Hi! I was wondering if in a scenario I were to click on a phishing link that would install spyware on my pc - what would happen if this was on tails os. Also, would it make a difference if I was running persistence storage? If I unplug the usb would I be good? On the other hand, what if someone installs spyware on my pc by inserting an infecting usb while Im gone. What would happen if I then booted tails os on that pc? Thank you!
Tails is designed to be amnesiac. This means that once you remove the USB stick from the computer, all data should be wiped. In the rare chance that you have malware designed for Linux, you should be mostly safe as long as you don’t do anything important on that specific session.
If you have persistent storage and do suspect a malware infection, it might be best to delete it.
2 Likes
If you have persistence enabled and decrypted, you’re about as secure as using Debian which means you can be infected with malware. If you don’t have persistence enabled and you’re infected with malware which wasn’t made to target Tails or your firmware, it’s unlikely (not impossible) to remain after shutting down the PC.
There’s still a realistic possibility that malware (especially well-made or purpose-built malware) can infect your Tails USB or infect you with a bootkit. If you’re very concerned about malware, something like Whonix might be a better option as the virtual machine will add an extra layer of protection.
This is known as an evil maid attack. No operating system (including Tails) can protect you if your computer has malicious firmware or hardware installed. The best you can do is avoid leaving your devices unattended as much as possible and try to use forms of tamper-evidence.
For example, you can use a security system (look for private options, possibly Haven) to monitor the area you’re leaving your devices in so you can be aware of potential intrusions. If tampering is detected, do not use the device or plug any other devices into it if you don’t want to risk infection.
If you’re storing any data on the laptop, be sure to use full-disk encryption beforehand and keep the laptop turned off when not in use. Have the data safely backed up elsewhere as you cannot safely decrypt a potentially infected laptop from an evil maid.
3 Likes
thank you very much for your help! So, in terms of protecting oneself against spyware like mic, camera, and everything else hijacked on the pc - the best you think would be to use a qubes os with whonix. In that case if one were to click on a phishing link and allow spyware to be installed on the pc then after closing the VM one should be good? or that is not how I should think about it? Many thanks!
Well it’s not guaranteed protection, it is still possible for malware to escape the VM. It just adds an extra hurdle for malware to jump over. You should still use good security practices and try to avoid malware in the first place. If you’re gonna go through the trouble of using Qubes-Whonix, be sure to familiarize yourself with how to use QubesOS and Whonix properly and what tools you (as a QubesOS user) can use to better protect yourself. QubesOS and Whonix documentation are great resources for this.
To clarify, QubesOS mainly protects against malicious software, so much like Tails you shouldn’t expect it to protect you from malicious firmware or hardware installed by an evil maid. You should still use forms of tamper-evidence if you’re worried about an attacker getting physical access to the laptop.
2 Likes