[IAEP] is Soas safe?

Sascha Silbe sascha-ml-ui-sugar-iaep at silbe.org
Mon Mar 22 05:29:46 EDT 2010

Previous message: [IAEP] is Soas safe?
Next message: [IAEP] Etoy Activity for test!!!!!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 21, 2010 at 06:31:02PM -0500, Yamandu Ploskonka wrote:

> I guess that harddrive-less units are totally OK, but what happens in 
> normal, hard-drive based machines if somehow a stick gets infected?
While SoaS does not use Rainbow (=> unprotected), I've yet to see a 
virus or worm that
a) runs on Linux and
b) infects a hard disk from within a Live system (usually it tries to 
spread on the network instead).

We should strive to make all Sugar installations (including SoaS) more 
secure (by re-integrating Rainbow), but this shouldn't prevent anyone 
from using it now. The risk is low enough.

> when booting from a USB stick, is it like when booting from a CD or 
> for those old enough to remember, like booting from a floppy?
> I mean, that was THE way to get infected before Word macros started 
> being the star, since such infection basically bypass all anti-malware 
> protection, except when set at the BIOS level, and how many people 
> knew about it in my younger days?
Oh, so you're talking about a boot sector virus? I haven't encountered 
one of these for ages; but yes, _anything_ that boots a different system 
from the one on your hard disk is going to be susceptible to that.
BTW, I don't think the BIOS-level protection works anywhere except in 
DOS.

In general, anyone who is able to boot a computer into a custom system 
will get full access to it and this extends to (almost) any software 
they installed, voluntarily or not. If you don't want that, install 
Sugar on a fixed storage medium (i.e. hard disk) instead of booting from 
SoaS.


PS: Please continue the discussion on sugar-devel as it's about 
technology, not education. I've set Mail-Followup-To accordingly.

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/archive/iaep/attachments/20100322/48e33a61/attachment.pgp

Previous message: [IAEP] is Soas safe?
Next message: [IAEP] Etoy Activity for test!!!!!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the IAEP mailing list