[Tip] Live Linux, Live Windows

[NeuroticFish]

I've been using this for years, but more for convenience, not necessarily for security. However, I think that it's also great for security/live systems easy to fire up. If it's not secure enough, please let comment/let me know.

I'm talking about Easy2Boot (E2B). This is a software that can turn easily an USB stick into a bootable "swiss knife".
One downloads it, runs it to set up the USB stick, then the show begins: certain folders from the newly set up USB stick can be filled with ISO images. For the lazy ones like me the \_ISO\MAINMENU\ can have them all.

I have now such a stick, I have on it Tails OS ISO, Linux (Mint), various antivirus systems, but also windows system like GandalfsWindows10PE.iso (or, better, here; if you need help, ask). A lot of iso and information is there in https://easy2boot.xyz/tested-payloads/
Just keep in mind that after adding the ISO files you should run (as admin) the USB's MAKE_THIS_DRIVE_CONTIGUOUS.cmd
Some of the payloads can be used with persistence too, but I've never done that.

The stick has also a small "transport" partition where I put IanColeman's, or Eraser portable (to fully removed files) and other such tools.
And obviously I boot from the stick without internet. E2B will show a menu asking which ISO to boot from.


I hope that this will help anybody, especially those afraid of Linux or who prefer to use their favorite tools under Windows in an environment they can keep safe and contained.

[1713880557]

1713880557

[1713880557]

1713880557

[1713880557]

1713880557

[1713880557]

1713880557

[Welsh]

I've used Ventoy (https://github.com/ventoy/Ventoy) in the past, looks like they do similar things. Although, I've since moved on to using Qubes OS as my main operating system, and just using different "Qubes" as a way of isolation, and therefore live boots have limited uses for me now. Not perfect, but live booting is only as good as the medium, and software you're using to do that i.e Easy2Boot, and Ventoy.

Seems Easy2Boot does have some additional features that might be useful though. For example, the transport partition. Sounds like you might be able to put Dban on that, and nuked some computers whenever you need to do so, which I usually do when looking to offload old hardware that hasn't had too much sensitive data.

[NeuroticFish]

I've used Ventoy (https://github.com/ventoy/Ventoy) in the past, looks like they do similar things.

Interesting! I've never heard of it until now and they're indeed pretty much similar. It's another good tip!

Although, I've since moved on to using Qubes OS as my main operating system, and just using different "Qubes" as a way of isolation, and therefore live boots have limited uses for me now. Not perfect, but live booting is only as good as the medium, and software you're using to do that i.e Easy2Boot, and Ventoy.

Seems Easy2Boot does have some additional features that might be useful though. For example, the transport partition. Sounds like you might be able to put Dban on that, and nuked some computers whenever you need to do so, which I usually do when looking to offload old hardware that hasn't had too much sensitive data.

I see you come from Linux direction
I've never used Dban, but I've used on Windows some others (including Eraser or SDelete). I've not used Qubes OS (I don't do much Linux), but I've used Virtual Box for isolation now and then.


I've needed to boot from some Antivirus rescue systems, I've needed to boot from systems that allow me backup system HDD... then evolved to Linuxes and whatever tools I've found (including Windows PE). And at some point I've stumbled over E2B that allowed me to keep all those tidily on one USB stick. Using those Windows with IanColeman was a much later idea.

[darkv0rt3x]

I've used Ventoy (https://github.com/ventoy/Ventoy) in the past, looks like they do similar things. Although, I've since moved on to using Qubes OS as my main operating system, and just using different "Qubes" as a way of isolation, and therefore live boots have limited uses for me now. Not perfect, but live booting is only as good as the medium, and software you're using to do that i.e Easy2Boot, and Ventoy.

Seems Easy2Boot does have some additional features that might be useful though. For example, the transport partition. Sounds like you might be able to put Dban on that, and nuked some computers whenever you need to do so, which I usually do when looking to offload old hardware that hasn't had too much sensitive data.

