Various safety measures, OS comparisons, multi-boot, Flash b

General discussion about web technology.
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ wrote:It would be rough to run virtual machines on those specs, but they are not THAT bad, if you were doing dual partition and running Linux outright, you'd be fine. One minute you are in XP, the other you are in Linux depending on how you boot up, you can ignore the VM portion for now, although it can still be done, it would just be a bit draggy and slow.
That's what I thought. Thanks for confirming.

As said, not interested in learning a new OS from scratch, but Win 7 would be interesting, and there's no need for dual boot, because as you said the next recycled laptop you get ... :D (hoping you check it out for viruses, rootkits, etc. ;) )

No obligation, of course!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

I can send you the OS and key anytime, but to go with a machine too, give me a little time. I should have something soon hopefully.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ wrote:I can send you the OS and key anytime, but to go with a machine too, give me a little time. I should have something soon hopefully.
I have plenty of room, and greater resources, on the backup computer that stays in the box until this one has to go in the shop, plus its once-a-month update and battery charge cycle. Figure I might as well use the older, lower-resource machine (but still fast, thanks to trimming) for doing this sometimes-dangerous support work. (going to the dark side, disabling NS, etc.) I could re-partition the newer one and put W7 on it. Actually, I could repart this one, since the specs meet 7's SysReq.

Or get an external HD, maybe even easier, since they're becoming so cheap? Any performance penalty for USB 2.0 ports?
Will have to check whether the newer one has USB 3.0 speed capability.

Would a VM work well enough with 3 GB RAM and 2.0 GHz processor? (the specs of the somewhat-newer one)

You are too kind. Thank you, Sir. :)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Flash Player sandboxing is coming to Firefox

Post by dhouwn »

Tom T. wrote:Would a VM work well enough with 3 GB RAM and 2.0 GHz processor? (the specs of the somewhat-newer one)
Probably, even more helpful might be if the processor has at least basic capabilities for assisting a virtualization solution (AMD-V/VT-x: http://en.wikipedia.org/wiki/Vt-x#Processor)
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Partitioning would be best option for the lower resource machines. The 3 gb 2 ghz on the face of it, yeah would run VM just fine. The extend of efficiency relies a bit on the CPU but that can be mitigated for the most part. USB 2 is almost as fast, if not faster than most 5400 RPM drives which degrade performance and so you'd be fine and shouldn't notice much degradation at all. I have an 8gb thumb drive, only a class 4 (older one), running FULL win 7, FULL ubuntu, running a MAC VM and still has oh 3.8 gb left over not including all the personal files, videos, executable, etc, I have on there. I take all my stuff everywhere I go and leave no trace. Of course I still have my own production machine at home, even with that, I plug in the thumb drive and multi task the hell out of things.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

@ dhouwn: Thanks for the link. I'm virtually (OUCH! :lol: ) certain that this 2005 x86 Intel laptop chip doesn't have that. I'd have to look more deeply into the specs of the newer one.


@ GµårÐïåñ: What you said about comparative speed is backed up by my factory-authorized local service reps, which speaks quite well for *them*. :D

Seems the simplest solution would be to get an inexpensive USB HD -- doesn't need to be very large -- and just boot from that when desired. No partitioning, reformatting, messing with dual-boot options (if the external drive is E:, just tap the E key right after hitting the power button)... as was said before, these machines will *not* boot from a thumb drive.

