Main Area and Open Discussion > General Software Discussion
How safe is it to run portable apps on public computers?
Nod5:
now, this immediately suggests that an extremely useful feature for a vpn/remoteconnect tool would be the use of one-time pads, single-use passwords, hardware key ids. anyone know of any vpn/remote desktop that supports this?-mouser (June 21, 2010, 06:15 PM)
--- End quote ---
That would be really useful! But I don't know of one. I also think it is outright weird that big services like gmail doesn't offer something like that already. You could log in with your regular password and generate and print out 10 temporary passwords that each expire after one use (and to make new ones you'd need the regular pw again).
In response to the original post, I'd definitely try to avoid public computers when accessing work computers or mail servers remotely. Are you sure that a mobile phone with basic internet capacities (like mail) won't be enough? Or a phone tethered to a netbook. (Ok, the OP said he was travelling laptop-free but a tiny netbook add so little weight and bulk that I have a hard time figuring out when it wouldn't be possible to bring.)
Cyeb:
you could just use a program that can calculate hashes of the files.
actually that would make a very nice portable app -- a program which when run scans the drive and creates hashes of all files found, and compares to previous set of saved hashes, reporting any differences and new files. bonus if it also did this on boot records. goal would be to make it super easy to use with no real options, just run it and wait for it to tell you nothing has changed most of the time.. or report on new files. on rare malware infection it will report the changing of some files. (be smart if it flagged changed exe's more dramatically than changed .txt files).
could be extremely useful for portable file use.
in fact, it might very well make sense to run it immediately after inserting a drive to see if any malware wants to try to infect any executables on your usb, kind of like a honeypot.
this would make a great NANY 2011 project for someone..
-mouser (June 14, 2010, 05:12 PM)
--- End quote ---
Oh, I wasn't worried about the hash-checking program intentionally having it's checking functionality disabled - but along the lines of the program getting infected on one machine, and when running on the next spreading the infection. If the infection was with a nasty piece of self-hiding code, the hash-checking would be ineffective without having been explicitly targeted.
-f0dder (June 14, 2010, 05:54 PM)
--- End quote ---
I know this is a week-old thread, but aren't you guys missing something? Just put the hash checker on the read-only part of the drive! Tell me if my idea is flawed..But I'm pretty sure it's doable. You just have to preload the hashes into the read-only part of the USB before you go anywhere.
f0dder:
I know this is a week-old thread, but aren't you guys missing something? Just put the hash checker on the read-only part of the drive! Tell me if my idea is flawed..But I'm pretty sure it's doable. You just have to preload the hashes into the read-only part of the USB before you go anywhere.-Cyeb (June 29, 2010, 09:39 AM)
--- End quote ---
If you have an USB drive with separate read/only and read/write parts, sure - never came upon one like that myself, though.
steeladept:
I know this is a week-old thread, but aren't you guys missing something? Just put the hash checker on the read-only part of the drive! Tell me if my idea is flawed..But I'm pretty sure it's doable. You just have to preload the hashes into the read-only part of the USB before you go anywhere.-Cyeb (June 29, 2010, 09:39 AM)
--- End quote ---
If you have an USB drive with separate read/only and read/write parts, sure - never came upon one like that myself, though.
-f0dder (July 02, 2010, 12:26 AM)
--- End quote ---
That is easy using something like Truecrypt to make your file work as a read-only disc. Don't know if that would really make it work though - requires more thought...
f0dder:
Good idea, steeladept - mounting a TC volume as read-only would probably do the trick.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version