Isn't Qubes OS quite angry for system resources? I was tempted in the past to try it out but I didn't do it because I saw it needed like a super computer (exaggeration) to run it when I only have a RockPro64 where I thought to install it.
And I'm not sure I could install only parts of the OS that I really need to try to keep the resources usage the lowest possible!

[Welsh]

Isn't Qubes OS quite angry for system resources? I was tempted in the past to try it out but I didn't do it because I saw it needed like a super computer (exaggeration) to run it when I only have a RockPro64 where I thought to install it.
And I'm not sure I could install only parts of the OS that I really need to try to keep the resources usage the lowest possible!

Yeah, kind of. You have to run virtual machines basically for each Qube. However, I've got a rather old machine running it right now, with only 8GB ram, which ram is a important piece of hardware when you're using Qubes OS. Don't get me wrong, the performance on my machine could definitely be better, and my machine does moan at me from time to time. Although, currently there's some key features on my machine that I don't want to give up, and can't easily replace without paying a fortune. For example, hardware switches, and the ruggedness of the machine.

I will eventually be upgrading, but now I've experienced Qubes OS you won't find me using anything else. You can run a limited version of Windows inside Qubes as well as Linux. Officially supported are Debian, Whonix and Fedora, but there's plenty of community made ones. Personally, I stick to the official templates.

Due to the USB isolation, I tend to do my diagnostic, and wiping work inside a isolation qube instead of booting up a live cd these days. Live cd's still do have some uses which Qubes OS isn't as suitable for.

I see you come from Linux direction

Yeah, I've been converted for a number of years now. I don't personally own a Windows machine.
I've never used Dban, but I've used on Windows some others (including Eraser or SDelete).

I've not used Qubes OS (I don't do much Linux), but I've used Virtual Box for isolation now and then.

Yeah, VirtualBox can be good, but has its limitations. I love Qubes OS, and I could talk about it all day, but that's for another thread. Although, I'll just add to fully convert to Qubes OS is difficult. Remember when you first converted to Linux, and you had to search up every painful step of a process? Yeah it's a bit like that. Knowing a bit of Linux does help obviously.

[darkv0rt3x]

Isn't Qubes OS quite angry for system resources? I was tempted in the past to try it out but I didn't do it because I saw it needed like a super computer (exaggeration) to run it when I only have a RockPro64 where I thought to install it.
And I'm not sure I could install only parts of the OS that I really need to try to keep the resources usage the lowest possible!

Yeah, kind of. You have to run virtual machines basically for each Qube. However, I've got a rather old machine running it right now, with only 8GB ram, which ram is a important piece of hardware when you're using Qubes OS. Don't get me wrong, the performance on my machine could definitely be better, and my machine does moan at me from time to time. Although, currently there's some key features on my machine that I don't want to give up, and can't easily replace without paying a fortune. For example, hardware switches, and the ruggedness of the machine.

I will eventually be upgrading, but now I've experienced Qubes OS you won't find me using anything else. You can run a limited version of Windows inside Qubes as well as Linux. Officially supported are Debian, Whonix and Fedora, but there's plenty of community made ones. Personally, I stick to the official templates.

Due to the USB isolation, I tend to do my diagnostic, and wiping work inside a isolation qube instead of booting up a live cd these days. Live cd's still do have some uses which Qubes OS isn't as suitable for.

I see you come from Linux direction

Yeah, I've been converted for a number of years now. I don't personally own a Windows machine.
I've never used Dban, but I've used on Windows some others (including Eraser or SDelete).

I've not used Qubes OS (I don't do much Linux), but I've used Virtual Box for isolation now and then.

Yeah, VirtualBox can be good, but has its limitations. I love Qubes OS, and I could talk about it all day, but that's for another thread. Although, I'll just add to fully convert to Qubes OS is difficult. Remember when you first converted to Linux, and you had to search up every painful step of a process? Yeah it's a bit like that. Knowing a bit of Linux does help obviously.

