Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Design the perfect hardware for accessing the internet


  • Please log in to reply
34 replies to this topic

#1 palerider2

palerider2

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 AM

Posted 13 May 2014 - 02:44 AM

I guess this thread is inspired partly by the current outrageous ransomware epidemic. Apologies in advance if a similar thread exists - I didn't find it.
 
First a bit of history - I used to have a single PC. On it was my personal stuff and I also used the PC to browse the internet and to access an email service. Then, a few years back, I had a bad experience which showed me how unsafe the internet is. My personal data was placed at risk, though not as badly as with ransomware.
 
But from that moment I always kept my personal stuff on a PC that never connects to the internet.
 
So what is the ideal hardware that you would use to access the internet ? How about a PC with no hard drive, plenty of RAM and a browser that loaded from ROM ? Every time you switch it off you guarantee that it's clean.
 
But you can't download anything useful to put on your regular PC, so it's pretty limited. To fix that, how about a flash drive that's not removable and its contents are wiped on every boot ? Maybe you could transfer files to anther removable medium.
 
People will have their own ideas about this and you're welcome to chip in and improve on what I've suggested. The final challenge is then to make it so that this ficticious machine can be implemented in a virtual environment on a real PC.
 
Food for thought in these outrageous times ... ?
 


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:43 PM

Posted 13 May 2014 - 05:18 AM

....How about a PC with no hard drive, plenty of RAM and a browser that loaded from ROM ? Every time you switch it off you guarantee that it's clean.

How would you access your operating system without a hard drive?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Winterland

Winterland

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:10:43 AM

Posted 13 May 2014 - 06:58 AM

Hey there palerider2.

 

Based on what you've outlined, I would think you could do (most) of what you want by running Puppy Linux from a USB stick.

 

If you did want to download / save anything during your browsing session, you could save it to the USB stick.

 

Just a thought.

 

Be curious to see what the others say.

 

Winterland

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#4 Blue_Two

Blue_Two

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 13 May 2014 - 02:59 PM

I would be inclined to go with a Linux Live CD. Plenty of options at distrowatch. Is there a reason to use USB instead of CD?



#5 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 AM

Posted 13 May 2014 - 04:39 PM

 

....How about a PC with no hard drive, plenty of RAM and a browser that loaded from ROM ? Every time you switch it off you guarantee that it's clean.

How would you access your operating system without a hard drive?

 

 

My thought was that everything required to allow the browser to function would be in the ROM. So, being completely accurate, the ROM would contain more than the browser.

 

I would be inclined to go with a Linux Live CD. Plenty of options at distrowatch. Is there a reason to use USB instead of CD?

 

The unremovable flash drive was intended to provide a way to store downloaded data if you haven't yet plugged in your removable medium (whatever that would be)..

 

It's interesting that booting from Linux has been mentioned. However, would that be done in a regular PC, with a hard drive ? And if yes, does that method protect the PC's hard drive from getting a malware infection ? Maybe the same thing running a sandbox application would do it.

 

Thanks for the replies so far.



#6 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 AM

Posted 13 May 2014 - 04:52 PM

Hey there palerider2.

 

Based on what you've outlined, I would think you could do (most) of what you want by running Puppy Linux from a USB stick.

 

If you did want to download / save anything during your browsing session, you could save it to the USB stick.

 

Just a thought.

 

Be curious to see what the others say.

 

Winterland

 

 

Hey Virginian !

(I remember watching that show as a kid :) )

 

I didn't really go into detail but my thought was that any permanently connected storage would be at risk of being infected.

 

But I'm sure something could evolve from your starting point.

 

I suggested a removable medium to take data off this machine but it would need some kind of protection. If anybody has used sandboxie you'll know that you are in control of what is allowed to get out of the sandbox. 

 

Thanks for replying.



#7 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 AM

Posted 13 May 2014 - 05:56 PM

 
I just found the article, above. It describes Linux running in a virtual machine, inside windows. The Linux o/s has a Firefox browser.
 
With that arrangement, if you can download a file and, later on, extract it from the virtual machine, then that meets most of the stated requirements. But not all - the Linux o/s could still get infected and the operator wouldn't necessarily know about the infection.
 
The perfect hardware would guarantee that it was clean every time it was powered down and the RAM was allowed to clear.
 
I've got a vague recollection that a machine such as this was announced (as a concept) about 20 years ago, by one of the big industry players. I can't remember what they called it though, so it's hard to check. Obviously it didn't catch on at the time but, there again, the internet was a relatively safe place back then.
 


#8 Winterland

Winterland

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:10:43 AM

Posted 14 May 2014 - 05:06 AM

@Blue_Two - the only reason I spoke of the USB was that the OP was looking for some where to store/save anything he might have downloaded during his browsing session.

