Linux Live USB Creator

Sometimes it is useful to be able to start a computer not with its installed OS, but with another OS.

  • to clean up and rescue data after virus infestation.
  • to rescue data after crash of the system hard disk.
  • to test an OS.
  • to repartition hard drives.

So, people have developed so-called Linux Live Systems. Formerly, these have been usable from CD – and they still are – if your computer has an optical drive.

LinuxLive USB CreatorBut many newer PCs and Laptops do not have an optical drive. If you want to start such a computer with a live system, you need to put it onto an USB stick.

For this task, the Linux Live USB Creator (Lili) has been created.

Though it has got a terrible transparent/half-transparent UI, it is really easy to use, its documentation is decent and you can easily create a bootable Linux Live USB from e.g. the Avira Rescue System or one of dozens of other Linux distributions.

For the Avira Rescue System you cannot have persistence, so skip step 3. Also you don’t want to start your Avira Rescue System from Windows, and normally you don’t want to hide your files: Unselect all three checkboxes in step 4.

If you want to start a live system directly from Windows, you can select the corresponding option in Lili’s step 4. Then a special version of VirtualBox will be put onto the stick and you can run your live system inside VirtualBox.

Troubles With Booting the PC From USB Stick

To make your PC willing to boot from the created USB stick, you probably have to change some BIOS settings. You can reach the BIOS settings by pressing one of the keys Del, Esc, F1, F2, F8, F12 during boot. It is different from PC to PC. Many PCs write a short notice onto the screen during boot which key to press. But also some don’t and with some the text disappears too fast to read it so you have to guess.

If you’ve got a PC with UEFI BIOS, you probably have to enable the Compatibility Support Module (CSM) and/or disable Secure Boot.
You still might get problems: PCs with UEFI BIOS often use the GPT partitioning scheme for their hard drive and many live systems cannot cope with the GPT partitioning scheme.

Avira Rescue CD: Very Valuable

Avira Rescue 2-2In the 03/2014 issue of the german computer magazine com! there has been the very helpful Avira Rescue DVD.

The DVD contains a bootable system with

  • an Ubuntu version as OS
  • the Avira Rescue System including a virus scanner. If an internet connection is available, the virus scanner downloads the latest virus signatures.
  • A Team Viewer client. You get to the Team Viewer client via the second tab Support in the Avira Rescue System. See image below.
  • The Avira registry editor. You can start it via the third tab Tools in the Avira Rescue System.
  • Firefox, may be well used for research
  • Gparted, a partition editor
  • A manual
  • The Linux Live USB Creator

Avira Rescue 1

And the best: the DVD also contains an iso image of a CD which contains nearly all the stuff mentioned above. You can download the rescue iso image and the manual directly from Avira.

Of course, you can put the iso image to an USB stick to make a bootable USB rescue stick, too. The com! DVD contains the Linux Live USB Creator to do this.

The rescue system does work on Win 7 PCs and Laptops and Win 8 PCs, but not on Win 8 Laptops.

Further Tools

Avira Rescue 3The base of the rescue system is a trimmed Ubuntu and it contains a lot of the things usuallay present there. Some of these tools can be started directly from Ubuntu’s Unity launcher on the left. From top to bottom, the start menu is preconfigured with these entries:

  • Unity Dash
  • Avira Rescue System
  • Firefox
  • Home, a file browser
  • GParted
  • Terminal

But there are more tools available, like

  • a screenshot tool
  • an image viewer
  • a pdf viewer
  • Midnight Commander

How to start these further tools:
1. Click onto the topmost icon in the start screen, Dash. This will open a window containing the last used programs.
2. Here, click onto the second icon at the bottom which looks like a ruler besides a pencil besides a pen.
3. In the next view, click onto Show 45 more results somewhere in the middle of the screen.
4. Now you’ll see all the installed tools.

Where is my C: drive?

In the running file browser or other tools, you can find your C: drive under File System/target/C:.

What do you use as a rescue tool?

Disable Capslock

The capslock key is not only unnecessary, it is harmful. I estimate it has cost millions of hours of productive working time since the advent of personal computers.

But it is easy to disable it completely on a Windows PC. Just download and unzip the attached DisableCapsLock.zip and execute the contained DisableCapsLock.reg file. Done. If not done, restart your computer.

Twelve Commandments for Internet Security

A reader asked in a comment to my post about unsafe password managers:

So, what is the solution?

It is a good question and prompted me to write this answer.

My Recommendations With Regards to ‘Evil Password Managers’

  1. Always keep in mind that the internet is dangerous and there is no security available and never will be. Because:
    All technical solutions to safety, secrecy and security are for phishers, gangsters and secret services what is sh*t for flies.

