ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

How safe is it to run portable apps on public computers?

<< < (6/9) > >>

wraith808:
If the drive is write protected, would I have to worry about any of these infections?
-jdd (June 14, 2010, 06:07 PM)
--- End quote ---

No... but I'm not sure that Firefox portable will run on a write-protected drive.  It saves your profile information and cache there if I'm correct...

Lashiec:
How does KeePass insert the encrypted passwords into the other apps? It would be trivial to add a clipboard watcher to a keylogger...
-f0dder (June 14, 2010, 03:39 PM)
--- End quote ---

And Dominik would like to see his methods challenged. Note that this is for KeePass 2.x, KeePass 1.x lacks any kind of protection against keyloggers if you rely on AutoType.

Personally, I wouldn't use public computers for anything more than casual browsing these days, unless you know the computers are properly maintained and/or configured (public computers shouldn't be running an account with administrator rights by default), or they have some kind of rollback method. Once you log out, everything you've done disappears.

f0dder:
How does KeePass insert the encrypted passwords into the other apps? It would be trivial to add a clipboard watcher to a keylogger...
-f0dder (June 14, 2010, 03:39 PM)
--- End quote ---

And Dominik would like to see his methods challenged. Note that this is for KeePass 2.x, KeePass 1.x lacks any kind of protection against keyloggers if you rely on AutoType.-Lashiec (June 15, 2010, 09:00 AM)
--- End quote ---
Thanks for that link - it's a decent system he's implemented, I had been thinking of something similar. While it will fool a bog-standard keylogger, there's still some ways to target it. You could (probably) log the clipboard entries when Ctrl+V is sent to the target app (that way you don't have to be part of the clipboard listener chain, nor poll the clipboard constantly). Or API-level hooks could be thrown into the mix...

mouser:
ghacks has a nice article on this issue today:
http://www.ghacks.net/2010/06/15/how-to-protect-usb-sticks-and-the-data-on-them/#more-26616

Deozaan:
So basically what you guys are saying is that I shouldn't be doing my online banking at the Library?

Or for that matter, I shouldn't be doing anything that uses my username and password while on a public computer?

I was actually just wondering about this yesterday. How safe would it be to use PuTTy to ssh into my shell account from a public PC or on a public/open network? A keylogger would be an obvious risk for a public PC, but what about if it's my computer transmitting data over an open network? Any other probable risks?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version