 

@palerider2 - a VM running Linux is certainly a fairly safe way to try this idea out. I've currently got two Linux distros (Mint and Ubuntu) set up in my machine (VirtualBox) and use them from time to time when I feel like being a little reckless out on the old Internet.

 

With regards to the link you posted, I had an easier time tweaking / setting up VirtualBox rather than VMware, although please note that this simply is personal preference, not one based on which one runs "better" which will depend a lot on your machine - YMMV, as them kids say.

 

 

I also feel obligated to remind you that if this is really what you're looking for: "The perfect hardware would guarantee that it was clean every time it was powered down and the RAM was allowed to clear." you may want to consider looking into something like Deep Freeze or something akin to that. I believe there are some free variants of that type of program out there...haven't used them though.

 

Hope that helps and thanks for the post.

 

Winterland

 

 

 

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#9 laszlo42

laszlo42

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:43 PM

Posted 14 May 2014 - 10:24 AM

VMs are nice, but you have to keep in mind that there is still some minor risk of malware escaping out of it. And as soon as you use removable storage you need to be careful too.

#10 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 AM

Posted 14 May 2014 - 08:01 PM

Thanks Winterland, I'd forgotten about DeepFreeze. And I subsequently found similar options described here:
 
Just a question on System Restore. I've never bothered to learn (so far) which files get modified during a Restore and I'm fairly sure that it's not a trivial answer. I always thought that the Registry would be fully restored and all the files associated with boot up. Please feel free to comment on that. But, if so, does this mean that a System Restore will always eliminate malware that has infected the O/S. Malware which infects the user's files (which are not normally restored AFAIK) would clearly persist and be ready to infect any time in the future.
 
And would a system restore overcome a rootkit ? (I guess most rootkits would only *pretend* to allow a system restore to run. So I've probably answered that one.)
 
My original question now has several solutions that are quite different from each other. I was originally thinking of a relatively dumb PC with a browser. On that, I never really thought the hardware would be implemented by anyone but then there are Internet-ready TVs.
 
If you have WiFi in the home, the TV can be used for browsing. I haven't done this yet - can anyone provide a brief overview of what you can and can't do with this arrangement ?
 
Has a malware been created that infects a TV ?  >:o


#11 Blue_Two

Blue_Two

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 15 May 2014 - 10:09 AM

Most of the Internet ready TVs run Android. The Android versions are limited (crippled). I had a Logitech Google TV box that had a Chrome version. Flash was in firmware, and could not be updated. Not good. The Vizio does not have a browser. You can install some apps (Netflix), but the OS is locked down. My Sony BlueRay has an Opera browser, does not support Flash, and is limited to Sony apps. My experience so far has not been good.



#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 20 May 2014 - 06:00 PM

The downside of ROM to store your OS and program files (like browser),
is that it can not be written to for updates.
So you would end up with a machine with vulnerable software that can not be patched.

In stead of using ROM, you could use a HD with a hardware write blocker.

Edited by Didier Stevens, 20 May 2014 - 06:00 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 20 May 2014 - 06:03 PM

hardware write blockers: http://en.wikipedia.org/wiki/Forensic_disk_controller

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 AM

Posted 23 May 2014 - 02:44 AM

Most of the Internet ready TVs run Android. The Android versions are limited (crippled). I had a Logitech Google TV box that had a Chrome version. Flash was in firmware, and could not be updated. Not good. The Vizio does not have a browser. You can install some apps (Netflix), but the OS is locked down. My Sony BlueRay has an Opera browser, does not support Flash, and is limited to Sony apps. My experience so far has not been good.

 

Thanks for those comments. Agree with you that it doesn't stack up too well against PC-based solutions, depending upon what you use the PC for.

 

On the other hand these devices seem very secure.

 

Imagine if that Internet component of the TV was emulated in a PC, so it had a locked down OS. Then as Didier usefully suggested, there could be a switch to unlock the firmware. You'd need to be sure that you didn't accidently flash malware into the O/S.

 

On the other hand, most of the time you don't want to modify the OS of your PC yet it's just sitting there open to attack. A better balance seems to be needed.

 

I'm a big fan of Sandboxie. That stopped me having to rebuild my PC on a daily basis. And I do mean I was doing it daily - just being hacked constantly. A real eye-opener.



#15 Blue_Two

Blue_Two

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 23 May 2014 - 02:07 PM

The downside of ROM to store your OS and program files (like browser),
is that it can not be written to for updates.
So you would end up with a machine with vulnerable software that can not be patched.

In stead of using ROM, you could use a HD with a hardware write blocker.

 

The Live CD/DVD option allows OS updates. Just download the current version, and burn a new disk!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users