A computing environment that saves no data

Question

I want to use a laptop which doesn’t save any data, history, passwords anywhere in it. All state information should be destroyed once it is turned off or rebooted, without removing my ability to use the OS or specific applications such as Explorer or some remote desktop apps like Radmin. I am used to Windows OS, but I can use Mac also for such purposes.

The aim is that if I'm using the laptop and somebody approaches me, then simply pressing the power button will remove all context of what I've done.

Answer 1

You've described the principles behind a live CD boot. This can be most strongly ensured by having no permanent media within the machine. I'm going to gear my answer towards Linux as that's what I'm most familiar with in this context.

Having a hard drive with all disk partitions mounted as read-only and all read-write partitions mounted in memory would also provide this, but allow for easier updating of the underlying OS.

Careful use of SELinux, context switching, and UnionFS would allow you to persist selected configurations, etc. to disk while ensuring that everything else is only written to memory.

Answer 2

Jeff's answer covers more than I know about, but I can add a few side notes;

There is the issue of page files and other non-volatile virtual memory. The general approach is to use an encrypted swap, with a key read from /dev/random on boot.

On that note, you could just use full disk encryption, and have a 'panic' key combination hooked to a script that pipes some /dev/random onto your disk master-salt. Just don't press it by accident.

Answer 3

It would seem that Tinfoil Hat Linux would answer your prayers. Alas, it looks like it was just something of a joke, and hasn't had a revision in 9 or 10 years. The Amnesiac Incognito Live System seems to have most, but not all features of Tinfoil Hat Linux, as does Alpine Linux.

Answer 4

"Tails" is a linux distro that does that. From their website:

Tails is a live DVD or live USB that aims at preserving your privacy and anonymity. It helps you to:

• use the Internet anonymously almost anywhere you go and on any computer: all connections to the Internet are forced to go through
  the Tor network;
• leave no trace on the computer you're using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging.

Answer 5

It is not uncommon to run Linux in an environment like you're describing. Typically the OS is mounted on a stacked filesystem which superimposes a read-only image over a RAM-only filesystem, such changes exist in memory only, and are lost when you reboot. Typical examples include "Live CD" or "Live USB" environments including rescue disks and install disks.

Theoretically these same principles could be applied to proprietary OSes as well (e.g. OSX and Windows), but because the OS is proprietary, such a think would have to be distributed by the vendor itself (Microsoft or Apple). The technology certainly isn't lacking: both OSX and Windows run a modified version of their core OS on their install CDs. But the current demand simply isn't sufficient to convince these companies to distribute a full-scale read-only OS.

Windows did at one point have something similar available in a product called Windows SteadyState, but this appears to have been abandoned before the release of Windows 7.

Answer 6

This is a common requirement for computers that are accessible unsupervised by the public. Such examples are kiosk computers, self service tills etc.

In a previous job I worked on developing a weighing scale for a supermarket. The weighing scale was used by shoppers to weigh their own fruit and veg and print price labels. The device was basically a PC running Windows XP Embedded and had USB ports underneath, making it possible to plug a USB keyboard in and if you knew what you were doing, you could get into the OS (necessary for maintenancy).

To prevent malicious use/attack the device use a feature of the embedded OS called the Enhanced Write Filter. This feature uses a RAM disk as a layer between the physical disk. All disk writes are held in the RAM disk; the hard disk doesn't see them. When the device is rebooted or loses power the RAM disk is lost along with any writes it held. This meant that if anyone managed to attack the device (eg deface it with something nasty, eg porn) all the store staff had to do was switch it off and on again.

For maintenance purposes you can commit the RAM disk changes to the hard disk but this requires an admin password.

XP Embedded is pretty old now, but I believe the feature is also included in Win 7 Embedded.

Answer 7

This is an old question, sorry. But in the context of unattended college computer lab and classroom machines, we used a product called Deep Freeze that undid any changes on reboot. It supports both Windows and Mac, and whenever we would get a call that someone had installed peer-to-peer software on a classroom machine, we'd just remotely reboot the computer and it'd be gone.

Another option along with the excellent LiveCD suggestions everyone else has.

Answer 8

Using bootcd in Debian, it's easy to create custom LiveDVDs. LiveDVDs can be configured to fully load during boot. With everything in RAM, there's no disk-access lag.

Sensitive data (such as GnuPG keyrings, PKI credentials, virtual machine files, and documents) can be stored in Truecrypt containers. And with no hard disk, there's no risk of writing anything.

There's enough space on standard 4.7 GB DVDs for Debian-family distros with pretty desktops. Using a lighter distro, such as Crunchbang, there's even room for a few virtual machines. However, the entire uncompressed image must fit in half of the machine's RAM. It's best to have at least 8 GB RAM.