Does using a live CD make you more vulnerable to remote attacks?

Potentially, yes. That said, many distributions (e.g. Debian, Ubuntu) run package versions which are extremely out of date (years) with few backported security patches, and most people do just fine. You're also usually only exposed on the network you're immediately connected to, so if you're only using a trusted LAN then it's not so much of a concern.

Personally, if I were particularly paranoid, I'd get hold of a cheap Android tablet and lock it down, and use that as a dedicated banking device. This allows for updates and means you're running a much smaller attack footprint, with less likelihood for compromise (you're not doing general purpose browsing on it) so there's less to worry about.


There is a potential risk in using old versions, but in many cases this risk is less significant than the risk of using reasonably patched system which has all sorts of dubious software installed, and may possibly contain malware. There are of course distributions dedicated for use as a live OS dedicated for doing such things as banking. They are hardened by design and are more secure than most other solutions (e.g. a generic Ubuntu live DVD).

Probably even better thing to do would be installing a Linux distro on a thumb drive and using it solely for banking. Having it installed on writable media allows for updating it (one can even add an update/upgrade command to the boot scripts). This would provide you with a live OS that is fully updated and patched. Keep in mind though that since it allows writing, it can be infected with malware just like your normal OS, and therefore you should not use it for anything but banking.


If you used a LiveCD and never/rarely went out of your way to get a new one, yes it would eventually contain old and buggy software. However, the point of the LiveCD is that there is nothing saved in a nonvolatile way, so even if you do manage to luck out on your "risky click of the day" and the browser downloads some malware, all you have to do is hit the power button and it's gone. Also, given that it's not customizes at all and is only as expensive as a blank cd/dvd, you can easily toss it and get a new version.

RCE exploits (i.e. a bug that allows a remote attacker to execute code and gain control of your system, over the network, at will) are so exceedingly rare that even if you don't refresh your LiveCD more than once a year, you are still quite certain to be safe.

But fear not! If you do lose sleep over the thought of out of date LiveCDs, there is a quite popular process to do the exact same thing (install a limited feature, secure OS) on a thumbdrive which can then be updated on the fly. If you want to take it a step further (and spend a small amount of money) you can even purchase a pre-made one specifically optimized for this purpose (this is not a product endorsement): http://www.zeusgard.com/

Tags:

Linux

Network

Attacks

Related

How secure is "Browser in the Box"? Techniques to detect & mitigate Crypto-ransomware? Advertisement on Skype tried to download a file to my computer using Javascript Challenge/response authentication for garage door opener What's the down side of a dynamic numbered radial keypad? Can a computer virus be stored somewhere else than on the hard drive? How can I safely view the code of a VBA macro? Do the most common ransomware programs delete the original files as they go, or in a big bulk delete at the very end? Benefits of a wildcard vs per-subdomain certificates Are services who offer to pay you a rent for your unused hard disk space a scam, and how do they work? Does HTTP Strict Transport Security (HSTS) make any sense in server to server communication? Would limiting write access to a backup directory help protect it from ransomware?

Recent Posts