, or they could be dirty and you might be ok with a condom, or you might use a condom and manage to get an STD anyway. no matter how you slice it, it's risky business.
I'm the guy you yell at when your DSL goes down...

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,027
  • Is your software in my list?
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #33 on: June 21, 2010, 06:00:36 PM »
there are even physical monitoring devices that can capture your username and password... and who's to say that if the computer is fine that the network itself isn't vulnerable?

point blank, it's risky to use nearly any public connection or computer, no matter how safe you are. it's like having sex with a hooker, they could be clean, or they could be dirty and you might be ok with a condom, or you might use a condom and manage to get an STD anyway. no matter how you slice it, it's risky business.
mmm...all good points.  Is it just my dirty mind, or does scancode's avatar look like a punctured condom?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 34,975
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #34 on: June 21, 2010, 06:15:01 PM »
i do think that probably one of the safest ways you can use a public computer is to remote connect to your home/work deskop and work from there, and plan on changing the password when you return home.  that minimizes the risk pretty much.. and means that only if someone sniffs the password you used to log in to your remote computer and uses it to connect to your remote computer are you at risk, which is pretty low risk, especially if you're away for a short time.

now, this immediately suggests that an extremely useful feature for a vpn/remoteconnect tool would be the use of one-time pads, single-use passwords, hardware key ids.  anyone know of any vpn/remote desktop that supports this?

with such a setup, you would remote connect to your desktop, do everything through your encrypted connection to your home/work pc.  you would assume that the local pc is compromised and keylogging everything you type.  but the password they sniff would no longer get them in.  only by keeping a list of single-use-logins with you in your pocket will you be able to log in.

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 809
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #35 on: June 22, 2010, 11:48:17 AM »
now, this immediately suggests that an extremely useful feature for a vpn/remoteconnect tool would be the use of one-time pads, single-use passwords, hardware key ids.  anyone know of any vpn/remote desktop that supports this?
That would be really useful! But I don't know of one. I also think it is outright weird that big services like gmail doesn't offer something like that already. You could log in with your regular password and generate and print out 10 temporary passwords that each expire after one use (and to make new ones you'd need the regular pw again).

In response to the original post, I'd definitely try to avoid public computers when accessing work computers or mail servers remotely. Are you sure that a mobile phone with basic internet capacities (like mail) won't be enough? Or a phone tethered to a netbook. (Ok, the OP said he was travelling laptop-free but a tiny netbook add so little weight and bulk that I have a hard time figuring out when it wouldn't be possible to bring.)

Cyeb

  • Participant
  • Joined in 2009
  • *
  • Posts: 50
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #36 on: June 29, 2010, 09:39:23 AM »
you could just use a program that can calculate hashes of the files.

actually that would make a very nice portable app -- a program which when run scans the drive and creates hashes of all files found, and compares to previous set of saved hashes, reporting any differences and new files.  bonus if it also did this on boot records.  goal would be to make it super easy to use with no real options, just run it and wait for it to tell you nothing has changed most of the time.. or report on new files.  on rare malware infection it will report the changing of some files.  (be smart if it flagged changed exe's more dramatically than changed .txt files).

could be extremely useful for portable file use.

in fact, it might very well make sense to run it immediately after inserting a drive to see if any malware wants to try to infect any executables on your usb, kind of like a honeypot.

this would make a great NANY 2011 project for someone..

Oh, I wasn't worried about the hash-checking program intentionally having it's checking functionality disabled - but along the lines of the program getting infected on one machine, and when running on the next spreading the infection. If the infection was with a nasty piece of self-hiding code, the hash-checking would be ineffective without having been explicitly targeted.

I know this is a week-old thread, but aren't you guys missing something?  Just put the hash checker on the read-only part of the drive!  Tell me if my idea is flawed..But I'm pretty sure it's doable.  You just have to preload the hashes into the read-only part of the USB before you go anywhere.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #37 on: July 02, 2010, 12:26:24 AM »
I know this is a week-old thread, but aren't you guys missing something?  Just put the hash checker on the read-only part of the drive!  Tell me if my idea is flawed..But I'm pretty sure it's doable.  You just have to preload the hashes into the read-only part of the USB before you go anywhere.
If you have an USB drive with separate read/only and read/write parts, sure - never came upon one like that myself, though.
- carpe noctem

steeladept

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,059
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #38 on: July 02, 2010, 09:15:41 AM »
I know this is a week-old thread, but aren't you guys missing something?  Just put the hash checker on the read-only part of the drive!  Tell me if my idea is flawed..But I'm pretty sure it's doable.  You just have to preload the hashes into the read-only part of the USB before you go anywhere.
If you have an USB drive with separate read/only and read/write parts, sure - never came upon one like that myself, though.
That is easy using something like Truecrypt to make your file work as a read-only disc. Don't know if that would really make it work though - requires more thought...

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 8,858
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #39 on: July 02, 2010, 09:42:40 AM »
Good idea, steeladept - mounting a TC volume as read-only would probably do the trick.
- carpe noctem

Cyeb

  • Participant
  • Joined in 2009
  • *
  • Posts: 50
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #40 on: July 06, 2010, 03:12:46 PM »
http://www.hak5.org/..._Switchblade#Files_4

^ Read on it.  If you search around, there's an application to hack things onto the read-only part of any u3 drive.

Except the link I provided is for recovering information on an unsuspecting user's hard drive.  Fighting evil with evil?  :D
« Last Edit: July 06, 2010, 03:14:59 PM by Cyeb »

steeladept

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,059
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #41 on: July 07, 2010, 02:46:58 PM »
Don't need U3 to use TrueCrypt though.  Moreover, it is encrypted so that MAY prevent this even on U3.

I am no expert here, and am just throwing out ideas.  Beating a properly encrypted and protected Truecrypt volume is difficult though on the best of days, and can be just this side of impossible.
« Last Edit: July 07, 2010, 02:48:31 PM by steeladept »

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,982
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #42 on: July 07, 2010, 04:51:38 PM »
I don't understand hash checkers but just hypothetically speaking are portable apps safer than say a cellphone with some encrypted device?

Technically that's like remote PC usage correct or am I mistaken? (assuming it has security apps)

oxman

  • Supporting Member
  • Joined in 2010
  • **
  • gravatar avatar
  • Posts: 8
    • View Profile
    • Donate to Member
Re: How safe is it to run portable apps on public computers?
« Reply #43 on: August 11, 2010, 01:51:22 PM »
There is absolutely no way to keep your data secure (not stoled) on a USB key pluged into a public computer.