Hi,
I expanded FF - 3.6.8 for Linux on to a USB stick.
I am running this programme in concert with UBUNTU LiveCD.
It works well, but someone has told me that running FF from a USB has security implications.
Since I use this arrangement for banking, I would like another opinion, and possibly an explanation.
I have not installed UBUNTU because I only use it for banking.
I use FF from a USB stick so that I can update it.
Thanks.
A
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
What security implications? And how are those security implications different than running Firefox from a fixed disk? It doesn't matter where you run a browser from, you must always take care when dealing with sensitive data. If there are security vulnerabilities in Firefox Portable, then that means that there are those same security vulnerabilities in Firefox.
You might not want to run Firefox Portable on an "untrusted", public computer to do your banking, but then you probably wouldn't want to do your banking on the public computer anyway. That doesn't really have anything to do with running from USB or not, that is just being cautious and using common sense.
Just my opinion.
Thanks for responding.
I suppose the argument might be that since FF is installed on the USB it could be attacked. A LiveCD cannot be written to and therefore cannot be attached.
Best wishes.
A
Ps
FF is Linux coded
Live CD is UBUNTU (Linux)
If you're using a Linux LiveCD then that typically comes with a browser so why would you want to run a browser from USB drive anyway? Furthermore, so you think you're personal data is safe over the Internet when you use a LiveCD?
There are security risks everywhere, I think the USB drive is the least of your problems.
I can update the browser installed on the USB.
I don't think that personal data is safe on the Internet, but most banks connect via https which should be safe (encrypted).
The problem of using a USB could relate to the fact that it can be used in any number of machines, and is, therfore, more likely to pick up a virus or malware. It can, of course, be scanned.
Best wishes.
A
Browser run from CD and from flash can be attacked both the same way, since there is in fact nothing that can just run from CD, all is run from more or less components from operating system and loaded to ram anyway.
Yes, when the browser is on the CD and it is not run, it can not be changed, but this is not the point. While you run it, it is same as any other browser. The difference is, that after you close it, it will not remember anything you did with it before.
For banking it does not very much matter what kind of browser you use. Their security setup considers the users computer and its browser as the weakest and completely unprotected and possibly hacked part in the whole communication.
Bank will not only use the ssl for basic communication, but will take care that encryption keys or at least their parts are transmitted by other means than over the ssl internet connection.
Some will use mobile phone connections, other will use separate key generator, other have special timing modules in sync with the banks computer system.
The whole system is secured so, that you can use a browser in a public terminal in a train station as well as Internet caffe etc.
I have experience with bank systems in Switzerland, Nederland, Canada, Australia, Czech republik, and have not encountered any internet banking which would relay only on any security features of any browser or operating system.
Otto Sykora
Basel, Switzerland