Colinux for cybercafes[]

What's this about?[]

Viruses and trojans that sniff the keyboard on Windows machines in cybercafes are becoming more prevalent and invisible.

There's no easy way to ensure that a machine in a cybercafe is clean.

One attempt to mitigate this issue is to use colinux on a portable hard-drive

Details on Threat Mitigation[]

We'll run colinux on the machine, and use an X server to run firefox.

Viruses can continue to sniff the keyboard, but they're far less able to work out what you are typing. Use of utilities such as "Text Capture.exe" cannot see any text in an X server session containing Firefox, unlike for Firefox or IE running locally within the Windows operating system.

Whilst a virus could theoretically sniff the X session network traffic, the number of viruses targeting such a target are likely to be small, because it is not a configuration commonly used by non-technical users, who are the most common target for many viruses. Of course, if this is an issue you can encrypt the x windows traffic over ssh

Configuration / setup[]

Pick a cybercafe where the hard-drive is effectively read-only, ie it resets itself to an image on each reboot.

You can detect such a cybercafe pc by resetting a pc, then running "eventvwr" and noticing that there are no events in the system log for several days prior to the reset.

Use the slurp networking, since this does not require any network driver installation, and it won't create any new virtual hosts on the network, which could cause issues to the cybercafe.

Install colinux to your USB hard drive, download a ubuntu image, then do "apt-get update" and "apt-get install firefox".

Create a script that installs the colinux driver ("colinux-daemon --install-driver"), starts colinux ("colinux-daemon @myconfig.conf") then uninstalls the colinux driver ("colinux-daemon --remove-driver")

XMing works well as the X server, you can just install it to a directory on your USB hard drive. You can run xlaunch once, save the configuration, then add a line to your script to start the X server with this configuration, ie "xlaunch -run config.xlaunch". In the xlaunch configuration wizard, you can pick "multiple windows", "launch no client" and deselect the "clipboard" option, then leave the other options to their defaults.

Now, if you go to another cybercafe PC, you don't need to install anything: simply plug in your usb hard drive, and run your start script.

Note that you may need to tweak your configuration slightly from pc to pc, since the hard drive may be assigned a different drive letter sometimes.

To start X windows and run firefox:

* start the colinux and xming
* login (root/root, unless you've changed the password (which you probably should, using "passwd"))
* type "export DISPLAY="
* type "firefox &"

Note that you can uncomment the option "ro" in your configuration file, which will make your image read-only, hardening it against occasional potential attacks.

Threat mitigation analysis?[]

Thoughts? Secure? Possible improvements?