Yeah, in my case, I think that would be almost impossible. I run Debian in a RockPro64. 4Gb of RAM, so it would be quite heavy and probably slow! Anyway, if with 8Gb you can manage to work with it, I'm surprised. I had the idea that less than 32Gb for that OS was nto recommended! But it's the price to pay for a high end security/privacy OS.

[Welsh]

Yeah, in my case, I think that would be almost impossible. I run Debian in a RockPro64. 4Gb of RAM, so it would be quite heavy and probably slow! Anyway, if with 8Gb you can manage to work with it, I'm surprised. I had the idea that less than 32Gb for that OS was nto recommended! But it's the price to pay for a high end security/privacy OS.

Yeah, 4GB wouldn't work. I'm only just touching it, but this is this machine I use for the forum, and some other minor things. I'm not running much software, and basically only using it for certain things other than web browsing. I've done some coding on it, but the performance is lacklustre obviously. It's usually in a pinch, and when I'm away from my main machine.

Live CD in this case, might be the better option if you don't necessarily need to retain the data. Although, some live CD's do now allow persistent data, like Ubuntu I believe.

[LoyceV]

If it's not secure enough, please let comment/let me know.
~
I have on it Tails OS ISO

For privacy and security, adding another boot-layer adds another risk factor. I haven't used it and it looks useful, but I can't help but think every piece of software you boot gets access to all other images on the same stick. And it gets access to any hard drive you have in your system.
By using separate USB sticks, at least you know for sure they can't mess with each other's data.

USB-sticks are cheap, and I have enough (slow and old) sticks laying around to test things.
That being said: creating a bootable USB stick is more work than copying an ISO image, so this could be useful. I'll test it.

In case it's useful for anyone: I like my setup with 2 Linux installation on one laptop. The second installation makes it very fast to create/restore/overwrite an image from the first partition.

I've added this to my toolbox for my Fork Claiming Service: a space laptop with 2 Linux distributions installed in dual boot. The first is to work on, the second doesn't have internet and now has 5 partition images:
1. A fresh installation with VPN
2. A fresh installation with VPN and BCH full client, synced up to 2010, and set to prune. And BCH's Electrum Fork.
3. A fresh installation with VPN and BTG full client, synced up to 2010, and set to prune. And BTG's Electrum Fork (using wine).
4. A fresh installation with VPN and BCD full client, synced up to 2010, and set to prune. And BCD's Electrum Fork.
5. A fresh installation with VPN and eCash full client, synced up to 2010, and set to prune. And eCash'es Electrum Fork.
The laptop doesn't have enough disk space to keep all full clients.

This setup makes it much easier to handle Forkcoins: I restore the partition I need, boot into it, import the address/pubkey, and let it sync. When done, I take it offline, enter the private key, and create a raw transaction to transfer funds. After that, I boot into the second Linux distribution to overwrite the first partition. This makes offline signing relatively easy without ever risking the private key to untrusted software.

[NeuroticFish]

For privacy and security, adding another boot-layer adds another risk factor. I haven't used it and it looks useful, but I can't help but think every piece of software you boot gets access to all other images on the same stick. And it gets access to any hard drive you have in your system.
By using separate USB sticks, at least you know for sure they can't mess with each other's data.

Whatever is on the ISOs is worthless, nothing is being saved there (I use no persistence). So the point can be only the transport partition, where indeed there can be problems if it's not wiped properly, but this is expected.
And I use the images without internet when safety is important.

So the only way E2B could steal data would be to save it somewhere temporarily (probably not onto the transport partition, since that one gets wiped often) and hope it gets the chance to send it "home" (quite difficult/unlikely imho)
But, again, I may be missing something and if it's so, please tell.

[LoyceV]

nothing is being saved there (I use no persistence).

That's assuming the software doesn't lie, right? And that's my point: by using separate sticks, I know for sure "GandalfsWindows" can't touch something else. It's probably far fetched and very unlikely, but it will always be on my mind if I used a private key in such a system.

[NeuroticFish]

nothing is being saved there (I use no persistence).

