PDA

View Full Version : Safely visiting websites that may contain malware- Ubuntu Live CD?


Fantome
01-30-2011, 07:54 PM
I recently watched a video of a magic trick on a website that I later found out through others may not be safe and I think my PC got infected. I'm looking for a solution to watching this or other videos from websites whose safety are unknown. Would surfing the net using an Ubuntu Live CD be a solution or would I have to partition my HD and actually install Ubuntu? I'd rather not do that because I'm running out of HD space and I would rather not go through all the trouble. Any other solutions (besides not visiting sites that aren't known to be safe) would also be appreciated.

chrisk
01-30-2011, 09:32 PM
I suspect that a Ubuntu Live CD would be as effective as installing Ubuntu - as long as the live CD includes the drivers that you'd need to get online.

Actually, this might have a marginal advantage, because an installation of Ubuntu on your HD could be infected by a malware taking advantage of a Ubuntu vulnerability. But the LiveCD is nearly proof against infection, insofar as it is readonly. If you have it in a burner drive, it might be possible that the malware would be coded to rewrite the disk, but that seems unlikely enough to be discounted.


I'm not quite sure how to estimate the probability of malware that takes advantage of a Ubunutu vulnerability but writes itself into the Windows installation on your Hard disk.

Sunspace
01-30-2011, 09:33 PM
A Live CD would be an excellent solution. There's a small chance that the website in question is running some IE-specific ActiveX crap that wouldn't work in a different browser, let alone on a different OS; if so, you're hosed, but that's rare these days. Though I recently did run into a news site, an international news organization even, that was still doing that.

BigT
01-31-2011, 12:47 AM
I've done this before with a different LiveCD Linux distro. I actually recommend it as one of the ways to handle this sort of thing.

Heck, it's how I test the malware when it is mentioned in ATMB threads. I use a Virtual Machine with DamnSmallLinux (http://www.damnsmalllinux.org/). I keep a copy of that 50MB Linux on my flash drive.

Mangetout
01-31-2011, 08:17 AM
Does the live CD automatically mount the hard drive partitions these days? Does it use thr HD for swap space? If the answer to either of these is yes, then there could still be a risk.

Dragwyr
01-31-2011, 12:01 PM
The "Live CD" option is a good solution.

Another is using a sandbox program and running your browser in that. When you run your browser in a sandbox program, anything that is spawned from the browser is automatically run in the sandbox as well, including malware installing web sites. When you are done browsing, you simply empty the "sandbox" program and everything that was run is now gone.

Its just a suggestion, but I've been using a sandbox program for the past 2 years and have had absolutely no malware infections on my pc.

Fantome
01-31-2011, 12:47 PM
Another is using a sandbox program and running your browser in that. When you run your browser in a sandbox program, anything that is spawned from the browser is automatically run in the sandbox as well, including malware installing web sites. When you are done browsing, you simply empty the "sandbox" program and everything that was run is now gone.

Its just a suggestion, but I've been using a sandbox program for the past 2 years and have had absolutely no malware infections on my pc. This sounds like a better solution! Do you have a sandbox you recommend? There's a lot on the internet about Sandboxie.

Dragwyr
01-31-2011, 11:24 PM
This sounds like a better solution! Do you have a sandbox you recommend? There's a lot on the internet about Sandboxie.

You can look at the products recommended here: http://www.techsupportalert.com/best-free-browser-protection-utility.htm

The one I use is Sandboxie. Its free, very easy to install and use, and it works great. I run my web browser in it 100% of the time, as well as any "questionable" programs I decide I want to try. I've been very happy with Sandboxie, but don't just take my word for it. Check out the link I gave you and make your own decision on which program you want to use.

I hope this helps.

ChordedZither
02-01-2011, 01:02 PM
Another possibility is to install a virtual machine (VM) server such as VMware or VirtualBox (both available for free), then use those to create a virtual machine that can run either a free Linux distribution or an old version of Windows that you have a copy of the install disks.

By browsing on the VM, any malware is limited to that simulated machine. Periodically wipe and reinstall the VM and you have pretty much the same degree of safety as you would get from using a live CD, but the time to boot or restart a VM is usually much less than to boot from a CD.

aceplace57
02-01-2011, 10:01 PM
Do you have to install VM before Sandboxie? or does it create a Virtual Machine?

