- This topic has 8 replies, 5 voices, and was last updated May 30-1:32 pm by olsztyn.
-
Posts
-
christophe
antiX live secure browsing question
This is not your typical secure browsing question. I’ve got an old 32-bit netbook that runs antiX great, and runs ff-esr good (enough) if I keep to lighter sites. I know what the conventional wisdom is, but I’m asking you guys (and gals) — What is my “danger” when web browsing with the following setup?
1. antiX linux live system with only home persistence
(NOTE – planning on using antiX 17 EVEN after end of support, in this manner.)2. latest version of firefox-esr, once end-of-support is reached, keeping this version of ff for as long as the browser & computer work satisfactorilly. (Also using in permanent private browsing mode.)
3. no banking nor online buying on this computer.
4. using a hardware router & ufw.
I’m thinking this setup is a pretty safe way of utilizing this old 32-bit netbook. Even after the OS & browser stop getting updates. What do you all think — and why do you think it?
confirmed antiX frugaler, since 2019
rayluo
I’m currently using a 32-bit old machine (or several of them, for that matter) that “runs antiX great, and runs ff-esr good (enough) …”. Here comes my bullet-by-bullet quick answers.
1. After the initial short stint with home persistence, I’ve settled with root persistence, with manually choose whether-to-persist when I’m about to turn off the machine (and I typically choose “no”). And recently I’ve even switched to use no persistence at all (since I’ve customized my system as an ISO snapshot with all the little tools that I want). The point here, is to minimize/eliminate the possibility of storing any personal data locally. If there is nothing personal/valuable in this local machine’s browser cookies/history or even the entire hard disk, there is nothing to be hacked/stolen/lost. It does mean that, every new day I’d have to re-login to every website that I visited yesterday, but that is a trade-off that I’m willing to accept. Nowadays most websites I use already support social login anyway, except … ahem … antiX forum.
2. Same here. Although, given that I already persist no data across reboot, I do not have to bother using private browsing mode.
3. Again, since each reboot gives me a brand new environment, I do not have to refrain from online shopping or banking. If I want to be sure, I can just reboot, go finish my online shopping without any web surfing (*), and then reboot.
(*) Although in practice, I sometimes could not resist the temptation to go to antiX forum and perhaps answer a question there…
4. I’m not familiar with this topic. No comment.
Xecure
1. After the initial short stint with home persistence, I’ve settled with root persistence, with manually choose whether-to-persist when I’m about to turn off the machine (and I typically choose “no”). And recently I’ve even switched to use no persistence at all (since I’ve customized my system as an ISO snapshot with all the little tools that I want). The point here, is to minimize/eliminate the possibility of storing any personal data locally. If there is nothing personal/valuable in this local machine’s browser cookies/history or even the entire hard disk, there is nothing to be hacked/stolen/lost. It does mean that, every new day I’d have to re-login to every website that I visited yesterday, but that is a trade-off that I’m willing to accept. Nowadays most websites I use already support social login anyway, except … ahem … antiX forum.
I agree 100% this is mostly what I do. I never save passwords. It is a good memory exercise to remember important passwords, or use and algorith that only you know to create them.
I agree with rayluo and use it almost exactly like him, but I do save bookmarks for interesting things. I would add that you can have an extra partition on the USB device so you can mount it (no automount) and save things you download (if needed) or access files, etc.
For people who don’t want to suffer this, they could use firejail with the browser and configure their security options there. I don’t have much experience so I will not comment too much anout it. I think it makes it difficult for the browser to access any other folders except where firejail limits it.
antiX Live system enthusiast.
General Live Boot Parameters for antiX.christophe
Right. I’m in total agreement with you two. Thanks for the feedback.
In particular:
The point here, is to minimize/eliminate the possibility of storing any personal data locally. If there is nothing personal/valuable in this local machine’s browser cookies/history or even the entire hard disk, there is nothing to be hacked/stolen/lost. It does mean that, every new day I’d have to re-login to every website that I visited yesterday, but that is a trade-off that I’m willing to accept.
and:
I never save passwords. It is a good memory exercise to remember important passwords
If anyone / anyone else has anything to add, I’d be happy to hear it.
confirmed antiX frugaler, since 2019
Brian Masinick
1. As soon as you connect to any network there is at least a possibility of a compromise.
2. Old software and browsers increases the chance of an issue.
On the positive side, using removable media improves the chance to keep the intruder from getting information written on your device and possibly lessens the likelihood of being compromised.