That's assuming the software doesn't lie, right? And that's my point: by using separate sticks, I know for sure "GandalfsWindows" can't touch something else. It's probably far fetched and very unlikely, but it will always be on my mind if I used a private key in such a system.

Hey, now we're indeed getting somewhere!
In my "book" GandalfsWindows, being an ISO, it should behave like a DVD, i.e. it knows it cannot save anywhere. (Maybe this is the main flaw in my logic?!)
Because, indeed, I don't want to care whether "the software lies" or not. In this use case I want to be safe even if it's lying.

[Welsh]

For privacy and security, adding another boot-layer adds another risk factor. I haven't used it and it looks useful, but I can't help but think every piece of software you boot gets access to all other images on the same stick. And it gets access to any hard drive you have in your system.
By using separate USB sticks, at least you know for sure they can't mess with each other's data.

I agree, that physical isolation will always be the best policy. However, that can become a problem if you need to access multiple operating systems, and have them working. It would require several computers, so these sort of programs definitely have their uses. Plus, if you're using a open source program, and you know the language it's coded in, you could take a look if it's doing anything malicious.

However, whether or not popular operating systems check for dual boot, and access data is another problem worth considering, and isn't as easy to verify depending on the operating system.

RockPro64 use Arm processor which isn't supported by Qubes anyway[3].

Right, I failed to mention that. Also, worth noting that you need specific hardware requirements, specifically a CPU capable of virtualisation, which of course is sort of the norm these days, however certain hardware is more supported than others. My hardware isn't exactly perfect for it so doesn't come without its problems, but does what I need it to do, and has the core security which makes Qubes what it is.

Qubes OS does have a certified list of hardware that works completely, but you aren't restricted to them. There's good documentation out there of users listing all the problems they've had with hardware not on that list.

[seoincorporation]

...
Just wondering, how many VM/Qube you could run with only 8GB RAM at once?
...

The number of virtual machines is limited by the RAM, If you use Ubuntu or Fedora for the virtual machines you could run them with 2GB of RAM each on 6 machines. But if you use a really light weigh linux like Puppy linux you could run each virtual machine with 300MB RAM. Which let you run close to 15 virtual machines with only 5GB of RAM.

[Welsh]

Just wondering, how many VM/Qube you could run with only 8GB RAM at once?

So, you've got to run certain Qubes for it to be functional, so here's what I've got:

- dom0 (required)
- sys-firewall (network)
- sys-net (network)
- sys-usb (isolates usb's connected, and allows you to choose which Qube to plug the USB in, without being plugged into all of them, can be disabled though if you don't want this capability)
- sys-whonix

The above are like the core of functionality, unless you didn't want internet access, didn't want to isolate any USB's plugged into your system, or didn't use Whonix. However, Qubes OS allows you to download system updates over Tor.

So, those are the one's I've pretty much always got running. I sometimes run into issues with sys-usb due to my processor, however it does work it just fails to start up at times. So, you've manually got to start it up. I never bothered digging in whether this was definitely due to my processor or a common Qubes issue. Simple restart of the qube fixes it most of the time anyway.

Then, I have two qubes that I've created, mainly for web browsing. So I separate Work form personal stuff. Those are almost constantly opened. Now, things to get a bit tight if performing particular tasks with these open.

I have used up to four Qubes at once in addition to the core qubes, doing different things. For example, I have offline qubes which are for security purposes, and I'm usually just copying data using the built in copy system Qubes has. Think like having Keepass in a offline qube etc, usually refered to a "Vault" by qube users. So, these aren't particularly doing much, but are still open. I've dedicated minimum ram to them both.

I've got many other qubes setup for different purposes, but they aren't part of my routine usage, where as the above are. Plus, I do tend to shut down qubes when not in use. One thing I have noted is, watching video on this device while having other qubes open just isn't great. You'll get choppy results, and if you use a rugged computer like we, you'll get some serious heat. However, I don't watch much video or Youtube so for me it suits.

I do want to upgrade at some point, I just don't want to lose some of the features of the computer I've got. To get equivalent you're talking some serious money. I've been looking at some ThinkPads, as I think a minimum of 16GB would suit me, ideally more. Since, I would like to do some more dev work on it, I've got another computer which satisfies those needs for now though.  