Q: Presumably, an advantage of VM is safety -- the attack or corruption occurs inside the VM, which, if properly and TRULY isolated, is dumped on closing, leaving the HD untouched. How would the external HD compare? When shutting down that OS, presumably all is cleared from RAM, which starts fresh on the next boot (of the native system, say.) If there were a corruption or successful attack on the external system, is it possible to "poison" the local, native system? A rootkit probably would be one example, right? So it would not be as safe as the VM, or would it?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Even on systems that cannot run directly from USB, assuming you have the latest BIOS which still doesn't account for it, you can use an inexpensive boot manager like the one provided by Acronis to choose where and what to load, works like a charm.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Flash Player sandboxing is coming to Firefox

Post by dhouwn »

Tom T. wrote:Q: Presumably, an advantage of VM is safety
Yes, unless something manages to break free (e.g. bug in virtual driver), then you might have even more troubles (since the malware could then read the current state of your host system (e.g. maybe its memory and therefore stuff that has been decrypted), though seems pretty hypothetical to me.
Tom T. wrote:is it possible to "poison" the local, native system? A rootkit probably would be one example, right? So it would not be as safe as the VM, or would it?
Well, the system booting from the external disk would still have write-access to the disk with the native one, wouldn't it?
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ wrote:Even on systems that cannot run directly from USB, assuming you have the latest BIOS which still doesn't account for it, you can use an inexpensive boot manager like the one provided by Acronis to choose where and what to load, works like a charm.
I'll try for the seventh or eighth time: This system CAN boot from USB: External HD, USB CD or DVD reader or read-writer, etc.

It will not boot from FLASH DRIVES (thumb drives), period. End of story.
Loading Acronis boot disc does allow restoring from a backup image on a flash drive (or anywhere else). Which is not the same as loading a working OS.

If there is a separate product for calling and booting an OS on a flash drive, I'm not familiar with it.
dhouwn wrote:
Tom T. wrote: is it possible to "poison" the local, native system? A rootkit probably would be one example, right? So it would not be as safe as the VM, or would it?'
Well, the system booting from the external disk would still have write-access to the disk with the native one, wouldn't it?
Not sure. I guess I was thinking that one would probably install updated versions of one's programs, etc. on that HD, which adds the advantage of total redundancy if the native disk dies. If the external HD install reads the EV %windows% as E:\WINDOWS (and the same for subfolders, system32/64/WOW etc.), and it seems that most other EVs would translate as pointing to the external HD, (and its own Registry stores all of these file paths back to the new drive), then it seems the need for the this HD system to access the native disk is disappearing...

Clearly, it needs access to the sound/video/NIC cards, etc., although via its own drivers (which may not be compatible with these older cards -- another problem?)

Getting a little more complicated here. Perhaps partitioning the native HD *is* better. No reason that an OS on one partition needs to know that the other one exists, right?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Acronis uses a unique write back system that actually backs up the boot sector before changing/flipping the switch to the other boot and therefore no matter what breaks, it will ALWAYS have a clean and full copy of the boot there is nearly NO way to break the book sequence running it. Trust me, I know the developers and if I may humbly inject, I helped them develop the technique for preventing exactly what you mentioned. In fact this has saved many systems that were corrupted by other reasons.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5 Comodo_Dragon/19.0.3.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Tom, if the system can boot from USB, it can boot from thumb drive, its a matter of how you format the drive to simulate boot sequence. Its a special handling of the thumb drive that will allow it to do this. It is understandable that you won't know that but I figured you would assume if I am saying it, its doable. If thumb drives are formatted in the traditional way, correct, it won't load OS like, but if formatted like an OS with the proper boot sequence, the machine cannot distinguish it from a regular drive with a bootable image.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5 Comodo_Dragon/19.0.3.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ wrote:Acronis uses a unique write back system that actually backs up the boot sector before changing/flipping the switch to the other boot and therefore no matter what breaks, it will ALWAYS have a clean and full copy of the boot there is nearly NO way to break the book sequence running it. Trust me, I know the developers and if I may humbly inject, I helped them develop the technique for preventing exactly what you mentioned. In fact this has saved many systems that were corrupted by other reasons.
Which product is that? It's not their True Image Home FDI backup system AFAICT (ok, just gave them the plug), because I see no support for installing a dual-boot system per se, unless I'm missing something.
Tom, if the system can boot from USB, it can boot from thumb drive, its a matter of how you format the drive to simulate boot sequence. Its a special handling of the thumb drive that will allow it to do this. It is understandable that you won't know that but I figured you would assume if I am saying it, its doable. If thumb drives are formatted in the traditional way, correct, it won't load OS like, but if formatted like an OS with the proper boot sequence, the machine cannot distinguish it from a regular drive with a bootable image.
You'll have to take that up with Toshiba Support. A quick search showed only a BIOS Update that would enable that, but only if the machine had an Intel display adapter, but mine doesn't.

