Secure LINUX for MacBook Pro Live USB Flash drive


I’m a Mac user looking to create a more secure environment for my online banking. i’ve decided what I’d like to do is create a bootable Flash drive containing a small and secure variant of Linux, and I need some advice because, frankly, I’m noob and this is a HUGE arena.

If it helps, I have a good idea of what I want:

  1. The Flash drive should be bootable on a MacBook Pro
  2. The variant of Linux should be compatible with the majority of my laptop’s hardware, but especially those bits relating to wireless internet connectivity and energy-saving features.
  3. The booted environment should be similar to a Live CD - ie. no data is saved to the Flash drive; the drive should be the same on each boot with no way of changing it.
  4. I’d like to be able to configure the bootable environment before it’s set in stone for point (3) above - things such as browser bookmarks, desktop picture, some essential wireless passwords, DropBox syncing, VPN settings etc.
  5. The whole kit and caboodle should take up less than 512MB on the Flash drive.
  6. The device should also be capable of booting on the odd PC here and there without my having to worry about leaving any traces behind.
  7. The only software it should contain is that relating to secure internet banking - so browser, VPN… that’s it?

Any and all pertinent info and advice is welcomed.

Many thanks,


See caveat at the bottom first.

Firstly, I don’t own a Mac, let alone a Macbook Pro so I can’t test for hardware compatibility of different distros… but…

  1. AFAIK Most Linux distro’s are bootable on an Intel/Mac, I “Know” vanilla Ubuntu is, so I suppose most if not all other distro’s will too.

  2. Whether Ubuntu will work “out of the box” with your Wireless is a bit hit and miss… depends on the model of your Macbook Pro.
    Further information here: MacBookPro - Community Help Wiki
    (if you let us know which model we may be able to suggest other distros)
    also see 4

  3. That’s easy just don’t include a persistence file… but 3 and 4 are (nearly, see 4) incompatible, it’s either writeable or it isn’t.

  4. The only distro that I know of where it’s “easy” to add missing software or drivers and edit config files, THEN set them in stone on a LiveCD would be Ubuntu… Using the UCK, see here:
    Linux.UK - Articles, News and Events for all things Linux
    So you could add any missing wireless driver etc. with the UCK then rebuild the ISO before using it to create a LiveCD.

  5. If you are going to use Ubuntu… a LiveUSB < 512mb is not going to happen by default… but I suppose you could uninstall software you don’t require with the UCK and get it down to < 512mb… roughly 700mb by default so maybe just removing Open Office?

  6. Again as you have an Intel/Mac the LiveUSB will be bootable on any PC as long as it has a i386 compatible CPU and can boot from USB… for maximum compatibility get the i386 (32bit) version of your chosen Linux distro, not the AMD64 (64bit)… a 32bit version will run on both 32bit AND 64bit CPU’s… 64bit will ONLY run on 64bit CPU’s

  7. See 4 and 5.

All in all, I’d say Ubuntu is what you are after, use the UCK to customise the default ISO removing any unwanted software and (if needed) installing the wireless drivers etc., and editing the config files to contain your network settings… when the custom.iso is built… use Unetbootin to put it on a USB stick WITHOUT persistence.

One last thing… don’t expect to be able to stop people logging on to a customised Ubuntu LiveUSB by adding a password to the log in, I’ve been trying to achieve this for someone else, and so far with mixed results (not fully working yet).

So I wouldn’t add bookmarks etc. or anything that you wouldn’t mind others having access to if you lost the USB stick.

If you NEED a password protected log in you’ll have to wait till I figure it out, or figure it out yourself :wink:
that doesn’t work on 10.10, they’ve obviously changed the way the default account is created/set up during the LiveCD boot process.

Like I said, there may be other options but we would need to know which version of MacBook Pro you have.

But yes… a non persistent Linux LiveCD or LiveUSB would be as secure as it comes as far as online banking goes… there is however a caveat:
You would be well advised to read that posting first.


Can I first of all thank you for providing such a prompt and comprehensive reply: thank you :slight_smile:

I read your caveat. The Nationwide is one of the institutions I bank with, so I’ve read with interest what was posted there, and at the Nationwide page linked to. As a result of the information on that page, I got in touch with one of my other banking institutions. Their policy is FAR more liberal - so much so that I find it hard to believe in the light of the Nationwide’s specificities.

The upshot of both of these revelations is that, in fact, it is both easier, more prudent financially and less involved to simply continue to perform my online banking duties on my standard OS (OS X “Snow Leopard”) than to pursue a more secure but more time-consuming process that leaves me unable to claim should I become the victim of online fraud.

I’m not sure whether to bother now. I’ll have to re-assess my reasons for wanting to pursue this method, and determine whether or not there are any actual end-benefits to be had. Should I decided to go ahead, however, your advice will prove invaluable (especially the reference to UCK). Cheers. :slight_smile:

It’s a crazy ol’ world, innit. :stuck_out_tongue:


Isn’t it just :wink:

Nationwide must be insane…

Nor do they support ANY mobile OS “apps” including Apple, Nokia, Google, Android and BlackBerry.
see the “Unofficial apps” link here:
So it would appear that if you access your Nationwide bank account from your mobile, you are NOT covered by their Online Banking Promise against online fraud.

Though OS X 10.4+/Safari are “supported”, there is no mention of iOS as a “supported” OS so an iPhone/iPad is out.

Windows Mobile OS’s are out too, as they only list:

Windows 2000, XP, Vista and Windows 7 [u]only[/u]
so you *may* get away with Windows [b]Phone[/b] 7, but it isn't specifically mentioned so it may not be covered.

Android isn’t mentioned either… so I guess NO Mobile banking is allowed at Nationwide.

Go figure…