Tag Archives: Security

Linux Live USB Creator

Posted on by

Sometimes it is useful to be able to start a computer not with its installed OS, but with another OS.

  • to clean up and rescue data after virus infestation.
  • to rescue data after crash of the system hard disk.
  • to test an OS.
  • to repartition hard drives.

So, people have developed so-called Linux Live Systems. Formerly, these have been usable from CD – and they still are – if your computer has an optical drive.

>LinuxLive USB Creator

But many newer PCs and Laptops do not have an optical drive. If you want to start such a computer with a live system, you need to put it onto an USB stick.

For this task, the Linux Live USB Creator (Lili) has been created.

Though it has got a terrible transparent/half-transparent UI, it is really easy to use, its documentation is decent and you can easily create a bootable Linux Live USB from e.g. the Avira Rescue System or one of dozens of other Linux distributions.

For the Avira Rescue System you cannot have persistence, so skip step 3. Also you don’t want to start your Avira Rescue System from Windows, and normally you don’t want to hide your files: Unselect all three checkboxes in step 4.

If you want to start a live system directly from Windows, you can select the corresponding option in Lili’s step 4. Then a special version of VirtualBox will be put onto the stick and you can run your live system inside VirtualBox.

Troubles With Booting the PC From USB Stick

To make your PC willing to boot from the created USB stick, you probably have to change some BIOS settings. You can reach the BIOS settings by pressing one of the keys Del, Esc, F1, F2, F8, F12 during boot. It is different from PC to PC. Many PCs write a short notice onto the screen during boot which key to press. But also some don’t and with some the text disappears too fast to read it so you have to guess.

If you’ve got a PC with UEFI BIOS, you probably have to enable the Compatibility Support Module (CSM) and/or disable Secure Boot.
You still might get problems: PCs with UEFI BIOS often use the GPT partitioning scheme for their hard drive and many live systems cannot cope with the GPT partitioning scheme.

Avira Rescue CD: Very Valuable

Posted on by
>Avira Rescue 2-2

In the 03/2014 issue of the german computer magazine com! there has been the very helpful Avira Rescue DVD.

The DVD contains a bootable system with

  • an Ubuntu version as OS
  • the Avira Rescue System including a virus scanner. If an internet connection is available, the virus scanner downloads the latest virus signatures.
  • A Team Viewer client. You get to the Team Viewer client via the second tab Support in the Avira Rescue System. See image below.
  • The Avira registry editor. You can start it via the third tab Tools in the Avira Rescue System.
  • Firefox, may be well used for research
  • Gparted, a partition editor
  • A manual
  • The Linux Live USB Creator
>Avira Rescue 1

And the best: the DVD also contains an iso image of a CD which contains nearly all the stuff mentioned above. You can download the rescue iso image and the manual directly from Avira.

Of course, you can put the iso image to an USB stick to make a bootable USB rescue stick, too. The com! DVD contains the Linux Live USB Creator to do this.

The rescue system does work on Win 7 PCs and Laptops and Win 8 PCs, but not on Win 8 Laptops.

Further Tools

>Avira Rescue 3

The base of the rescue system is a trimmed Ubuntu and it contains a lot of the things usuallay present there. Some of these tools can be started directly from Ubuntu’s Unity launcher on the left. From top to bottom, the start menu is preconfigured with these entries:

  • Unity Dash
  • Avira Rescue System
  • Firefox
  • Home, a file browser
  • GParted
  • Terminal

But there are more tools available, like

  • a screenshot tool
  • an image viewer
  • a pdf viewer
  • Midnight Commander

How to start these further tools:

  1. Click onto the topmost icon in the start screen, Dash. This will open a window containing the last used programs.
  2. Here, click onto the second icon at the bottom which looks like a ruler besides a pencil besides a pen.
  3. In the next view, click onto Show 45 more results somewhere in the middle of the screen.
  4. Now you’ll see all the installed tools.

Where is my C: drive?

