Security of Thin Client

[curtswanson]

I am thinking of getting a thin client to use with MJ. I have been reading these posts for a couple of days and I see suggestions to strip down the applications and services that run. I have not seen much regarding the security of these machines. On my networked computers, I run a firewall and some anti-malware programs. Do I need to run these on the thin client if I only use it for MJ?

[STxFarmer]

Once you get everything like you want it you enable the "Enhanced Write Filter". What this does is stop the writing of any data to the DOM in the TC. As soon as the system reboots it is back to the same condition and any malware or viruses are gone. I do not run any type of antivirus or malware software or even the firewall. Nothing can get onto the flash memory with EWF enabled.

[curtswanson]

Thanks. I can see that that probably reduces or removes the need for Windows updates but how does that affect MJ updates?

[STxFarmer]

In order for the magicJack update to stick, you must write to the DOM and let the system reboot. While magicjack is running it should take the update but as soon as the system reboots the update is gone. It takes a manual approach but it is an easy process.

Reboot TC
let magicjack take update
commit overlay and reboot

Magicjack is a happy camper again. Nothing gets written to the DOM unless you want it to.

[curtswanson]

Thanks STxFarmer. I'm looking for one now.

[stav]

In order for the magicJack update to stick, you must write to the DOM and let the system reboot. While magicjack is running it should take the update but as soon as the system reboots the update is gone. It takes a manual approach but it is an easy process.

Reboot TC
let magicjack take update
commit overlay and reboot

Magicjack is a happy camper again. Nothing gets written to the DOM unless you want it to.

The problem with this is that you rarely know when MJ pushes updates to the dongle. So it can happen that the update is pushed, TC reboots and the update is gone, cause you have EWF on. Preferably to keep EWF Off, imho

[R0ss]

In order for the magicJack update to stick, you must write to the DOM and let the system reboot. While magicjack is running it should take the update but as soon as the system reboots the update is gone. It takes a manual approach but it is an easy process.

Reboot TC
let magicjack take update
commit overlay and reboot

Magicjack is a happy camper again. Nothing gets written to the DOM unless you want it to.

The problem with this is that you rarely know when MJ pushes updates to the dongle. So it can happen that the update is pushed, TC reboots and the update is gone, cause you have EWF on. Preferably to keep EWF Off, imho

agreed, however I was under the impression that one of the reasons for EWF was becausee DOM have a finite number of read/writes. If you leave it off don't you run the risk of premature DOM failure. In addition would you not then run the risk of virus/malware infection too which would necessitate having windows firewall turned on or someother virus/malware software unless of course yo have a seperate firewall.

Ross

[stav]

In order for the magicJack update to stick, you must write to the DOM and let the system reboot. While magicjack is running it should take the update but as soon as the system reboots the update is gone. It takes a manual approach but it is an easy process.

Reboot TC
let magicjack take update
commit overlay and reboot

Magicjack is a happy camper again. Nothing gets written to the DOM unless you want it to.

The problem with this is that you rarely know when MJ pushes updates to the dongle. So it can happen that the update is pushed, TC reboots and the update is gone, cause you have EWF on. Preferably to keep EWF Off, imho

agreed, however I was under the impression that one of the reasons for EWF was becausee DOM have a finite number of read/writes. If you leave it off don't you run the risk of premature DOM failure. In addition would you not then run the risk of virus/malware infection too which would necessitate having windows firewall turned on or someother virus/malware software unless of course yo have a seperate firewall.

Ross

You are right,
That's the price we have to pay for not having to do daily maintenance on the TC. Unless someone more knowledgeable than me here has another suggestion.

[R0ss]

The problem with this is that you rarely know when MJ pushes updates to the dongle. So it can happen that the update is pushed, TC reboots and the update is gone, cause you have EWF on. Preferably to keep EWF Off, imho

agreed, however I was under the impression that one of the reasons for EWF was becausee DOM have a finite number of read/writes. If you leave it off don't you run the risk of premature DOM failure. In addition would you not then run the risk of virus/malware infection too which would necessitate having windows firewall turned on or someother virus/malware software unless of course yo have a seperate firewall.

Ross

You are right,
That's the price we have to pay for not having to do daily maintenance on the TC. Unless someone more knowledgeable than me here has another suggestion.

From my reading the forum the current solution is to install a microdrive. If you were to use a 4gig microdrive you could install tiny xp or what ever flavor of xp you like and eliminate the need for EWF.

Ross

[Alpman]

XPe works great on a MicroDrive as-is. You could clone your DOM onto the MD and then resize the partition. Then disable and remove EWF and enable the Pagefile.

Installing any flavor of a full XP install would require the initial installation on a standard IDE drive first, then edit the .inf and install the MicroDrive filter driver, then clone the drive to the MicroDrive. Remove the standard IDE drive and replace it with the cloned MicroDrive. If all went well, XP should boot from the MD.

[Alpman]

Back to the OP question on security, if you are only using the TC for MJ and not any web browsing then you are fairly secure from viruses and malware, so disabling EWF is not an issue, as long as you have some sort of firewall. Most routers have a built in firewall. The only issue would be if another machine on your network were to get infected and spread.

If you use the TC for even occasional email or browsing then keep EWF enabled or install a basic free AV program like Avira AntiVir and disable real time scanning to reduce overhead. You could manually scan from an online AV provider like TrendMicro HouseCall, but you will need to install Java for it to run.

[R0ss]

XPe works great on a MicroDrive as-is. You could clone your DOM onto the MD and then resize the partition. Then disable and remove EWF and enable the Pagefile.

Installing any flavor of a full XP install would require the initial installation on a standard IDE drive first, then edit the .inf and install the MicroDrive filter driver, then clone the drive to the MicroDrive. Remove the standard IDE drive and replace it with the cloned MicroDrive. If all went well, XP should boot from the MD.

If it's not too much trouble could you PM me with step by step for each option. I've never cloned a drive so not sure where to start...

Ross

[Alpman]

When I get some time I will post it for all...pretty busy this week.

[R0ss]

When I get some time I will post it for all...pretty busy this week.

thanks

I have been doing some forum searches as well as google and found some open source options for cloning, CloneZilla, specifically.

I have time as I am waiting for Microdrive and adapter to arrive.

Ross