The Official Release of Lucid 5.25 (Lucid Five Twenty-Five)

[8-bit]

Talking about the possibility of infection, If one has wine installed, does that give malware a door to infect the wine drive_c?

[nooby]

I've been told that is so But I have no idea I only trust what I 've been told.

So I ahve two frugal install of every Puppy. One with and one without wine.

But a more elegant solution is to have wine.sfs and only load it when one need it for Spotify etc and that is why I learn to use sfs and Seaside has a fast such sfsexec.pet that is easy to install but one need to be very disciplined because it lack some of the needed error checking that the sfs is not already loaded.

[RandSec]

Talking about the possibility of infection, If one has wine installed, does that give malware a door to infect the wine drive_c?

Apparently some Windows malware can run in Linux with Wine installed.

[willem1940NLD]

Talking about the possibility of infection, If one has wine installed, does that give malware a door to infect the wine drive_c?

Apparently some Windows malware can run in Linux with Wine installed.

Evidently yes; but I think I remember still some (free) virus protection (AVG free ....?) will work inside Wine as well. I used Wine some years ago and had also a Firefox-for-Windows installed there, for easy download and updating of Windows stuff.

I read that some people managed to get MS Office installed in Wine, which I never succeeded with .... it installed alright but thereafter remained invisible.

[willem1940NLD]

Observation: contrary to Snowpuppy 015, puppy 525 pidgin/hotmail requires approval of a mysterious document/certificate several times a day and subsequent renewed login password to reach Hotmail inbox.

Something wrong with automated saving of the accepted certificate?

[ASRI éducation]

... I think also, that sometimes it seems to be better to test or check out something for yourself - before writing about it....

@ maik.murks
Thank you for your advice.
In my defense, I can say that I test before offering solutions. In addition to your solution, I proposed charlie6 to add wallpaper in /usr/share/backgrounds_original/ORIGINAL-default.jpg because I found that when the distribution of crashes (caused by children who left click too fast) it happens that restores the Puppy wallpaper ORIGINAL-default.jpg
Indicating that solution, I did not attracting the wrath of the "gentleman I know better than others. "
I leave the specialist that you are solving this problem.

[RandSec]

Puppy Lucid is secure. :)

Well, let us just see: At first start Puppy pushes itself online without authorization and without first putting a firewall in place. Does that sound secure to you?

There you go at that subject again. Please. You're making a fuss over nothing.

I think it a good place to start. The firewall is an obvious problem which needs to be fixed, and even extended: No downloads should occur without a firewall PLUS a confirmed SSL connection to the repository.

Puppy goes online without a firewall, but it's also not running any service. No ftpd, no httpd, no MTA, no Webmin, not even sshd. It does not even have a browser installed except Dillo, which is so lacking in features that it is indeed impervious to any kind of malware.

All of which also means that during the download there is no substantial and widely-used browser logic in place to resist attack, in particular, SSL.

No hacker in the world could break into a Puppy machine remotely in such condition.

That is almost certainly wrong, but, more to the point, a system does not get secure by assuming nobody could break in.

My only fear, a very minor fear, is about that wiki something that runs as a service, but I am not aware of any vulnerabilities in it, and it is not started by default. Puppy is safe in the internets.

Excuse me, but real security is not about your particular fears, or uprovable claims. None of us have to know where the weakness is which someone might employ before we can be hurt by it. A little humility might help: These guys are smarter than most of us, with more experience, more motivation, more help, and more resources. The design in place has to fight all of that off without real-time help. And if they just manage to get a toe-hold, the botmaster has direct broadband access inside our machine.

Puppy also has a general inability to use a USB flash as a secure boot source. Once again, if the flash cannot be written, it cannot be updated, and so is insecure. And if the flash can be written, it can be infected, which is also insecure. The problem is first that the flash supposedly cannot be removed after booting (before malware can get in, provided Puppy does not automatically go online), and second that Puppy does not use the CD file system in flash, which would give it the ability to void latest saves and so return to a previously correct boot.
Please check the contents of /etc/mtab. Note that one file system is mounted read-only (ro). It is /initrd/pup_ro2 on my machine. Open it and see what's there: /bin, /usr/bin, etc. all read-only. None of that can be infected.

You do understand that malware, when it runs, changes the operating system itself, right? Malware is not concerned with your silly software permission bits which it can change at will and then interpret as it likes. We have decades of experience to show that malware can exploit inevitable software faults to avoid protections. Software read-only protection is great for stopping users, but basically useless against malware.

It's just as safe as the "CD file system" that apparently sits at the top of your wish list.

No, a USB flash drive is not as safe as a DVD+RW. When malware is in charge, it can write a flash drive as easily as a hard drive, and be completely unnoticed in both cases. In contrast, after booting from DVD the optical drive shuts down and stays dark. If it unexpectedly comes to life, we know something is up. And we can absolutely prevent such problems by removing the DVD from the drive after boot. Puppy does not allow us to remove a flash drive after boot, before going online.

You're obviously speculating. You don't really know of any vulnerabilities there, do you? If you do, please be more specific.

