pros and cons of a bootable BackTrack instance vs installed

Generally depends what you are doing.

If you are planning on learning first, on a legal enviorment, I would recommend to install backtrack (dual boot, usb or virtually).

installing it:

  1. Runs Faster

  2. No need to do a large update over & over.

  3. Allows you to add your own tools, and save files.

  4. Allows you to save preferences.

At this point it seems that installed backtrack is the best option, but live backtrack gives you something that the installed backtrack dosn't. It will always be in a clean state.

Just the fact that it is in a clean state, might be more important than all of the other points for a pen-tester, esepcially for a black hat. That is why another option is customizing the the live version.

It all boils down to what exactly are you looking for (as well what you prefer)? Learning -> Installed, Work -> Installed/Modified Live, Black-Hat Pen-Test -> Live/Modified Live.


Further explanation:

  1. Backtrack is built on ubuntu, updates are done the same way.

    sudo apt-get update & upgrade
    

    If you install it or use live cd you will have to update it, but take in account that with the live cd you will need to do a large update that may take from 15-25min, instead of small updates from the installed OS.

  2. Running backtrack from harddrive/ssd is faster, than accessing the OS from a externall usb/cd. In my case performance difference has been minimum.
  3. If you build your own tools, or have found some tools that are not included with Backtrack 5 can be added to the installed OS, if you use the live version you will have to reinstall them.
  4. When you boot into backtrack, your user is root and the password is toor. You also have to start network by running

      $ /etc/init.d/networking start
    

    Some want their own password, wallpaper, have no need for stealthy boot, and so on. So they modify it on their installed OS.


Another option is to install it as a VM, this would give you the best of both worlds, it would be updatable, and you could take recoverable snapshots/backups of your VM instance if you're planning on doing anything that might break your installation.

Personally I have it installed as a VM along with other VMs like metasploitable so that I can experiment and learn how the tools work, and I have it installed on an old laptop (about 6-7 years old) and it works fine.


If you are learning, I would install bt only because you can keep notes and snap shots for reference. Bookmark good tutorials and save settings for tools. Of course adding tools is nice too. Pickup a solid book to get started and if things get too far out of whack, backup your home directory and start over. Running off the disk keeps you logged in as root where as the install let's you create multiple user accounts. Very important if you want to play with any of the crack or privilege escalation tools.