In the running file browser or other tools, you can find your C: drive under File System/target/C:.

What do you use as a rescue tool?

VirusTotal

Posted on by
>VirusTotalUploader

As you can see from my posts about password managers, I’m a bit paranoid with the internet.

One virus checker is not enough for me. Indeed, I let VirusTotal check every executable I download from the internet. VirusTotal uses 50 or so virus scanners and scans your file with all of them. You can upload files with a size of up to 64 MB.
It should be safer to let VirusTotal check your downloads than to trust your single anti virus software.

If we can trust VirusTotal, that is.

What is even better than using VirusTotal by uploading files to their web page is to install the VirusTotal Uploader on your PC.

The uploader has these advantages:

  • You get a popup menu entry Send to > VirusTotal.
  • Often, the uploader is much faster.
    Because before uploading the file, the uploader calculates a hash from the file and asks at home if this file has already been analyzed. If yes, your file needs not to be uploaded and not to be analyzed. The uploader then just shows the result. This is very often the case and saves you a lot of time when you don’t have a fast uplink.

The only disadvantage of the uploader: It can upload only files up to 32 MB.

The picture below shows a VirusTotal result page.

>VirusTotal Results

Personal Backup Scripting Example

Posted on by

I’m using Personal Backup by Dr. Rathlev as my backup tool. It’s name is a bit misleading, because you could think that it is only allowed to use it as a private person. But no – its current license says it may be used also by any club, organization or even private companys for free.

It is easy to create backup tasks with Personal Backup. But a backup task does not run automatically. And I have to say, it is not easy to create backups that run automatically with this program. The UI of the part of the program which deals with creating automatically running backup tasks is near incomprehensible – even when you read the docs.

What compensates this deficit is that Personal Backup has a perfect command line interface with a good docmentation. So it is very well suited for being scripted.

I control my backups with some tclkit scripts. As you might know, I do use tclkit for many tasks.

The script below creates a full backup in every uneven month (Jan, Mar, May, …) and in between it creates an incremental backup daily. It needs a fitting Personal Backup task file Backup-Task-All.buj.

To trigger the script daily, I use the Windows Task Planner.

The directory structure of the created backups looks like this:

G:/Backup/2014/BD01F   # A full backup created on March 1st in 2014
G:/Backup/2014/BD22I   # An incremental backup created on March 22nd
.....
G:/Backup/2014/BD21I   # An incremental backup from September 21st 

#
#  This script steers the backups that I do with Pesonal Backup.
#
# To adapt the script, just set the following variables taskName,
# rootdir and personalBackupExe to your liking. 

# The name of the backup task in PB
set taskName Backup-Task-All

# The name of the target root directory.  This must be the same as 
# in the Backup-Task mentioned above.
set rootdir G:/Backup

# Full path to the Personal Backup executable
set personalBackupExe "C:/Program Files/Personal Backup 5/Persbackup.exe"

#console show

puts "BackupSteer.tcl  (c) A.J.W 2014"

set rootdrive [string tolower [string range $rootdir 0 0]]
set seconds [clock seconds]
set yearMonth [clock format $seconds -format {%Y/%m}]
# the name of the basedir of the backup of today. E.g  G:/Backup/2014/09
set basedir [file join $rootdir $yearMonth]

puts "    basedir=$basedir"
puts "    taskName=$taskName"

# Return 1 if it's an even month, 0 if not.  
proc isEvenMonth { seconds } {
    set month [clock format $seconds -format {%m}]
    if { [string range $month 0 0] == 0 } {
        set month [string range $month 1 1]
    }
    set even [expr $month % 2 == 0] 
    return $even 
}

# Return a list of all connected drives. 
proc drives {} {
    foreach drive [list a b c d e f g h i j k l m n o p q r s t u v x y z] {
        if {[catch {file stat ${drive}: dummy}] == 0} {
            lappend drives $drive
        }
    }
    return $drives
}

proc doBackup {} {
    global  taskName  seconds yearMonth basedir  personalBackupExe 

    set relativeDirForFullBackup BD01F
    set pathForFullBackup [file join $basedir $relativeDirForFullBackup]
    puts "    pathForFullBackup=$pathForFullBackup"