BigT
02-01-2011, 11:37 PM
Do you have to install VM before Sandboxie? or does it create a Virtual Machine?

You don't need both. Sandboxie runs natively, but just keeps the program from having access to any hardware directly, redirecting it somewhere else.

A virtual machine adds an extra layer, actually emulating the hardware. The program will think it has the normal direct access to the hardware, but is mistaken.

Also, Sandboxie is technically shareware. After 30 days, it will whine at you every time you use it, encouraging you to register. It will still work, though.

I personally don't pay for it, either, but I only use it to test out shareware without having permanent crap left behind when I uninstall. It's much safer than cleaning your registry. I used to also use it to run programs I didn't trust, but I rarely need programs like that anymore.

ChordedZither
02-02-2011, 08:01 AM
You don't need both. Sandboxie runs natively, but just keeps the program from having access to any hardware directly, redirecting it somewhere else.

A virtual machine adds an extra layer, actually emulating the hardware. The program will think it has the normal direct access to the hardware, but is mistaken.
.

Agreed.

Let me break things down a bit:

Security: Live CD > VM > Sandbox

Booting from a live CD is clearly the most secure (if configured so that all changes go away at the end of the session. The VM isolates an entire operating system, which is pretty nearly as good, but the virtual machine is subject to infection (less likely if a Linux OS is used on the VM). Sandbox programs are playing a trickier game, trying to leave parts of you operating system active while isolating others. They're more vulnerable to being caught by surprise by newly discovered exploitable security holes in the Windows operating system. (Some "sandbox" programs actually set up a VM and so are more secure, but AFAIK Sandboxie is not one of these.)

Ease of use: Sandbox > VM >> Live CD

Sandbox programs and VMs are pretty close, but the Live CD approach requires a long reboot for each use and the loading of browsers and other software from the CD will always be slower than anything served off of a hard drive.

Ease of Installation: Live CD > SandBox >> VM

Arguably, you don't install Live CDs at all (but see my comments about wireless drivers and video support, below).

VMs aren't all that hard to install, but part of the installation is installing an operating system on your new VM, e.g., from the Live CD you already had handy. it's certainly time consuming. Some VM sites have pre-packaged virtual machines that are designed specifically as "browsing machines", which means that you install the virtual machine client (VMware or VirtualBox) and then download one of these pre-packaged VMs. That's a nice shortcut.

One gotcha to watch for - if your machine is connected via wireless instead of a wired connection, there is a chance that the Live CD will not come with drivers for your hardware. I often find that laptops have problems making wireless connections when booted from a Live CD (or many different Linux distributions) even though they work fine when installing the same Linux OS "for real".

Browsing Experience: Sandbox > VM >> Live CD

Sandboxes and VMs should be about equal, but the VM is probably running a different OS than you are used to and the browser won't have any plug-ins and customization that you have accumulated in your normal browser.

Live CDs have a problem that the live CD often will not have Flash and other video software on the live CD, since normally you install those via the internet after your initial boot. (The Ubuntu live CD will not these, and you really don't want to have to remember to re-install these after every boot).

Lare
02-02-2011, 08:59 AM
A question about Sandboxie.

I've visited their website and maybe I just missed it, but how does a program like this "let" some program modify the registry and then vanish without a trace? Does it create a copy of the registry so that anything installed to that copy is erased?

And, along the same vein, wouldn't the bad guys have already taken the possibility of a sandbox program into account and written their code to say "No, don't put things in user/sandbox/program_files, put them in user/program_files?" (Over-simplified, but I think I've made my point.)

aceplace57
02-02-2011, 01:24 PM
And, along the same vein, wouldn't the bad guys have already taken the possibility of a sandbox program into account and written their code to say "No, don't put things in user/sandbox/program_files, put them in user/program_files?" (Over-simplified, but I think I've made my point.)

The sandboxie faq mentions the bad guys do find holes to write outside the sandbox. Sandboxie issues security fixes as needed.
As sandboxie gets more popular, I'm sure it will become a target for malware. The bad guys love a challenge and never give up.

How safe would I be, by using Sandboxie?

You would be quite safe using Sandboxie. It should be noted that, from time to time, people are able to find some vulnerability in Sandboxie, an open hole through which malicious software can still infiltrate the system.

This happens once every few months, on average, and is quickly resolved by closing the hole that is the attack vector.