Although, for the time being I'm not using this computer for anything resource heavy. If you're you'll be needing more than 8GB. I'm really stretching this computer to its very limit. I do have other computers that would be able to run it, but it doesn't have the features I like. I literally have tons of old, and even newer computers sitting in the cupboard .

I'm generally decently organised though. Unlike my partner who has a million tabs open at once, I've usually only got a few open. Although, I have tested it with 50+ tabs open, since when deleting replies in a particular troublesome thread, they amount up quickly. Though, that's loading the forum, and this isn't particularly resource heavy.

I definitely do see performance issues though, and that's just something I'm living with right now. I'd definitely one hundred percent recommend shooting for higher ram if you want to switch to Qubes OS.

As, we're speaking my work Qube is using 10% of the CPU, and around 1-2GB ram. sys-net, sys-usb are using minimal ram, around 100-200MB, sys-firewall up to 1000MB, sys-whonix around 1000MB, my other personal qube around 1100MB. Dom0 using 2000-4000MB. So, you can see things are tight, and as soon as I do something rather intensive, performance will drop, and be quite noticeable. Although, these are exact, I've over estimated some as the "Qube domain" functionality shows you what they're using, but since they fluctuate I'd thought I'd over estimate to give you some idea of how tight things are.

I have around ten additional custom created qubes for different things. These generally are only opened, and then close on a need to basis. Plus, I do shut down Qubes if not using. I spend most of my time on my work qube, rather than personal. Personal used for things like emails, and things like that. It's nothing much. I do have a development qube which is not used much, as previously mentioned only in a pinch, and with all other qubes shut down. I use VScode on it.

My CPU is also pretty old, there's multiple bottlenecks on this machine. However, I've been comfortably using Qubes OS for my tasks for more than a year now, and despite having better performance on other Linux operating systems, I'd never go back.

[LoyceV]

[post filled with frustrations]

windows system like GandalfsWindows10PE.iso

Wow, just wow! I forgot how amazingly shitty anything Windows related is. First thing I do: close popup. That opens a new tab. Next click: Download. That opens a gaming portal and another tab again. Now I get Youtube videos, but still no download link. It turns out I need to donate $20 through Paypal to get a download link. Never mind.

+or, better, here

Great: Ads Blocker detected. Now there's only the 2019 version instead of 2022. But at least there's a download link. With a 15 second count down, for unknown reason. After that, I get another link to click to continue instead of my download. Clicking it, I get "File Not Found". I'll try the mirror, but first, count down 15 seconds again. Now it sends me to uploadrar.com, with more completely unrelated text and another 12 second count down. After several more clicks, it creates a download link. Finally! Lol. Of course not, clicking "Click Here To Download" brings me to gearbest.com.

Is this really what Windows users are used to? How can anyone put up with this, and not just switch to Linux? It made me realize my mistake, it won't happen again, I'll stay away from Windows, and I'll now try to get Easy2Boot with just Linux ISOs.

[/post filled with frustrations]

[Welsh]

That's alright. For a little more detail I use some Qubes to transfer data, isolate that data, and even wipe things. I wouldn't knowingly inject a malicious storage medium, and totally rely on virtual isolation (sys-usb). I'd much rather use a physical machine for that. So, Live cd's definitely are good for that sort of thing, but then you've got to ask the question whether the live USB has been compromised.

@Welsh Thank you for very detailed answer.
I'm surprised you can perform software development on Qubes with 8GB RAM. I also have VSCode, but i know it uses lots of RAM especially when you open directory with lots of file or have decent amount of extension.

Yeah, the firewall is what surprised me the most, and I will be taking a look at the logs, and figuring out why that is the case. I'm wondering whether that performs better on newer machines, and newer RAM. I'm still using very slow RAM as a disclaimer. This computer is very old. I'm waiting for the battery to die on it, because the batteries aren't easy to get hold of any more, that'll finally convince me to upgrade the machine.

