2

I saw this popular question and I was wondering if my solution was secure/would be of any help for trying to save any source code written on the machine and prevent attacks:

  • Run the computer on a local network.
  • Copy the code into a file with possible html formatting if you're feeling fancy
  • Host the page to be visible to the local network as a static page
  • Copy and paste the code from the page onto a clean computer

    • I considered posting this as an answer/comment but I wasn't sure if it would work/keep the receiving computer clean. Would you put the local network at risk?

    The goal here is to avoid actually exposing the receiving computer to any malware that could be sent to the "clean" computer. I am looking at this as a way to send text information in a sanitized way from an infected machine to a clean one without allowing for the possibility of malware from traveling between the machines. It's possible for emails/scp's from an infected machines to include extra malicious traffic right?

    You still risk your network but I think most modern browsers should have protections. You avoid using a usb all together.

    Community
    • 1
    ford prefect
    • 235
    • 1
    • 2
    • 9
    • 1
      Why is this different/safer, than copying the text into a text file? – schroeder Nov 13 '15 at 15:38
    • It's possible whatever malware on the computer infects every file created/emailed in that machine – ford prefect Nov 13 '15 at 15:46
    • infecting a text file? – schroeder Nov 13 '15 at 15:48
    • Well how do you send the text file? email? scp? I am kinda a novice – ford prefect Nov 13 '15 at 15:52
    • That is a great question. You need to refine your question to define what "secure" means: what are you securing against? Connecting to the network is a risk, plugging in a USB drive is a risk, and extracting the drive to place in a new machine is a risk. How does your proposal address the risks? – schroeder Nov 13 '15 at 15:56
    • @schroeder helpful? – ford prefect Nov 13 '15 at 16:11
    • you can not trust the client anymore, there could be even rootkits which you can not easily detect or remove. You can try to use GnuPG to encrypt the data and send it encrypted and the receiver decrypts it. The encrypted data should also be signed. But keep in mind that you can not trust the system anymore. Maybe some container with VeraCrypt running in the RAM provides more security. Even a live system booted from a burned disk is more secure than using this system. –  Nov 13 '15 at 16:55
    • @DanielRuf So basically my solution is completely unhelpful? – ford prefect Nov 13 '15 at 16:58
    • 1
      It depends on the possible malware and the files. Generally I would open the computer case, remove the HDD, attach it to another PC readonly (there are writeblockers) and copy the binary files. This could be one simple and comfortable solution. –  Nov 13 '15 at 17:08
    • @inquisitiveIdiot it *might* be helpful in that it does protect against some kinds of risks. If you are looking for a solution that protects against all risks, then, no. – schroeder Nov 13 '15 at 17:14

    1 Answers1

    2

    It depends on the possible malware and the files. Generally I would open the computer case, remove the HDD, attach it to another PC readonly (there are writeblockers) and copy the binary files. This could be one simple and comfortable solution.