If you remember, you sent me detailed instructions on how to format the flash drive, which I followed to the letter, and eventually decided to stop the waste of hours. That was somewhere around a year or so ago, IIRC. If you want to look for such a BIOS update, I'll PM you the model# and hw specs.

You have access to a lot of machines, for repair, etc. Try it on a Toshiba Satellite from the mid-2000s, and see if it still works without some sort of drastic change to mobo, cpu, etc.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Flash Player sandboxing is coming to Firefox

Post by dhouwn »

GµårÐïåñ wrote:Tom, if the system can boot from USB, it can boot from thumb drive
Well, flash drives normally announce themselves as removable drives from the get-go (have the removable media bit set) while external disk controllers might not, so it's possible that Tom's strange BIOS is looking for that.

/me remembers the times when you couldn't boot from the BIOS to a CD and you needed a floppy disk first. Basically that's the idea Guardian has, only that in this case you have a loader which then allows you to boot into your flash drive on the fixed disk.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Flash Player sandboxing is coming to Firefox

Post by GµårÐïåñ »

Correct and it does that generally rightfully so, it IS a removable drive, with no boot capability. However, even with boot capability some BIOS will treat thumb drives due to their file system and flags as removable and that's why they need to be formatted in a proper way to allow it to behave as it should. I have perfected the art of using thumb drives like external bootable CDs and machines. I have had machines that were netbooks and people wanted to install Windows or Linux or whatever on it but didn't have an external CD, so I just took an SD card, formatted it properly, shoved it in the slot and voila, it booted from it like it was a CD and installed the OS and no sweat, and then I decided to apply that same logic to running them as mobile OS installs too and now I have thumb drives that run XP, BSD, OSX and so on and the machine is none the wiser that its running off and SD card or a thumb drive, it thinks its running off an ACTUAL hard drive within the machine. Now the only thing is that the machine has to be able to boot from USB to do that for this trick to work, but even in those that can't, a clever bootloader using intermediate drivers can spoof it to do it so. Anyway, done beating the dead horse, if you ever need it just let me know.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5 Comodo_Dragon/19.0.3.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Flash Player sandboxing is coming to Firefox

Post by Tom T. »

GµårÐïåñ wrote:... it booted from it like it was a CD and installed the OS and no sweat, and then I decided to apply that same logic to running them as mobile OS installs too and now I have thumb drives that run XP, BSD, OSX and so on and the machine is none the wiser that its running off and SD card or a thumb drive, it thinks its running off an ACTUAL hard drive within the machine.
If you have a foolproof method for fooling my mobo and BIOS into thinking that the flash drive is a HD or CD/DVD, by all means, send it to me.
I'd buy a cheap flash drive, format it as instructed (the HP format tool from some years ago is getting hard to find), and install, say, Acronis OS (<50 MB) as a test case.
Now the only thing is that the machine has to be able to boot from USB to do that for this trick to work...
As said, it boots the Acronis emergency (Linux-based) OS just fine from a USB CD/DVD reader or read/writer.


@ dhouwn:
...Tom's strange BIOS....
Having been installed by a major OEM on all almost all of their laptops except for the most expensive, I don't see that it's "strange". IIUC, some other brands of laptops are like this also.

And having had it confirmed by both OEM tech support and factory-authorized local repair shop, the issue is that these MOBOs are incompatible with booting from flash drive. IDK why, but they say, basically you'd need a different mobo, which in a laptop means a different CPU, drivers, etc... IOW, a whole new machine. ;)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
Post Reply