Main Area and Open Discussion > General Software Discussion

How safe is it to run portable apps on public computers?

<< < (3/9) > >>

jdd:
So, I assume that if I use a write-protected usb drive, I should be safe from viruses and malware attacking the usb. 

Then I would be susceptible to keyloggers and screen watchers.  However, if I use an on-screen virtual keyboard, and software that blocks screen watching, would I still be vulnerable?

steeladept:
If one were to use an encrypted disk, e.g. Rohos Mini Drive, or one of the hardware-encrypted ones like the expensive IronKey, which are intended to prevent snooping, would that also reduce the chances of the USB getting infected?
-rjbull (June 14, 2010, 03:00 PM)
--- End quote ---

I would think not, it would just encrypt the virus in my mind.  Somewhere along the line it has to get encrypted/decrypted which would occur when it gets onto/off of the stick.  It would only protect the hacker that is trying to get the file without the decryption key.

I would think that Firefox would work in a read-only format though.  It would all take place in the computer memory like everything else (generally speaking - I know there are a lot more variables than that though).  Another option might be to use a read only USB and copy down the portable version to the PC being used, then wipe out the software, but that leaves more traces, not less.

Getting back to the original question, assuming there are no key-loggers, once the VPN connection is established, you *should* be safe as most decent VPN implementations break all other connections for security purposes.  Verify with your work VPN administrator to be certain.  Key-loggers can be defeated by using an onscreen keyboard, but then you also have to ensure there is no page snapshots being taken or you are using a constantly changing keyboard so the snapshots must be taken exactly before you click on the key (essentially you would need it to be video recorded).  Even better, use Keypass, though you should make sure your master password is completely different from EVERYTHING else, and use an onscreen keyboard to enter that password.  All these can be portable and, in fact, found on portableapps.com

steeladept:
So, I assume that if I use a write-protected usb drive, I should be safe from viruses and malware attacking the usb. 

Then I would be susceptible to keyloggers and screen watchers.  However, if I use an on-screen virtual keyboard, and software that blocks screen watching, would I still be vulnerable?
-jdd (June 14, 2010, 03:05 PM)
--- End quote ---

I think that would pretty much take care of it - at least as long as workarounds didn't get found for that software.  If you implemented the on-screen keyboard, screen-watching blocker, VPN, and Keypass; I would think any exposure you have left would be about as high as it is at work or even at home.  Probably less.

jdd:
I use Keypass every day, and loaded the portable version on my usb mainly because it stores my passwords.  But what protection does that provide against keyloggers or screenwatchers?

p.s.  All the 'important' information on the usb is stored in encrypted True Crypt hidden volumes, in the event I were to lose the usb stick.

steeladept:
Nice, I do a similar thing.  As for Keypass, what protection it provides from keyloggers is that the keylogger can only log actual typed keys.  Therefore, if you type in your master password, then they will have that, but if it is different from ALL other passwords, it won't do them much good unless they somehow get your keypass files as well.  As for screenwatchers, they can only see what is on the screen, but keypass hides that by default (as does most applications and even web pages for the password field).  That is why keypass is so effective at defeating these.

Navigation

[0] Message Index

[#] Next page

[*] Previous page