If security required knowing all of what the attackers know in secret before anything could be done to improve a design, there would be no security at all. If we have to wait for an attack, somehow notice it, then analyze it, then prepare an update, there will be no security. Good security is required to ANTICIPATE things which reasonably MIGHT happen. Most people in the security field would prefer to call that "analysis."

Malware has to infect executables. The best candidates would be all that parafernalia we have in /bin, /usr/bin, etc. Those are protected. Maybe some of those file systems in /etc/mtab could be mounted noexec, but I am not really sure. I still don't fully understand how Puppy works, but somehow I get the impression that whoever designed Puppy is not stupid.

One more time: "read only" or "protected" or even "unmounted" are merely terms used in describing the OS as it was BEFORE malware runs. WHEN malware runs, all those protections go out the window, because malware is in charge. That is what we call being "owned."

The Puppy design shows very little indication of being influenced by any understanding of modern online security.

Malware would have to infect some other executable, outside of the read-only file system, but which ones? Where is the point of entry exactly? You have to be specific so the holes get plugged, not monger fear with speculation. That is not helping.

This is not fear-mongering any more than promoting seat belts was considered fear-mongering. Real dangers exist and need to be confronted. If that makes someone uncomfortable, then good. The danger is real.

If you want to help with Puppy perception, get on board and encourage every possible security fix so users will know you are looking out for them.

I would bet some money that you come from a long and recent stint using Windows. Maybe even Windows 9x. Windows is a whole different story. Any media is dangerous because Windows can run just about any executable anywhere. Especially on external media, thanks to the infamous autorun.exe "feature" that helped crackers infect so many machines in the Windows 9.x era.

I think my story is well known. I came from Microsoft Windows specifically because of the poor and continually degrading security environment. That means I am not using Puppy because the user interface is superior to Windows, because it is not, nor because Puppy is so much more reliable, which it is not, nor because it is so much better documented and explained, because it is not. I specifically use Puppy to attain what I consider to be an acceptable level of online security, sufficient for normal online banking.

The advantage of coming from Windows is the ability to see so many of the old problems replicated here. The advantage is a potential to fix those problems BEFORE they become OUR problems, instead of waiting for them to bite.

I fail to see how the Puppy reputation is sensitive to FUD. If you want more people to run Puppy, clean it up, secure it up, and make it easy for ordinary Windows users. In the particular area of online banking, Puppy has a decent chance to challenge Windows head-to-head and win. But that chance will not be around much longer. FUD is not the problem.

The Net really does present very significant risks. Trying to hide Puppy security failings because they might scare people is the wrong way to go. Instead we need to consider ALL the problems, and come to a rational understanding of what they mean to us.

Linux has no such thing. Heck, even getting external media to mount automatically in Linux is difficult! I am always surprised at how well Puppy does that. Convincing Puppy to run an executable on external media is well nigh impossible. YOU, the user, will have to run it. But then that is your responsibility. That approach is perfectly in line with the run-as-root way of life anyway. The real threat is the user, not the software.

Only if you do not want ordinary users to choose Puppy. Ordinary users are unlikely to do things "right," which is to say, your way.

On the one hand, you fear FUD, presumably because it could chase away potential users. On the other hand, you are perfectly happy to have a system which is at least awkward and actually scary for new non-technical users. What is wrong with this picture?

And where will such malware come from anyway? It has to come from the browser and Javascript, of course. That's how modern malware works.

Malware can be introduced by any download, simply by getting Puppy to falsely accept a malware file as coming from the repository. That can be done by affecting network routing, perhaps on a router. But that would not work if Puppy required an SSL connection and included the home certificate in each copy.

But Puppy doesn't even have a browser out of the box. Maybe the Firefox pet/sfs should come with NoScript and everything locked by default, but that is not 100% necessary.

The inability to use USB flash securely is particularly irritating because many modern computers do not even have DVD writers. Since those computers cannot participate in Puppy LiveDVD security, just how secure is Puppy for them?

Where do you get this notion that DVDs are the only secure media in the world?

Well, now, you have to actually read my postings. I have described in detail why DVD's are more secure than flash several times. I have even described why flash, even with a hardware write-enable switch does not solve the problem: When it is protected it cannot be updated with a secure browser, and when not, it can be infected.

You seem to be based on several misconceptions. Please, if you know of anything more specific, let everyone know. You are not doing that, you are instead trying to scare the hell out of everyone just because you have been entertaining some scary thoughts.

The misconceptions are yours, not mine. By avoiding the Microsoft Windows experience, you obviously have no background in what malware actually does, and what it can do. You are out-of-date.

The scary thoughts are real. Actual small businesses have actually lost hundreds of thousands of dollars at a time with online banking, mainly from malware bots. They would prefer not to have that happen again.

[Béèm]

Observation: contrary to Snowpuppy 015, puppy 525 pidgin/hotmail requires approval of a mysterious document/certificate several times a day and subsequent renewed login password to reach Hotmail inbox.

Something wrong with automated saving of the accepted certificate?

I use a pidgin 2.7.3 sfs with 5.2.5 and I don't have that problem.

