Results 1 to 11 of 11
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post

    Lightbulb Flashdrive-hosted Windows for safer malware removal

    Booting Windows from a write-protected flash drive, rather than booting normally, should bypass all infected files on a suspect machine. From that Flash-based instance of Windows, anti-malware applications can be run against a possibly infected computer.

    Since the smarter malware may attempt to neuter all installed AV applications on the host volume, only a flash-drive with a manual write-protect switch assures complete safety from infection.

    1. Does anyone have a "best practices" recommendation for creating a flash-drive hosted READ-ONLY Windows installation?


    2. Does this approach allow full use of anti-malware applications? Are there any limitations?

    Your links and references are appreciated, as well as your viewpoint on this question-- is the write-only flash drive practical for anti-malware operations?

  2. #2
    WS Lounge VIP Calimanco's Avatar
    Join Date
    Dec 2009
    Location
    UK
    Posts
    718
    Thanks
    1
    Thanked 144 Times in 130 Posts

  3. The Following 2 Users Say Thank You to Calimanco For This Useful Post:

    camachousa (2015-04-28),voxov (2015-04-21)

  4. #3
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    ...and a few more: http://pcsupport.about.com/od/system...s-software.htm

    Remember that effective prevention and recent back-ups are always far superior to remediation.
    Last edited by 1PW; 2015-03-16 at 14:05.
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

  5. #4
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post

    Thanks! to Calimanco

    Quote Originally Posted by Calimanco View Post
    I may be late to the party but the party continues at full blast, apparently.

    Prior to my question, I never had been forced to consider using a flash drive, but the material sent promises to be useful.
    Last edited by alphaa10; 2015-03-16 at 17:17.

  6. #5
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post

    Thanks! to IPW

    You can rest assured I believe in prevention and proactivity over damage control, any day. The problem is my customers seldom do.

    Thanks for the links!

  7. #6
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    Heck, install a panopoly of OS images, and rescue / malware tools onboard a bootable drive:

    http://www.fosshub.com/UNetbootin.html

    http://www.pendrivelinux.com/

  8. The Following User Says Thank You to Fascist Nation For This Useful Post:

    alphaa10 (2015-03-17)

  9. #7
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Fosshub is an interesting site, and I very much like its opposition to spam and bundling. Although a few sites claim to oppose bundleware, most quietly profit from it-- only Fosshub appears scrupulously honest on that point.

    Your reference to UNetbootin seems to be exactly what I need, and the application works on many USB devices running Windows, as I had hoped.

    The idea of running a security scan from a read-only flash drive appealed early, and plenty of references provide a means to put applications and operating systems on a flash drive. However, my doubts began when I found there are limitations, and even risks to the use of flash drive hardware to run an instance of Windows on a regular basis.

    So, I have chosen what appears to be the more direct solution for Windows work, using a bootable external USB hard drive, made read-only. That will not work when the suspect machine has no USB boot device option, but such computers are increasingly a minority. For those and especially for "hard cases", a simple CD should be enough.

    Despite my concern about running Windows regularly from a flash drive, your PenDriveLinux reference may persuade me to run many of my field applications from a Linux-based flash drive, since I am already moving as quickly as possible into Linux.
    Last edited by alphaa10; 2015-03-17 at 20:58.

  10. #8
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    664
    Thanks
    1
    Thanked 26 Times in 24 Posts
    Been using hiren's CD for years. In the past, I've saved more then a few PCs using hiren's CD.

  11. #9
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,367
    Thanks
    233
    Thanked 147 Times in 136 Posts
    Perhaps Windows FE might be of interest to you. I have not read much on the site but I have intentions.....

    https://winfe.wordpress.com/2014/11/...ates-to-winfe/

    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  12. #10
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    557
    Thanks
    51
    Thanked 68 Times in 66 Posts
    Microsoft has a system specifically created to support Windows on flash devices. It's called Windows To Go.

    From what I've been able to find out, WinToGo is only supported for Windows Enterprise licenses. The documentation for this system is a bit hard to find too. I believe that the issue is that WinToGo could be a vector for pirating copies of Windows, so Microsoft limits it's availability.

    http://social.technet.microsoft.com/...p-by-step.aspx


    The result is that most people switch to Linux for this job. There are some pretty good Linux repair/recovery systems out there and the fact that the OS and toolset is already built for you is very attractive.

    By the way, you don't need a write protected flash drive to protect you against infected software on a computer (unless you are foolish enough to run any software on the infected system). The write protection is only necessary to protect the flash drive from infection by hardware based malware. Once you boot from a clean flash device then all the software on the infected system is dormant.

    Infected hardware is a tough problem. Rare in my opinion, and I'm skeptical of standard efforts to defeat it. For instance the best known hardware malware is the keylogger. However a write protected flash drive does not stop a keylogger from doing it's thing, which is usually to gather your passwords. It's also tough to design a complete repair system (OS and applications) that runs properly in a pure, write-protected environment. It can be done of course, it just isn't the normal design target for most software.

    There is, fortunately, just such a system. Knoppix is a long-standing and highly thought of system. Just know that Knoppix wasn't primarily designed as a repair and recovery distro. It can be used as such but that's not it's main focus.

    http://www.knoppix.org/


    Protip: The originator and maintainer of the Knoppix distro is German, so sometimes the language defaults to German. Just select English (or your preferred language) when given the chance.

  13. #11
    Star Lounger
    Join Date
    Dec 2009
    Location
    Syracuse, NY USA
    Posts
    50
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Knoppix dd backup of infected systems, restarting from a fully configured system backup

    Quote Originally Posted by BHarder;995382

    ... Knoppix is a long-standing and highly thought of system. Just know that Knoppix wasn't primarily designed as a repair and recovery (Linux) distro. It can be used as such but that's not it's main focus.

    [URL
    http://www.knoppix.org/[/URL]
    Knoppix has saved me many hours of recovery time.

    If you use a CD/DVD to boot Knoppix, the hard drives are not modified unless you use a tool to do so: everything comes from the CD/DVD and a ram disk used for temporary system storage.

    Before I start tinkering with recovery, I do a dd backup of the infected system to an ISO file so that at worst case I can go back to the initial condition. Other image backup tools can serve the same purpose.

    In addition to running malware scans, I also use the "dd" command to make backups of entire partitions to a ISO file (usually placed on my external multiTB hard drive). If I need to "start from scratch" my "scratch" is restoring a previous backup of a configured working system, adding Windows and applications updates, and any new favorite software or updated files, and making an image copy for the starting point next time. One of the reasons for backing up the infected system before wiping it out is that you may find something that is not included in your backup routine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •