Is virus possible using CD boot?

[John3333]

I've just burned a copy of Knoppix 3.4 and used it (also tried MandrakeMove a few days ago) and it seems to work fine. Somewhat to my surprise, it even connected automatically to the internet through my high speed cable connection.
I hope these two following questions aren't stupid, but since I don't know that much about this type of use (running only from the bootable CD), here goes:
1. As long as Knoppix (or another similar program like MandrakeMove) is booted from the CD, and not set to write to the CD, does that mean it is impossible for a virus, trojan, etc. to get onto my computer? Or is it still somehow possible for a virus, etc. to get onto the hard drive?
2. If it is still possible for a virus to get onto my computer when surfing, etc., then would my computer be completely virus-proof if I simply disconnected the hard drive prior to booting from the CD and surfing the Internet, as supposedly I do not even need a hard drive to run Knoppix.
Thanks for any answers anyone can provide.

[Cuddles]

I hope these two following questions aren't stupid, but since I don't know that much about this type of use (running only from the bootable CD), here goes:
1. As long as Knoppix (or another similar program like MandrakeMove) is booted from the CD, and not set to write to the CD, does that mean it is impossible for a virus, trojan, etc. to get onto my computer? Or is it still somehow possible for a virus, etc. to get onto the hard drive?
2. If it is still possible for a virus to get onto my computer when surfing, etc., then would my computer be completely virus-proof if I simply disconnected the hard drive prior to booting from the CD and surfing the Internet, as supposedly I do not even need a hard drive to run Knoppix.
Thanks for any answers anyone can provide.

I will attempt to answer both questions at the same time, since they are both related, and this is from "what I feel", and from "what I have heard"

No system is "completely" impervious - the only way to ensure a "completely" safe computer, is to have it locked in a room, thirty security guards, and thirty guards guarding them, the computer never has a phone line, or connection to it, and its power is supplied by "means that no-one can get it"...

This is almost impossible, and deffinately defeats the purpose of having a computer in the first place...

I would say, if you connect, be sure to have "passwords" on all your accounts through the system - that means not only root, but knoppix users, and any others you have. These passwords should not be "easy" to crack. Even if you don't have a hard drive "mounted" when you surf, if the permissions and passwords are so easy to get through, you could have someone connect back to your system, possibly "remotely" mount your drives, and extract what they want.

Best bet, is to disconnect your hard drive, and use the CD only - that way, if "someone" does manage to get "in" - they only have access to a CD, and with that a read-only operating system. If you pick up a trojan, or virus, all you need to do is reboot the CD, and everything is evaporeated...

This could be on the side of "paranoid" - but in a world where "people" can pick-off your IP address from normal traffic, as shown in the "Gibson Research --- Shields Up" web site...

I "never" feel safe, I have a firewall, and only frequent "known" web sites, but, even then, it still may not be the safest...

Take this as a grain of salt, or as "biblical", either case, my words are penned, and I stick by them,
Ms. Cuddles

[gowator]

firstly Ive NEVER had a virus or at least Ive never caught it.
Ive not used windows for 5+ years now

however a few linux viri do exist
http://www.viruslibrary.com/virusinfo/Linux.htm

One safe step is to set the root and knoppix passwords to something in case someone ever writes a knoppix specific work...

But overall just not using windows is your best defense...
Im presuming you have windows on your hard drive so your worried about that being infected.... but to do that someone would have to write a specific virus to infect windows machines which are vurrently running linux...

writing a virus for linux is hard work and if measured by infections small reward.... its much easier to attack a windows machine running windows!
(even with antivirus or behind a firewall)

In other words i dont want to say its impossible but it has rained frogs and I dont have insurance against being hit by falling frogs! but I do have insurance for my car ...

I'd worry about getitng a windows virus....
I might consider the possibility of a native linux virus ...
but the idea of a linux virus written to infect a windows partition froma live Cd is just too unlikely for me to worry over....

[user unknown]

[quote="Cuddles"]

but in a world where "people" can pick-off your IP address from normal traffic, as shown in the "Gibson Research --- Shields Up" web site...

Well - how should a server respond to you, without knowing your IP?

An attacker needs your IP but he needs much more (or could find your IP by probing it, like sasser does).
I don't know whether your knoppix is looking for updates or why it connects automatically to the internet - perhaps only to prove it's possibilities.

If you don't open ports, an attacker has poor chances to get into your system.
List your open ports with:

Code:

#get your IP:
ifconfig ppp0
# see open ports
nmap -v YOUR_IP

From a scientifical viewpoint, a virus may infect your system - from a practical viewpoint not.

How would you disconnect the harddrive - by unplugging the hardware? That should be supersecure, but I guess you have to wait some months or years, until linux-viruses occure in the wild.

[John3333]

Thanks for the reassuring info regarding my original post on whether a virus infection is possible when running Knoppix from a CD. It seems so unlikely that I may not even bother to disconnect (unplug) my hard drive while surfing the Internet. (I had been thinking about running a cable connection outside the tower to make this easy to do.)
Cuddles said in the first reply to my query that it is also a good idea to set up difficult passwords to prevent anyone from accessing my accounts. Since I don't get any chance to set passwords when I boot from the CD, and since I seem to remember reading somewhere that access to the hard drive is automatically locked, is this still something I should do? If so, how do I go about setting up passwords when I am never given the opportunity to do so upon bootup? I'd appreciate any info on this, too.
Again, thanks for the replies to the original posting.
(There is one thing I should clarify about my original post. I used the wrong terms when I said that upon booting, Knoppix automatically connected to the Internet. What I meant was that it automatically configured my Internet connection, so that all I had to do to surf the Internet was click on a web browser.)

[user unknown]

I assume you're not running any services, (web-server, ftp-server, app-server, db-server, irc-server, ...) no sshd, telnetd, etc.
How should a remote cracker get into your machine?

If you don't have a door, you don't need a lock.

My first linux-newbie-installations HAD a webserver running by default (apache) in the mid-90ies. But this shouldn't be common to nowadays installations/ bundles.

[CrashedAgain]

Thanks for the reassuring info regarding my original post on whether a virus infection is possible when running Knoppix from a CD. It seems so unlikely that I may not even bother to disconnect (unplug) my hard drive while surfing the Internet. (I had been thinking about running a cable connection outside the tower to make this easy to do.)

I certainly wouldn't do this. I think the risk of hardware damage due to power surges while plugging/unplugging things is far greater then any risk from a hacker or virus.

Cuddles said in the first reply to my query that it is also a good idea to set up difficult passwords to prevent anyone from accessing my accounts. Since I don't get any chance to set passwords when I boot from the CD........If so, how do I go about setting up passwords when I am never given the opportunity to do so upon bootup?

Once Knoppix is up & running, just type 'sudo passwd' in terminal to set the root password and 'sudo passwd knoppix' to set a knoppix iser password. You will of course have to rendo this with each boot.

and since I seem to remember reading somewhere that access to the hard drive is automatically locked, is this still something I should do?

Access to the HD is not actually 'locked'. In Linux, you must 'mount' a drive (or any other device) before you can use it. The HD partitions are detected but not mounted at startup so cannot be accessed until they are mounted, usually by clicking on the appropriate desktop icon. They are then mounted read only by default. If the user wishes to write to a file on the HD, he must change this mounting to read/write access: Right click on the icon, scroll down to 'actions', select change read/write mode. (or right click on the icon, select properties, select device, uncheck 'read-only').
[quote]

When you think about it, this is actually a fair bit of built-in security. First, a virus would have to be a LINUX virus---rare. Then it would be attempting to attack a CD-ROM...would be unable to make a permanent change without a CD burner. If it attempted to attack the HD files, it would be unable to find any as they are not mounted (type 'ls /mnt/hda1' without mounting hda1, see what you get) or they are mounted read-only. You must be root to mount things, if you have set a root password the virus or hacker would then have to get past the password to mount the drive.
Finally, if you have been careful about not leaving sensitive information laying arout accessible on the system, it wouldn't find anything damaging even if it did manage to get this far.
Compared to the average Windows-no passwords-at-all system I'd feel pretty safe.