Luluc wrote:RandSec wrote:
Puppy Lucid is secure. :)
Well, let us just see: At first start Puppy pushes itself online without authorization and without first putting a firewall in place. Does that sound secure to you?
There you go at that subject again. Please. You're making a fuss over nothing.
I think it a good place to start. The firewall is an obvious problem which needs to be fixed, and even extended: No downloads should occur without a firewall PLUS a confirmed SSL connection to the repository.
Puppy goes online without a firewall, but it's also not running any service. No ftpd, no httpd, no MTA, no Webmin, not even sshd. It does not even have a browser installed except Dillo, which is so lacking in features that it is indeed impervious to any kind of malware.
All of which also means that during the download there is no substantial and widely-used browser logic in place to resist attack, in particular, SSL.
No hacker in the world could break into a Puppy machine remotely in such condition.
That is almost certainly wrong, but, more to the point, a system does not get secure by assuming nobody could break in.
My only fear, a very minor fear, is about that wiki something that runs as a service, but I am not aware of any vulnerabilities in it, and it is not started by default. Puppy is safe in the internets.
Excuse me, but real security is not about your particular fears, or uprovable claims. None of us have to know where the weakness is which someone might employ before we can be hurt by it. A little humility might help: These guys are smarter than most of us, with more experience, more motivation, more help, and more resources. The design in place has to fight all of that off without real-time help. And if they just manage to get a toe-hold, the botmaster has direct broadband access inside our machine.
RandSec wrote:Puppy also has a general inability to use a USB flash as a secure boot source. Once again, if the flash cannot be written, it cannot be updated, and so is insecure. And if the flash can be written, it can be infected, which is also insecure. The problem is first that the flash supposedly cannot be removed after booting (before malware can get in, provided Puppy does not automatically go online), and second that Puppy does not use the CD file system in flash, which would give it the ability to void latest saves and so return to a previously correct boot.
Please check the contents of /etc/mtab. Note that one file system is mounted read-only (ro). It is /initrd/pup_ro2 on my machine. Open it and see what's there: /bin, /usr/bin, etc. all read-only. None of that can be infected.
You do understand that malware, when it runs, changes the operating system itself, right? Malware is not concerned with your silly software permission bits which it can change at will and then interpret as it likes. We have decades of experience to show that malware can exploit inevitable software faults to avoid protections. Software read-only protection is great for stopping users, but basically useless against malware.
It's just as safe as the "CD file system" that apparently sits at the top of your wish list.
No, a USB flash drive is not as safe as a DVD+RW. When malware is in charge, it can write a flash drive as easily as a hard drive, and be completely unnoticed in both cases. In contrast, after booting from DVD the optical drive shuts down and stays dark. If it unexpectedly comes to life, we know something is up. And we can absolutely prevent such problems by removing the DVD from the drive after boot. Puppy does not allow us to remove a flash drive after boot, before going online.
You're obviously speculating. You don't really know of any vulnerabilities there, do you? If you do, please be more specific.
If security required knowing all of what the attackers know in secret before anything could be done to improve a design, there would be no security at all. If we have to wait for an attack, somehow notice it, then analyze it, then prepare an update, there will be no security. Good security is required to ANTICIPATE things which reasonably MIGHT happen. Most people in the security field would prefer to call that "analysis."
Malware has to infect executables. The best candidates would be all that parafernalia we have in /bin, /usr/bin, etc. Those are protected. Maybe some of those file systems in /etc/mtab could be mounted noexec, but I am not really sure. I still don't fully understand how Puppy works, but somehow I get the impression that whoever designed Puppy is not stupid.
One more time: "read only" or "protected" or even "unmounted" are merely terms used in describing the OS as it was BEFORE malware runs. WHEN malware runs, all those protections go out the window, because malware is in charge. That is what we call being "owned."
The Puppy design shows very little indication of being influenced by any understanding of modern online security.
