Does using an Ubuntu or Mint LiveCD for online transactions, like banking or buying stuff, make the transaction safer?
If so, how does this work, and why is it safer?
I understand booting from the CD, but what about establishing the internet connection? And since data is being transmitted, I don’t get how/why this might be safer?
Info appreciated!
a few things I can see:
booting to a known-safe live CD (Ubuntu and similar) pretty much guarantees there’s no malware running which could be logging your keystrokes (and stealing your usernames, passwords, account #s, etc.)
live CDs have no persistent storage so once you restart the system all cookies and other web tracking things are gone.
as for the internet connection, if you have a wired connection (ethernet) then as long as your network card is supported by the Linux distro it’ll automatically detect. if it’s WiFi, then (as long as it’s supported by the distro) it’ll detect the card and you’ll have to find your network and put in the security key.
I guess this would be marginally safer, but it’s starting to edge into paranoia IMO…
Absent a hardware keylogger or the like, yes. But I’ve gotta say, booting to a live CD just to check your bank account balance is some serious overkill. It’s much easier (and, overall, far preferable) to just prevent the malware from getting on your computer in the first place.
I see one thing which makes live CDs less secure, though: They’re, to some degree, out of date. If you used an Ubuntu 12.10 live CD, for example, that’s an ISO approaching six months old. You’d be running a version of Firefox with known security vulnerabilities. That’s an actual, known attack vector (albeit one unlikely to be exploited by simply browsing to your bank’s website), rather than the very fuzzy and dubious “there might be malware on my computer!” vector. Now, if you know there’s malware on your computer, yeah, don’t be typing in credit card numbers until you’ve cleared it away. If you suspect there’s malware on your computer, you need to prove or disprove this before you log into your bank’s website. But on a healthy computer, using a live CD for this purpose is, at best, useless.
Thanks for info.
Might a LiveCD be a good idea if using someone else’s PC–esp a “public” one like at a library?
When using a LiveCD, is that PC’s hard drive completely protected against any downloads, from anything being saved on the hard drive?
Is the LiveCD “writable”?–How do cookies get saved? Or are the cookies saved only in memory?
Do you trust the computer owner to not be malicious, and to be competent enough not to allow malware on their machines? If “no”, then yes, using a live CD might be preferable, but it’s also risky in that you might get booted off the computers entirely by the supervisor there. Also, you’re not going to be able to do this on any competently run library computer, which you’ll either not be afforded physical access to, or they’ll have the boot order set to hard drive first with the BIOS settings behind a password.
Not “completely”. You can mount and write to physical drives from a live CD. Generally, though, you would have to go out of your way to do this.
The live CD is not writeable, as optical discs are generally “write-once”. Cookies are stored in the RAM drive and are not persisted when you reboot the machine.