  2. Distribute your money between several bank accounts at different banks. So if one account is hacked, you will still keep a big part of your money.

  3. For bank accounts, keep a unique password or -phrase for every one which does not resemble any of the others.

  4. If you cannot keep these in mind, write them down onto a sheet of paper.

  5. Write them down with a simple encryption which you can remember and calculate easily in your head. So in the rare case that somebody finds it by chance, he still cannot take your money.

  6. Hide this sheet of paper somewhere in your home. Maybe glue it into a book or the like.

  7. Use an extra computer for doing banking related stuff. Use this computer for nothing else. Do not surf the web or read mails or watch %/*%/@&* on this computer.

  8. Keep it switched off all the time when you don’t need it.

  9. Run an obscure and seldom used operating system on the extra banking computer.

  10. For all medium important stuff – non-banking and not really important but quite annoying if hacked – build a base password or passphrase. Modify this slightly for every of these accounts.

  11. For all fun stuff – accounts where you could live well with them being hacked – use one and the same simple password for all of them.

  12. If I needed to do communication that must stay secret under all circumstances – for example being a freedom fighter in a state run by criminals – I would not use the internet or a phone or any technical thing at all. I would do extremely delicate communication only face to face in real life.

I can not claim that my methods are safe. Because – see point number one above – nothing can ever be safe.

But in my view, my methods are much much safer than using any kind of password manager or things like TOR or encryption algorithms which I do not understand.

What do you think about my solutions to evil password managers? Do you have better ideas? I’d love to hear your opinions.

Why Password Managers Are Not Safe

Why Password Managers Aren’t Safe – And Won’t Ever Be

Lately a paper by Zhiwei Li, Warren He, Devdatta Akhawe und Dawn Song from the University of Berkeley has been published which is called The Emperor’s New Password Manager. It reveals that

…in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites.

and later in the paper they write

We found critical vulnerabilities in all the password managers and in four password managers, an attacker could steal arbitrary credentials from a user’s account.

I’m not surprised; not at all. IMHO, which I have had since password managers have been invented is: Password managers are evil and cannot ever be really fixed.

Why Password Managers Can’t Be Fixed

There are two main problems with password managers:
1. Nobody is trustworthy.
2. Password managers are for phishers and secret services what is sh*t for flies.

Let me explain. Of course,

You can trust any given password manager maximally as much as you can trust the provider of the password manager.

And all providers are untrustworthy because everybody on the net is untrustworthy. Especially when it comes to password managers.

Even if there would be company XYZ which you trusted fully, how do you make sure that the password manager you download from company XYZ is really the password manager from XYZ? You can bet that there exist a lot of hacked versions on the net.

Not trusting the identity of anybody is common sense these days. But aside of this, there are other problems…

Basically there are three possible types of password managers. Each of them is untrustworthy per se, even without identity theft.

A Commercial Company’s Closed Source Password Manager

  1. You can bet that the NSA has built backdoors into it.
  2. And there is a secret law that forbids that the company talks about the backdoors.
  3. Other secret services are very much trying to find out the backdoors or to put spies into the company to be able to introduce their own backdoors.

An Open Source Password Manager

  1. The NSA has built backdoors into it.
  2. Other secret services have built backdoors into it.
  3. Some bright phisher has built backdoors into it.
  4. With many eyes, all bugs are shallow, you say. Heartbleed I say. Oh, and Shellshock, of course.

A Password Manager Built by Yourself

This is a site for developers, so building your own password manager may seem like an option. At least, you will be sure that nobody builds backdoors into it.

But are you really savvy of security related programming stuff? I don’t know any programmer who really is. Maybe there are those. Surely there are those. Probably most of them work for the secret services of the world or are gangsters. 😉

If you are one of the really security savvy developers in the world, maybe you can build your own flawless password manager.

But before you start…. answer these questions for yourself:

  • How many bugs have you produced already in your career?
    Yes, estimate a number.
  • With this number in mind, how much do you trust yourself?

Of course, even in spite of the bugs in your own password manager, it will be much more secure than all the others: because nobody knows that it exists, nobody tries to hack it.

US-CERT

The US-CERT stated in a paper (cited from Li et al’s paper)

[A Password Manager] is one of the best ways to keep track of each unique password or passphrase that you have created for your various online accounts without writing them down on a piece of paper and risking that others will see them.

Li et al’s view

While idealized password managers provide a lot of advantages, implementation flaws can negate all the advantages of an idealized
password manager …

My view:

Password managers are flawed and cannot ever be fixed.
I won’t ever trust one.

I’ve also written about a kind of a solution to the ‘Evil Password Managers’ problem.