I'm surprised you can perform software development on Qubes with 8GB RAM. I also have VSCode, but i know it uses lots of RAM especially when you open directory with lots of file or have decent amount of extension.

It's very limited, I mean 8GB on a normal operating system isn't really that great for development as you know. However, I've used it in a pinch. I've even ran Unity on it, which admittedly wasn't all that great performance .

Nah, I've used it for when a client needed something sorting out quickly or you know those moments that something come to you, and I test it out. Compiling time can be painful compared to that of a normal computer.  

I don't actively develop on this machine. I've got a desktop running another Linux distribution that does the meaty tasks.

Fair to say, I've pushed this machine to its absolute limit. Got to get your monies worth, right?

[Cricktor]

...
Is this really what Windows users are used to? How can anyone put up with this, and not just switch to Linux? It made me realize my mistake, it won't happen again, I'll stay away from Windows, and I'll now try to get Easy2Boot with just Linux ISOs.

C'mon LoyceV, don't be a drama queen. Your experience has likely little to do with Windows itself but rather the shitty download sources of ads infested websites and you shouldn't blame Windows, Linux or whatever for it. I'm not holding up the torch for Windows and shitty download source sites are a PITA with every system you visit them with.

To contribute to this thread: I personally use Ventoy to boot different ISOs from a USB stick, particularly the easy handling with it: just copy the ISO into the designated partition and it's available to choose on next boot; use TAILS to handle sensitive data offline and online and use Linux and Windows as I require.

If I have everything I need on Linux, I prefer it over Windows. Windows OS and popular programs and browsers running in Windows are the main target for malware due to their monoculture. It's preferable to dodge the bullets shot at the main target while you take cover under less popular and thus exposed OSes.

[LoyceV]

C'mon LoyceV, don't be a drama queen.

I was Frustrations got to me. It's over now I've added a warning to the post.

Back to Easy2Boot: The site says it's easier to install from Windows than from Linux, and indeed, I couldn't get it to work on Linux. The ./fmt.sh script gives several errors, so I manually tried the commands, which didn't work either. I'm now stuck here:

Code:

./bootlace.com --time-out=0 /dev/sdb

Error: Too few sectors to hold GRLDR.MBR.

Too bad it doesn't use the default Startup Disk Creator, that works very easy (for instance for Tails OS).

To contribute to this thread: I personally use Ventoy to boot different ISOs from a USB stick

I've used Ventoy (https://github.com/ventoy/Ventoy) in the past

I'll try this next.
Update: That was much, much easier It's copying ISOs now.

[Cricktor]

Thumbs up, @LoyceV!

Before I discovered Ventoy it was always kind of a pain to create multi-boot USB-Sticks or ISOs for tools I would likely need for backup or desaster recovery or whatnot. It's just so convenient to have something like a swiss-army-knife equivalent boot stick with lots of tools and OSes to boot when I'm out for IT rescue mission in family&friends space, not to mention my personal needs.

At first I was pretty hesitant to use Ventoy because basic rule: you have to trust what you boot, boot layers included! But various more or less trustworthy sources praised it and some digging in Ventoy's github repo later, I was mostly convinced that this looks safe enough to trust it as a boot layer. Now it makes my multi-boot life a lot easier.

BTW, I use a fast USB3-microSD adapter and affordable fast microSD cards as USB stick replacement, because reliably fast USB3-sticks that are actually fast to write to with 80+ MiB/s are a pain to find and are usually more expensive than microSD cards in similar speed category. I have no patience to deal with sub 30 MiB/s (or even lower for cheap stuff) write speed crap.

[NotATether]

I'm talking about Easy2Boot (E2B). This is a software that can turn easily an USB stick into a bootable "swiss knife".

Interesting. Till now I have always used Rufus to create bootable USBs, but it only works on Windows and there is no Linux version (there is a severe issue when running with WINE where the USBs cannot be detected and thus makes the tool useless).

And UNetBootin sometimes fails to make a USB that can actually boot an iso.