# Which is the most secure LiveCD?



## kkid106 (Sep 21, 2011)

I am currently looking for a LiveCD to use when shopping online so that I can be almost 100% sure of there being no malware running when doing so.

I have been researching multiple distros and have found the following which look the best, which would you say is safest FOR ONLINE SHOPPING/BANKING?

https://tails.boum.org/about/index.en.html#index3h1
Anonym.OS LiveCD | Free software downloads at SourceForge.net
https://www.privacy-cd.org/en/features-mainmenu-35
Software Protection Initiative - SPI Successes
_or any other suggestions?_

some of them websites said that one way they keep you safe online is to direct traffic through their servers, is this a problem if online shopping?

I am not particularly worried about the speed or size of the distro (I will be burning to DVD as I only have them and they are the same price as CDs so I have plenty of storage)


Thank you


----------



## SteveThePirate (Jan 12, 2012)

Hi,

The Ubuntu privacy suite looks decent but i have found this one; 
DistroWatch.com: Privatix Live-System
this includes Tor which is an extension for firefox so that nobody can see what your are doing online, to read more about it read this;
https://www.torproject.org/

Steve


----------



## kkid106 (Sep 21, 2011)

I saw that one too, but it didn't seem to have as many security features as the ones listed in my first post. For example, tails has "cryptographics tools", HTTPS everywhere (another firefox extension) and it too includes Tor.


----------



## hal8000 (Dec 23, 2006)

All linux live CD's are more secure than windows, there are no malware or viruses for linux that exist on the internet.

I would worry more about who you buy from and how they store your transaction, as you have no control over this. If you buy from a large company like Amazon then its a safe bet that they store your details securely.

However if you were to buy something from a small dealer in a foreign land, then there is no guarantee that they store your data safely. If there system is compromised your details like name, address, credit card could be exposed.

When I order online if the vendor does not use https then I don't order.
Hope that helps.


----------



## kkid106 (Sep 21, 2011)

hal8000 said:


> When I order online if the vendor does not use https then I don't order.
> Hope that helps.


I do the exact same thing already.

I am very internet security concious and I only buy from trusted dealers like amazon.


----------



## SteveThePirate (Jan 12, 2012)

kkid106 said:


> I do the exact same thing already.
> 
> I am very internet security concious and I only buy from trusted dealers like amazon.


Then you should be safe enough, if i have survived shopping through windows without a hitch then yourself ordering on a live cd should be no problem, happy surfing

Steve


----------



## kkid106 (Sep 21, 2011)

I have made a live USB of Tails (which used Tor too) but am concerned about Tor.

If my connection is going throug multiple computers, won't all my details be going through them computers and therefore isn't it more likely that I will have my details stolen?

It said abotu this on the Tails website and it said end-to-end encryption should be used, is this encryption a feature of tails?


also, i noticed many extensions on iceweasel (the livecd version of firefox) aimed at stopping all scripts, if shopping online, won't this stop transactions and cause other trouble?


----------



## hal8000 (Dec 23, 2006)

kkid106 said:


> I have made a live USB of Tails (which used Tor too) but am concerned about Tor.
> 
> If my connection is going throug multiple computers, won't all my details be going through them computers and therefore isn't it more likely that I will have my details stolen?
> 
> ...


All your details will be sent through every computer on the Tor network but should be encrypted. However you do not know for sure if one of those anonymous nodes, is really anonymous so only you can decide if you want to use Tor.

If a script is stopped then you wont know for sure how far your transaction has progressed. 
Personally I just use a hard drive install of linux and use firefox or chrome for online 
shopping.


----------



## Eddie.Dean.19 (Dec 15, 2011)

hal8000 said:


> All linux live CD's are more secure than windows, there are no malware or viruses for linux that exist on the internet.
> 
> I would worry more about who you buy from and how they store your transaction, as you have no control over this. If you buy from a large company like Amazon then its a safe bet that they store your details securely.
> 
> ...


+1

Also tails is for anonymity not security. In fact in most cases it will hinder shopping as who knows where the your "new" ip address will originate from and a lot of companies don't do business with certain countries. In the case of live CDs you will be secure as ever and will only need to worry about the actual site you're ordering from.


----------



## kkid106 (Sep 21, 2011)

thanks


----------



## surensach (Feb 11, 2012)

Guys how Abbott Black ubuntu , wondering no one mentioned about t.at


----------



## hal8000 (Dec 23, 2006)

surensach said:


> Guys how Abbott Black ubuntu , wondering no one mentioned about t.at


I never heard of it until now, looks like a viable alternative to Backtrack.
It maybe a little overkill if all he wants to do is shop online but here is the link:

Blackbuntu Linux | Penetration Testing Distribution


----------



## SteveThePirate (Jan 12, 2012)

hal8000 said:


> I never heard of it until now, looks like a viable alternative to Backtrack.
> It maybe a little overkill if all he wants to do is shop online


It does look a bit overkill doesn't it :grin:


----------



## kkid106 (Sep 21, 2011)

I've been looking at all of the mentioned distros in this thread and am still unsure on what to use.

