Knoppix & security

**ifred** · 09-18-2003, 12:13 AM

Hey, when using CD based distros such as Knoppix or Morphix is it the case that you leave less usage tracks on your machine than with an OS that runs off the hard drive? While your IP will still get logged on sites you visit there should be no way (at least by default) for the machine to save any cached sites, cookies or history files. Is this in fact the case or is there some way that these artifacts of web surfing end up persistently on your machine? If these artifacts don't get stored it should make it more difficult for spyware, malware and other usage trackers to maintain a long term presence on your machine. Any thoughts on this?

**demian** · 09-18-2003, 12:35 AM

Well, sure, if you run Knoppix off the CD everything happens in the RAM (physical RAM, not swap space on the HDD) so once you switch off the box it's all gone.

Spyware? I wouldn't worry about that. I don't know about any piece of software that's loaded with spyware in Linux.

However, running off a read-only medium indeed is a great security measure. For the network I maintain at work we have the firewall run off a write protected usb stick (we used to use CD-RWs but then you had to burn the CD all over again when you wanted to change a single config line). Log files are send to a remote log host, the only user's home dir is on a ram disk (this probably isn't neccessary but makes it easier to install updates and stuff). This greatly enhances security cause nobody can do things like install rootkits or trojan horses. You can still manipulate things in the cache (iptables rules for instance) but you can be 100% sure that after a reboot the system is in exactly the state you configured it.

**gorn** · 09-18-2003, 12:38 AM

depends on how paranoid you are.

the cache is not being stored on the hard drive (unless you mount the hard drive) but if say you have swap space on the hard drive it'd be stored there, and the ram it needs to be stored in, what if someone recovers it from the ram?

realisticly you can't recover it from the ram though, the ram is pretty much emptied after you shutdown.

as for spyware, there isn't much for linux to begin with, but yes after booting off a cd you get a fresh start every time you boot, so you don't need to worry about screwing up your system because just a reboot will bring it back to the old state

**ifred** · 09-20-2003, 08:46 PM

Thanks for the replies guys. When I was thinking about protection from spyware/malware I was thinking of a situation where you might have a windows box for games, or other OS specific applications, that you did not want to put onto the internet (or double boot). Running a CD based distro seems to be a good way to enjoy safer surfing in a situation, such as the one outlined above, in a relatively convenient manner.