[willem1940NLD]

Observation: contrary to Snowpuppy 015, puppy 525 pidgin/hotmail requires approval of a mysterious document/certificate several times a day and subsequent renewed login password to reach Hotmail inbox.

Something wrong with automated saving of the accepted certificate?

I use a pidgin 2.7.3 sfs with 5.2.5 and I don't have that problem.

Same sfs and 525 here .... then maybe due to slower old machine .... ? But then still wonder why different with other puppies. Meanwhile had various installs of which 5 back to 525 ..... always clean installs after formatting partition.

[gcmartin]

There is a problem where LiveCD can no longer boot after "Saved to CD" is done on reboot/shutdown.

Several members have already tried to duplicate this on their system. I have this phenomenon on 3 different systems, Here's some more information for this community to look at as we try to ID this problem>

Noticing BIGPUP's post on a Bug report thread, I have move this post's information to it, here.

Also posted this problem last here and first here on this problem. Is this enough information to get to the bottom of this problem?
Thanks in advance.

[willem1940NLD]

Wallpapers ..... I don't see a problem. Easy download wallpapers lucid, they are a pet in package manager. Also, I simply pasted random bmp/jpg/png pictures there and they all function no matter in which of the 2 files. Momentarily I am using "quiet" old windows 98 greenish fine vertically striped background there, only do not know how to change colour of icon subscripts which remain white in my puppy 525 and I need them brown, purple, dark violet or black for clear visibility ..... or maybe each their own dark background shade spot like W98 had as option.

[bigpup]

I started a Bug topic for Lucid Puppy 5.25.
http://www.murga-linux.com/puppy/viewtopic.php?t=66777

[bigpup]

do not know how to change colour of icon subscripts which remain white in my puppy 525 and I need them brown, purple, dark violet or black for clear visibility

To change the color of the letters on the desktop icons:
Right click on a icon
Rox-filer->options->pinboard->appearance
Change the foreground color to what you like.
Hit OK when you are done.

[RandSec]

There is a problem where LiveCD can no longer boot after "Saved to CD" is done on reboot/shutdown.

Several members have already tried to duplicate this on their system. I have this phenomenon on 3 different systems, Here's some more information for this community to look at as we try to ID this problem>

Noticing BIGPUP's post on a Bug report thread, I have move this post's information to it, here.

Also posted this problem last here and first here on this problem. Is this enough information to get to the bottom of this problem?
Thanks in advance.

It may be that I do not see the problem because I learned to get around it in 431. I never accept the Save option on reboot / shutdown, except for the first time. Instead, I always use the Save button on the desktop. (Of course, there is no Save button until after the first Save.) So you might try that.

[RandSec]

Talking about the possibility of infection, If one has wine installed, does that give malware a door to infect the wine drive_c?

Apparently some Windows malware can run in Linux with Wine installed.

Evidently yes; but I think I remember still some (free) virus protection (AVG free ....?) will work inside Wine as well.

Unfortunately, the era where anti-vi scanning offered significant protection is almost over. We will have to learn to protect ourselves in other ways.

[willem1940NLD]

do not know how to change colour of icon subscripts which remain white in my puppy 525 and I need them brown, purple, dark violet or black for clear visibility

To change the color of the letters on the desktop icons:
Right click on a icon
Rox-filer->options->pinboard->appearance
Change the foreground color to what you like.
Hit OK when you are done.

Thanks a lot; found it and changed to black, no shadow, liberation mono (for clear difference between characters

1(one) I(capital i) l(lowercase L) m rn(r n).

1Ilmrn

Most other fonts make less distinction and especially at toying with 5 languages in chats etc., can be really unpleasant.

[wuwei]

@Randsec, Luluc et.alt.

The security stuff you talk about may or may not be relevant.

But what escapes me in these long posts is the sense for the postings. What do you want to accomplish RandSec? The security of Puppy is NOT improved by these statements and discussions. It could be improved by contributing your undoubted expertise to the next Puppy's development.

You certainly have convinced or brought to thinking quite a few people here. So why not put your abilities where your fingers are? How about giving it a rest and getting down to development?

Kindly!

[Tasgarth]

Wuwei wrote :

@Randsec, Luluc et.alt.
The security stuff you talk about may or may not be relevant.

But what escapes me in these long posts is the sense for the postings. What do you want to accomplish RandSec? The security of Puppy is NOT improved by these statements and discussions. It could be improved by contributing your undoubted expertise to the next Puppy's development.

You certainly have convinced or brought to thinking quite a few people here. So why not put your abilities where your fingers are? How about giving it a rest and getting down to development?

+1

[Lobster]

+2
Puppy 5.3
The most secure Puppy ever. Tin Foil Hats set to maximum. Eg. The firewall on by default
http://puppylinux.org/wikka/Puppy53

[wuwei]

This is good

On the firewall on issue.

For all you router people out there who never needed to set up Puppy on a DSL modem with pppoe.

When the connection is done via Roaring Penguin and /usr/sbin/pppoe-start_shell the firewall is established prior to the ppp0 connection!

eth0 starts prior, then firewall, then ppp0, and only then am I connected to the internet.

So, the job is halfway done, isn't it?