1

Suppose the government wants to spy on you using government-designed malware. If you then want to visit sensitive pages on the internet, would it be more secure to use Tor browser within a USB - live boot environment (Ubuntu) as opposed to using Ubuntu from your harddisk with Tor? Can the USB live boot environment immediately get infected by malware if you use it from a certain location which is the same location you normally use your computer?

I know there are certain rootkits that infect UEFI but apart from such an attack does this strategy mitigate risk?

I know I could also use a live CD but my strategy so far was to reformat the USB stick after each secure browsing session and install a new version of Ubuntu on it from a computer at another location.

forest
  • 64,616
  • 20
  • 206
  • 257
CuriousIndeed
  • 161
  • 1
  • 10
  • I think malware on live OSs could access your computer's hard disk (by mounting non-encrypted partitions, like /boot), so it could infect your machine. Protecting from the government is hard, I wouldn't know where to start. But I'd probably start with a privacy oriented distro (Tails, Whonix, QubesOS, etc.) on a totally separate physical machine. – reed Dec 05 '18 at 21:14

2 Answers2

2

A live OS would provide a bit of extra security, but don't rely fully on it and assume that you're good. If you're trying to prevent becoming infected by using a live OS, it can help if the exploit tries to write to the USB/DVD since it can be reset, wiped, thrown away when done. Unplug other storage if you're concerned about your regular OS getting infected.

A live OS is good at keeping your environments safe up to a point. If you are already infected or if it can target you on a hardware level, there is not much you can do to ensure you won't be eavesdropped on that device.

Kimball Hutchins
  • 21
  • 2
0

There is no clear answer to this. We don't know how current "govware" works; they keep it secret for a reason. That said, if the question is:

Does using a bootable live Linux USB have security benefits that using a standard OS does not?

Then yes, it does. If you are using a Linux bootable on a system running only Windows, then you are in good shape as far as virus hopping. Windows virus won't work on your Linux OS (most always). That said, you are still booting that drive the same way you boot any hard drive, even though it's just in a USB slot, so APT on the BIOS level can still affect or possibly infect you.

Anything that you do while using the USB drive should be set up to be saved back to your USB flash drive, and most of the I/O needed by the OS can happen solely in memory so it disappears after a full shut down. Puppy Linux works like this, and is great in my opinion for stealth and system recovery/forensics. It can be a lot of fun to use someone else's computer and it boots straight to your desktop "on" your own drive.

Remember that data on the wire, leaving your computer (you mention Tor), makes no difference if it's local hard disk OS or USB, assuming all settings are equal. There are multiple ways people can track onion routing (what makes Tor work, basically), it's just a lot of work but is completely possible and has been done before.

forest
  • 64,616
  • 20
  • 206
  • 257
bashCypher
  • 1,839
  • 11
  • 21
  • But we do know how government malware works, or at least how state-sponsored malware typically operates, due to all the leaks that came out in the last few years. – forest Dec 06 '18 at 02:02