Malware would have to infect some other executable, outside of the read-only file system, but which ones? Where is the point of entry exactly? You have to be specific so the holes get plugged, not monger fear with speculation. That is not helping.
This is not fear-mongering any more than promoting seat belts was considered fear-mongering. Real dangers exist and need to be confronted. If that makes someone uncomfortable, then good. The danger is real.
If you want to help with Puppy perception, get on board and encourage every possible security fix so users will know you are looking out for them.
I would bet some money that you come from a long and recent stint using Windows. Maybe even Windows 9x. Windows is a whole different story. Any media is dangerous because Windows can run just about any executable anywhere. Especially on external media, thanks to the infamous autorun.exe "feature" that helped crackers infect so many machines in the Windows 9.x era.
I think my story is well known. I came from Microsoft Windows specifically because of the poor and continually degrading security environment. That means I am not using Puppy because the user interface is superior to Windows, because it is not, nor because Puppy is so much more reliable, which it is not, nor because it is so much better documented and explained, because it is not. I specifically use Puppy to attain what I consider to be an acceptable level of online security, sufficient for normal online banking.
The advantage of coming from Windows is the ability to see so many of the old problems replicated here. The advantage is a potential to fix those problems BEFORE they become OUR problems, instead of waiting for them to bite.
I fail to see how the Puppy reputation is sensitive to FUD. If you want more people to run Puppy, clean it up, secure it up, and make it easy for ordinary Windows users. In the particular area of online banking, Puppy has a decent chance to challenge Windows head-to-head and win. But that chance will not be around much longer. FUD is not the problem.
The Net really does present very significant risks. Trying to hide Puppy security failings because they might scare people is the wrong way to go. Instead we need to consider ALL the problems, and come to a rational understanding of what they mean to us.
Linux has no such thing. Heck, even getting external media to mount automatically in Linux is difficult! I am always surprised at how well Puppy does that. Convincing Puppy to run an executable on external media is well nigh impossible. YOU, the user, will have to run it. But then that is your responsibility. That approach is perfectly in line with the run-as-root way of life anyway. The real threat is the user, not the software.
Only if you do not want ordinary users to choose Puppy. Ordinary users are unlikely to do things "right," which is to say, your way.
On the one hand, you fear FUD, presumably because it could chase away potential users. On the other hand, you are perfectly happy to have a system which is at least awkward and actually scary for new non-technical users. What is wrong with this picture?
And where will such malware come from anyway? It has to come from the browser and Javascript, of course. That's how modern malware works.
Malware can be introduced by any download, simply by getting Puppy to falsely accept a malware file as coming from the repository. That can be done by affecting network routing, perhaps on a router. But that would not work if Puppy required an SSL connection and included the home certificate in each copy.
But Puppy doesn't even have a browser out of the box. Maybe the Firefox pet/sfs should come with NoScript and everything locked by default, but that is not 100% necessary.
RandSec wrote:The inability to use USB flash securely is particularly irritating because many modern computers do not even have DVD writers. Since those computers cannot participate in Puppy LiveDVD security, just how secure is Puppy for them?
Where do you get this notion that DVDs are the only secure media in the world?
Well, now, you have to actually read my postings. I have described in detail why DVD's are more secure than flash several times. I have even described why flash, even with a hardware write-enable switch does not solve the problem: When it is protected it cannot be updated with a secure browser, and when not, it can be infected.
You seem to be based on several misconceptions. Please, if you know of anything more specific, let everyone know. You are not doing that, you are instead trying to scare the hell out of everyone just because you have been entertaining some scary thoughts.
The misconceptions are yours, not mine. By avoiding the Microsoft Windows experience, you obviously have no background in what malware actually does, and what it can do. You are out-of-date.
The scary thoughts are real. Actual small businesses have actually lost hundreds of thousands of dollars at a time with online banking, mainly from malware bots. They would prefer not to have that happen again.