People who try to intrude look for what you might call “low hanging fruit”, meaning the easiest systems to get and the least secure ones.
Knowing that, be sure to make decent password protected access. Use two factor authentication ( two or more things to protect your identity ).
It may take a few more seconds to get in but it is worth the trouble and will help to lessen the likelihood that an intruder will target you first.
Look for a good password manager. That can help you make a better password and another layer of protection.
With the added attention to these things, hopefully the older nature of your software can be protected by better than average authentication.
What about Palemoon as a Web browser?
Would it do the job for you instead of Firefox ESR?
Those are my ideas if you want to keep the old equipment working as long as you can.
Other people may have even better ideas.
--
Brian Masinickchristophe
Thank you, Brian. That all makes good sense.
I’m thinking this:
This computer is very old — 32-bit; 2007/8 vintage. With newer OS upgrades, it seems more & more software either doesn’t work as well (as fast), or the programs have dropped 32-bit support.I have a hard time throwing anything away, if it still works!
So. Without having any “personal” information on the machine (no financial things, and no files not backed up), and manually logging in to sites (if I wanna log in, that is), I’m thinking this “disposable” computer could still be of use. antiX 17 is the last that supports 32-bit virtualbox (I use it for windows XP VM — believe it or not, it runs a few pinball sims very well), so I thought I could keep it running a frugal instance that doesn’t ever change (once antiX 17 reaches end-of-support).
As a side comment — I figure if Puppy Linux users can run the whole thing as root (super-user)… I’m thinking my idea is a better solution — with the system locked-down, and no financial data to steal? (Not that Puppy is “lighter,” because I’ve found them to be about equal for old hardware.)
Anyone have (more) thoughts on this thing? Fine idea? Horrible idea? (And tell me why.)
confirmed antiX frugaler, since 2019
Brian Masinick
Puppy Linux is another useful distribution.
We share a few technologies between Puppy and Absolute Linux as well as Debian Linux and MX Linux.
Believe it or not you may be able to use an older Debian kernel and a really minimal set of software to come up with something perfect. I’ve built tiny Debian distributions in the past that are quite similar to antiX. The main difference is that with a custom Debian derivatives you build it yourself from a kernel and base utilities and add only a few other packages.
If you have time and the skill it’s a good way to learn.
--
Brian Masinickrayluo
Speaking of a different Linux distro, back then when I was new to the concept of running a Linux entirely from USB disk, I came across Trusted End Node Security (TENS), formerly known as Lightweight Portable Security (LPS) which is developed by US Military for its personnel (many of them are presumably not IT/Computer/Security experts) to securely access their work network from any computer. The TENS is designed to be used exclusively from a USB (or CD) boot media, and then you get a completely locked-down system – you can not alter the TENS, you can not install any new apps into it – for the sake of security. So, @christophe, at least the model of using a non-alterable OS is not unprecedented.
FWIW, the TENS feels even quite polished and easier to use. For example:
* WiFi connection always works and never drops :->
* Rather than 3×4=12 Windows Manager options, there is only one Windows Manager in TENS, which happens to be using a WindowsXP-like Desktop theme, thus familiar to perhaps more normal users.
* There are not 3 package installers to be confused about “which one shall I use”. (Though in TENS case, there is zero, for its design purpose.)I end up not using TENS due to its zero flexibility, but I still think it does a good job for what it is designed to do, and I keep a TENS-bootable USB disk around for my other family members, just in case.
olsztyn
I end up not using TENS due to its zero flexibility, but I still think it does a good job for what it is designed to do,
I played a lot with TENS in the past and I agree with the merits you outlined. However I too ended up not using TENS for the same reason. It is touted as most secure but much of that security comes not just that security features are built in but also that nothing can be changed, nothing installed, so each time it boots fresh as initial distro.
Just some points to mention:
– I think that with enough security precautions you outlined before, such as turning off storing passwords, firewall, etc. you can configure antiX to be as secure as TENS but more user friendly in terms of some personal configuration.
– Recent versions of TENS are 64 bit only. So this eliminates suitability for 32 bit computer, as in the original post.
– As you outlined, after antiX environment for secure computing is completed, you run with no persistence. It is no longer needed.
– There is no reason to avoid online banking or buying from such secure environment. If being really unsure, you can always fresh reboot before online banking. Malicious changes, should such be introduced, should not survive rebooting to new session if persistence is off.Just a few thoughts…
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters
- You must be logged in to reply to this topic.
