Author Topic: How safe is it to run portable apps on public computers? (Read 40991 times)

jdd · « **on:** June 14, 2010, 11:18 AM »

I will be traveling without my laptop and was planning to bring a USB drive with portable apps including Firefox and a VPN client.

If I run these applications from my USB drive in a public computer in a lobby or Internet cafe, will it leave traces of personal information that I use to log into accounts on Firefox (e.g., gmail other web mail, or OWA)? I also was thinking of connecting by VPN to my employers servers. How safe is all this???

Thanks,
jdd

wraith808 · « **Reply #1 on:** June 14, 2010, 11:36 AM »

It really depends on how you set things up. If you're using truly portable applications, the only things that are used on the host machine should be the processor and the memory. Of course, this also depends on the computer not being compromised before you start using it- keyloggers are still an issue, and I'm not sure how you defend against such a thing.

f0dder · « **Reply #2 on:** June 14, 2010, 11:55 AM »

...and ontop of keyloggers, there's the risk of getting your usb drive infected by malware from an infected public computer.

mouser · « **Reply #3 on:** June 14, 2010, 12:13 PM »

f0dder beat me to the punch regarding worrying about usb drive being infected. it's still doable you just have to be careful of it -- i wonder if anyone has written up some tricks and techniques for safely doing such things.

jdd · « **Reply #4 on:** June 14, 2010, 12:59 PM »

This may sound ridiculous but what is the danger due to infection of a usb drive by malware? Would that affect my use of portable Firefox?

To be safe, I could just throw out the $4.99 USB drive when I get home, rather than connect it to my computer.

steeladept · « **Reply #5 on:** June 14, 2010, 01:03 PM »

Or you could make it read-only. Though in all fairness I don't remember how to do that...

Stoic Joker · « **Reply #6 on:** June 14, 2010, 01:56 PM »

I don't thing FireFox will work on a read-only drive - which is why I didn't suggest it - But I have used that trick (Drive with hardware write protect toggle) in a pinch.

Public Computers are like Public Toilets, once you sit down you're fully exposed to the last guy's mess.

wraith808 · « **Reply #7 on:** June 14, 2010, 02:13 PM »

Public Computers are like Public Toilets, once you sit down you're fully exposed to the last guy's mess.
-Stoic Joker (June 14, 2010, 01:56 PM)

Talk about uncomfortable analogies...

superboyac · « **Reply #8 on:** June 14, 2010, 02:41 PM »

I had a situation last year where my mom's computer had some bad malware/virus on it. i used my usb to try to fix it using portable apps because none of the installed apps were working. But I got the virus on the usb stick. Then I took it to work, and almost f'ed up the computer there. Mcafee wasn't able to handle it (which is ridiculous, seriously...the big name AV companies are no good...Norton, Mcafee). i was able to clean it, but I was worried because I've gotten in stupid trouble before at that job for messing with my computer.

rjbull · « **Reply #9 on:** June 14, 2010, 03:00 PM »

If one were to use an encrypted disk, e.g. Rohos Mini Drive, or one of the hardware-encrypted ones like the expensive IronKey, which are intended to prevent snooping, would that also reduce the chances of the USB getting infected?

jdd · « **Reply #10 on:** June 14, 2010, 03:05 PM »

So, I assume that if I use a write-protected usb drive, I should be safe from viruses and malware attacking the usb.

Then I would be susceptible to keyloggers and screen watchers. However, if I use an on-screen virtual keyboard, and software that blocks screen watching, would I still be vulnerable?

steeladept · « **Reply #11 on:** June 14, 2010, 03:17 PM »

If one were to use an encrypted disk, e.g. Rohos Mini Drive, or one of the hardware-encrypted ones like the expensive IronKey, which are intended to prevent snooping, would that also reduce the chances of the USB getting infected?
-rjbull (June 14, 2010, 03:00 PM)

I would think not, it would just encrypt the virus in my mind. Somewhere along the line it has to get encrypted/decrypted which would occur when it gets onto/off of the stick. It would only protect the hacker that is trying to get the file without the decryption key.

I would think that Firefox would work in a read-only format though. It would all take place in the computer memory like everything else (generally speaking - I know there are a lot more variables than that though). Another option might be to use a read only USB and copy down the portable version to the PC being used, then wipe out the software, but that leaves more traces, not less.

Getting back to the original question, assuming there are no key-loggers, once the VPN connection is established, you *should* be safe as most decent VPN implementations break all other connections for security purposes. Verify with your work VPN administrator to be certain. Key-loggers can be defeated by using an onscreen keyboard, but then you also have to ensure there is no page snapshots being taken or you are using a constantly changing keyboard so the snapshots must be taken exactly before you click on the key (essentially you would need it to be video recorded). Even better, use Keypass, though you should make sure your master password is completely different from EVERYTHING else, and use an onscreen keyboard to enter that password. All these can be portable and, in fact, found on portableapps.com

steeladept · « **Reply #12 on:** June 14, 2010, 03:20 PM »

So, I assume that if I use a write-protected usb drive, I should be safe from viruses and malware attacking the usb.