Thus it's a good idea to have more traditional anti-malware software. This is is the subject of the following question.
http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

Lare
02-03-2011, 03:34 PM
But then, isn't that the point of the whole thing? If everything goes in the sandbox and is deleted at the end of session like they claim, how is it that something gets out? On the other hand, if it's like I posited in my first question, then why even bother? Darn, for a while there I thought this might be The Ultimate Solution!

AnalogSignal
02-05-2011, 02:45 PM
+1 for Sandboxie. I have been using it for over a year on Windows XP and it has protected me from a lot of malware. I always run my browsers in it.

Note Sandboxie is much more effective on 32 bit Windows than 64 bit Windows. For 64 bit Windows, I would consider browsing in VMWare instead.


http://www.sandboxie.com/index.php?NotesAbout64BitEdition

Full disclosure: The 64-bit edition of Sandboxie provides a reduced level of protection compared to the 32-bit edition of Sandboxie.

This shortcoming is the result of a new security feature introduced in 64-bit editions of Windows, called Kernel Patch Protection. This feature aims to protect the core of Windows (the kernel) by regularly performing self-checks to detect changes.

The problem is that a stock Windows kernel does not provide all the facilities necessary to implement a security solution such as Sandboxie. On 32-bit Windows, Sandboxie can dynamically enhance the Windows kernel to provide the missing functionality. This is not possible on 64-bit Windows, due to the Kernel Patch Protection feature.

AnalogSignal
02-05-2011, 02:53 PM
If everything goes in the sandbox and is deleted at the end of session like they claim, how is it that something gets out? On the other hand, if it's like I posited in my first question, then why even bother?

Something occasionally gets out because Sandboxie is like any other software that occasionally has issues or bugs. Nothing has ever gotten out on my machine that I am aware of. If something does get out, I am running antivirus (NOD32) as a backstop.

Darn, for a while there I thought this might be The Ultimate Solution!

For 32 bit Windows, I think Sandboxie is excellent but there are no perfect solutions.

Fantome
02-07-2011, 02:22 PM
But then, isn't that the point of the whole thing? If everything goes in the sandbox and is deleted at the end of session like they claim, how is it that something gets out? On the other hand, if it's like I posited in my first question, then why even bother? Darn, for a while there I thought this might be The Ultimate Solution! So did I. But I think I found one (as far as browsing the internet, watching videos on websites and that sort of thing, but not for easily downloading programs). Instead of using an Ubuntu Live CD, I found plenty of directions on the internet for booting Ubuntu on a flash drive with the add-ons stored on the drive for watching videos, etc., so you don't have to download the add-ons every time you boot up. Unfortunately for me, all of the different options using various software to pull this off didn't work for me, although it seemed to have worked well for others (I kept getting hung up at the boot screen). I did the next best thing. I stored Ubuntu on a flash drive and found one line to run in the terminal that includes plenty of add-ons and I haven't had trouble browsing the internet in any way doing this. It takes about a minute or two to do this every time you want to boot up in Ubuntu, but I don't think it's that big of a deal. The same thing can be done with a Live CD instead of using a flash drive, but with a Live CD the CD drive is almost constantly spinning and making noise.

Here are the directions for getting Ubuntu on a flash drive:

http://www.howtogeek.com/howto/linux/create-a-bootable-ubuntu-usb-flash-drive-the-easy-way/

Here's what I do to get all of the add-ons:

Applications > Ubuntu Software Center > Edit > Software Sources - check all boxes and close

Application > Accessories > Terminal. In the terminal paste:

sudo apt-get install ubuntu-restricted-extras

and click enter. When finished, restart Firefox if Firefox was already started.

I copied and pasted the above to an email that I sent to myself so I can follow them once booted in Ubuntu.

ChordedZither
02-07-2011, 04:14 PM
Another advantage to booting Ubuntu from a flash drive rather than running off the Live CD is that you will be able to install and update Flash and other plugins on the FlashDrive version. Also, if you have a wireless internet connection, the flashdrive install is far more likely to work than the Live CD.

I mentioned earlier in the thread the idea of using a virtual machine. Here (http://www.infopoint.com/News-Events/EntryId/23/Secure-Web-Browsing-browser-isolation-using-Virtual-Box-with-Tutorial.aspx)is a good article on setting up a virtual Ubuntu machine to serve as a wafe browser without the need to reboot in and out of Windows so frequetly.