    # if full backup for this month already exists or we have an even month
    if { [file isdirectory $pathForFullBackup] || [isEvenMonth $seconds] } {
        # only do an incremental backup
        set mode incr
        set day [clock format $seconds -format {%d}]
        set relDir BD$day
        append relDir I
        set pathForIncrBackup [file join $basedir $relDir]
        puts "    pathForIncrBackup=$pathForIncrBackup"

        if [file isdirectory $pathForIncrBackup] {
            set mode none
        }

    } else {
        # do a full  backup
        set mode full
        set relDir $relativeDirForFullBackup
    }

    puts "    mode=$mode"
    puts "    relDir=$relDir"

    if { $mode != "none" } {
        puts "    Running backup like this:"
        puts "    $personalBackupExe $taskName /force /hide /mode:$mode /prompt:delay  /backupdir:$relDir & "
        # If I do not add the & at the end, Persbackup hangs. 
        exec $personalBackupExe $taskName /force /hide /mode:$mode /prompt:delay  /backupdir:$relDir &
        puts "     Backup running." 
    } else {
        puts "    Nothing to do."
    }
}

if { [lsearch [drives] $rootdrive] == -1 } {
    bell; bell; bell
    set a "The daily backup is about to be done. "
    append a "Please connect the backup drive, make it "
    append a  "available as network drive $rootdrive: and click Ok."

    message .m  -textvariable a -width 250
    # strange, the width of the button is in another dimension than that of the message. 
    button .hello  -text "Ok" -command { 
            if { [lsearch [drives] $rootdrive] != -1 } { doBackup; exit } else { bell }
        } -default active -width 15

    bind .  {.hello invoke}

    pack  .m .hello -padx 5 -pady 5

    wm deiconify .
} else {
    doBackup
    exit
}

Twelve Commandments for Internet Security

Posted on by

A reader asked in a comment to my post about unsafe password managers:

So, what is the solution?

It is a good question and prompted me to write this answer.

My Recommendations With Regards to ‘Evil Password Managers’

  1. Always keep in mind that the internet is dangerous and there is no security available and never will be. Because:
    All technical solutions to safety, secrecy and security are for phishers, gangsters and secret services what is sh*t for flies.

  2. Distribute your money between several bank accounts at different banks. So if one account is hacked, you will still keep a big part of your money.

  3. For bank accounts, keep a unique password or -phrase for every one which does not resemble any of the others.

  4. If you cannot keep these in mind, write them down onto a sheet of paper.

  5. Write them down with a simple encryption which you can remember and calculate easily in your head. So in the rare case that somebody finds it by chance, he still cannot take your money.

  6. Hide this sheet of paper somewhere in your home. Maybe glue it into a book or the like.

  7. Use an extra computer for doing banking related stuff. Use this computer for nothing else. Do not surf the web or read mails or watch %/*%/@&* on this computer.

  8. Keep it switched off all the time when you don’t need it.

  9. Run an obscure and seldom used operating system on the extra banking computer.

  10. For all medium important stuff – non-banking and not really important but quite annoying if hacked – build a base password or passphrase. Modify this slightly for every of these accounts.

  11. For all fun stuff – accounts where you could live well with them being hacked – use one and the same simple password for all of them.

  12. If I needed to do communication that must stay secret under all circumstances – for example being a freedom fighter in a state run by criminals – I would not use the internet or a phone or any technical thing at all. I would do extremely delicate communication only face to face in real life.

I can not claim that my methods are safe. Because – see point number one above – nothing can ever be safe.

But in my view, my methods are much much safer than using any kind of password manager or things like TOR or encryption algorithms which I do not understand.

What do you think about my solutions to evil password managers? Do you have better ideas? I’d love to hear your opinions.