The distros including tor seem to unsecure for online shopping as they will be sending my data through lots of different computers - the fewer the computers, the better.


I now do not think I will find any distro focused on internet encryption/security. All of the distros seem to either have Tor or are only focused on local encryption (file and drive encryption).

I am therefore thinking of using LPS - however, is there any advantage of using this over ubuntu?


----------



## kkid106 (Sep 21, 2011)

alternatively, what about open/freeBSD?

I have heard that one of them is aimed at security, would this security benefit online shopping?

my logic behind this is that BSD is less widely used than even linux and therefore it should be even more secure, am i correct?


----------



## SteveThePirate (Jan 12, 2012)

kkid106 said:


> alternatively, what about open/freeBSD?
> 
> I have heard that one of them is aimed at security, would this security benefit online shopping?
> 
> my logic behind this is that BSD is less widely used than even linux and therefore it should be even more secure, am i correct?


Not necessarily, BSD and Linux both have they're advantages and disadvantages same as windows and mac but the key about linux/bsd is that they are much more securer than the latter regardless of how many use them. However to summarize, any main distro such as ubuntu, mint, fedora etc will be secure for online shopping, you don't even have to download one of the "secure" ones. The only way online shopping could be dangerous(even with windows) is through user action. But using a live cd will add an extra line of security for any user, again regardless of what distribution used as long as you yourself use trusted sources for your said shopping. Plus most banks have added password protection to the use of your card so make sure you have that set up (this helps you protect who uses your card)

Happy Shopping

Steve


----------



## SteveThePirate (Jan 12, 2012)

Oh and one more thing, make sure your passwords for any shopping sites like amazon and even for your bank are strong ones (caps, small letters and a couple of numbers)


----------



## kkid106 (Sep 21, 2011)

But what about anti-virus aspects;

Is linux, with no form of anti-virus/malware whatsoever from the LiveCD more secure than Windows with very strong security (i.e. a firewall, anti-virus, anti-spyware, a custom HOSTS file, winpatrol and MBAM)?


----------



## SteveThePirate (Jan 12, 2012)

Hi,

Other than linux itself being much more securer than windows and doesn't *need* an anti-virus, the livecd is running off RAM, and the base system is read-only, with any changes either being ignored, or on a overlay file system. Virus' will affect your OS installed on a hdd. The live cd will not use your hdd.

Steve


----------



## kkid106 (Sep 21, 2011)

The viruses I am worried about are keyloggers though, if they run in the RAM then they are still able to transmit my card details - am I right?


----------



## kkid106 (Sep 21, 2011)

becuase I mainly want encryption, are there any distros whihc will encrypt all outgoing data?


also, is there any benefit of LPS over ubuntu?


----------



## Eddie.Dean.19 (Dec 15, 2011)

Tails sends everything out through tor

But you don't need that if you're shopping. That's what ssl is for and if a shopping site does not use ssl then you shouldn't be using them


----------



## 23072011 (Feb 16, 2012)

Hi kkid, 

If you're concerned about the security of your *computer *while you browse the internet, then a live CD is a good way to go.

If you're concerned about the security of your *on-line credentials *(credit card information and usernames & passwords of various online accounts), then you need to harden your browser. 

https everywhere is a firefox extension that will force all sites to use https, which encrypts your outgoing data. Ad-block in firefox will block pop-up ads (including ones that might be malicious). 

You can block scripts in nearly every browser (but I haven't found how in internet explorer). But you have to white list trusted sites, and it breaks a lot of websites so you need some patience and guides to get that right. If you can prevent any old arbitrary code running in your browser (which is what blocking scripts would do), then you're way more secure. 

Another good tip- don't save history & passwords in the browser, don't allow auto complete. Close your browser often & reopen- don't surf all day on one open browser session. Use a new session to log into any account & then close that browser session when you're done. Imagine if you land on a bad website without knowing and they are able to harvest your cookies & credentials. If nothing is there to steal, then it can't get stolen.

I don't know of a distro that has a built-in hardened browser, but there could be. It's easy enough to build your own, but that would be pretty hard on a live CD that you can't write to.


----------



## Nizatidine (Jun 12, 2010)

Puppy 5.2.1 allows for use of LiveCD and optional encryption of saved config files on a USB stick user takes out and carries. I use newest Seamonkey browser and purchase gift cards for internet purchases (AMEX Gift Cards). It's secure enough for me. :thumb:

Best wishes!


----------