Then I would be susceptible to keyloggers and screen watchers. However, if I use an on-screen virtual keyboard, and software that blocks screen watching, would I still be vulnerable?
-jdd (June 14, 2010, 03:05 PM)

I think that would pretty much take care of it - at least as long as workarounds didn't get found for that software. If you implemented the on-screen keyboard, screen-watching blocker, VPN, and Keypass; I would think any exposure you have left would be about as high as it is at work or even at home. Probably less.

jdd · « **Reply #13 on:** June 14, 2010, 03:32 PM »

I use Keypass every day, and loaded the portable version on my usb mainly because it stores my passwords. But what protection does that provide against keyloggers or screenwatchers?

p.s. All the 'important' information on the usb is stored in encrypted True Crypt hidden volumes, in the event I were to lose the usb stick.

steeladept · « **Reply #14 on:** June 14, 2010, 03:37 PM »

Nice, I do a similar thing. As for Keypass, what protection it provides from keyloggers is that the keylogger can only log actual typed keys. Therefore, if you type in your master password, then they will have that, but if it is different from ALL other passwords, it won't do them much good unless they somehow get your keypass files as well. As for screenwatchers, they can only see what is on the screen, but keypass hides that by default (as does most applications and even web pages for the password field). That is why keypass is so effective at defeating these.

f0dder · « **Reply #15 on:** June 14, 2010, 03:39 PM »

How does KeePass insert the encrypted passwords into the other apps? It would be trivial to add a clipboard watcher to a keylogger...

Eóin · « **Reply #16 on:** June 14, 2010, 03:46 PM »

Is the usb drive big enough to hold two copies of what you need? If so keep a fully archived passworded copy and each time you sit down to a new PC extract the contents of that archive. That way you can be sure the programs themselves remain uninfected.

You could automate the whole process with the 7zip commandline version and a simple batch file.

Doesn't address the snooping issues of course.

wraith808 · « **Reply #17 on:** June 14, 2010, 03:46 PM »

I would think that Firefox would work in a read-only format though. It would all take place in the computer memory like everything else (generally speaking - I know there are a lot more variables than that though). Another option might be to use a read only USB and copy down the portable version to the PC being used, then wipe out the software, but that leaves more traces, not less.
-steeladept (June 14, 2010, 03:17 PM)

I don't know if firefox would work in read-only mode. It needs significant cache space for web pages and such, doesn't it?

f0dder · « **Reply #18 on:** June 14, 2010, 03:47 PM »

Is the usb drive big enough to hold two copies of what you need? If so keep a fully archived passworded copy and each time you sit down to a new PC extract the contents of that archive. That way you can be sure the programs themselves remain uninfected.
-Eóin (June 14, 2010, 03:46 PM)

Not if there's an active virus on the system

- but at least the file in the source archive should be safe.

jdd · « **Reply #19 on:** June 14, 2010, 05:06 PM »

Is the usb drive big enough to hold two copies of what you need? If so keep a fully archived passworded copy and each time you sit down to a new PC extract the contents of that archive. That way you can be sure the programs themselves remain uninfected.

Would I be able to do this on a write-protected usb drive?

mouser · « **Reply #20 on:** June 14, 2010, 05:12 PM »

you could just use a program that can calculate hashes of the files.

actually that would make a very nice portable app -- a program which when run scans the drive and creates hashes of all files found, and compares to previous set of saved hashes, reporting any differences and new files. bonus if it also did this on boot records. goal would be to make it super easy to use with no real options, just run it and wait for it to tell you nothing has changed most of the time.. or report on new files. on rare malware infection it will report the changing of some files. (be smart if it flagged changed exe's more dramatically than changed .txt files).

could be extremely useful for portable file use.

in fact, it might very well make sense to run it immediately after inserting a drive to see if any malware wants to try to infect any executables on your usb, kind of like a honeypot.

this would make a great NANY 2011 project for someone..

f0dder · « **Reply #21 on:** June 14, 2010, 05:42 PM »

mouser: I had the same idea, but you have to keep in mind, though, that the really nasty malware is capable of hiding itself, so it's not going to be 100% foolproof... you'd have to run a guaranteed clean version of the hash-checker, not the copy from the usb stick.

mouser · « **Reply #22 on:** June 14, 2010, 05:47 PM »

..you'd have to run a guaranteed clean version of the hash-checker, not the copy from the usb stick.

i think this is where we diverge into the superspy paranoia vs real world risks.

while it is conceivably possible that someone could write custom malware that would infect and modify the hash checker to trick it into reporting fake hashes, this is just so unlikely as to make it not worth worrying about (you could also make that quite hard by putting some protection on the program itself).

so yes, the malware could infect the hash checker (though you could do some stuff to make that hard), but it's not going to make it report false hashes, so it would still do it's job of reporting an infection.

and after it did, you would not trust the files on that thumbdrive to be safe any more, as they would have been trojaned, including the hash checker.. but that's ok, the point is to DETECT the infection.

f0dder · « **Reply #23 on:** June 14, 2010, 05:54 PM »

Oh, I wasn't worried about the hash-checking program intentionally having it's checking functionality disabled - but along the lines of the program getting infected on one machine, and when running on the next spreading the infection. If the infection was with a nasty piece of self-hiding code, the hash-checking would be ineffective without having been explicitly targeted.

jdd · « **Reply #24 on:** June 14, 2010, 06:07 PM »

If the drive is write protected, would I have to worry about any of these infections?