puppy linux security?
puppy linux security?
i understand that puppy linux is secure because it's run from a cd (non-writeable). that said, i have chosen to run a "liveusb" instead of "livecd". i also make use of the pup_save file. does that mean i am vulnerable to viruses and security issues because i'm using writeable media (usb) and saving after each shutdown?
-
jonyo
Most viruses & security issues target & affect win systems. I run live cd with save files to HD but don't think it matters much which way run.
Though I'm sure it is possible, not aware of a pup user being affected this way just running the pup onbaord firewall & a few use nothing. Pup offers options to tweak up security measures (login, password, save file encryption etc..) - I don't use any of these.
Though I'm sure it is possible, not aware of a pup user being affected this way just running the pup onbaord firewall & a few use nothing. Pup offers options to tweak up security measures (login, password, save file encryption etc..) - I don't use any of these.
-
Béèm
- Posts: 11763
- Joined: Wed 22 Nov 2006, 00:47
- Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win
As jonyo says, Win systems are targeted.
Also the executable code is meant to run in Windows.
So a weak point can be if you run Wine.
Also if you store code in Puppy which is malicious and you access it later in Windows, there could be a danger I think.
I run with pup_save files also for well over a year and have not experienced a problem.
Also the executable code is meant to run in Windows.
So a weak point can be if you run Wine.
Also if you store code in Puppy which is malicious and you access it later in Windows, there could be a danger I think.
I run with pup_save files also for well over a year and have not experienced a problem.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Even if some kind of malware targeted Linux, Puppy is so unique that it is unlikely the virus would work in Puppy. Still, anything is possible.
I run Puppy from a multisession DVD. If I ever think I've picked up a virus, I can blacklist the session where I think the virus was saved, and the contents of that session are skipped when Puppy boots. That's good enough for me.
I run Puppy from a multisession DVD. If I ever think I've picked up a virus, I can blacklist the session where I think the virus was saved, and the contents of that session are skipped when Puppy boots. That's good enough for me.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69321][color=blue]Puppy Help 101 - an interactive tutorial for Lupu 5.25[/color][/url]
-
Bruce B
Now that your primary concern is clear, I think the answer is don't keep too many 'sensitive' documents and encrypt the few you have. This way, it wouldn't matter if your computer were lost or your flash drive or whatever, your sensitive data is safe.
Puppy includes the CLI app bcrypt
Additional Notes:
Your encryption strengthens with stronger passwords.
Bcrypt is also available for Windows and other OSes, so your encrypted files are quite portable.
If you keep all your sensitive files in one directory you can encrypt and decrypt all files with one command from within that directory: bcrypt *
-----------
Puppy includes the CLI app bcrypt
Additional Notes:
Your encryption strengthens with stronger passwords.
Bcrypt is also available for Windows and other OSes, so your encrypted files are quite portable.
If you keep all your sensitive files in one directory you can encrypt and decrypt all files with one command from within that directory: bcrypt *
-----------
-
Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
1. Run from CD = very secure
or multisession ('recordable on CD' Puppy)
2. Save data on USB key drive and secure that drive
Other things you can do
Use the open source Firefox 3 Beta or closed source Opera Browsers for more protection
Disable Java and javascript in browser
Encrypt sensitive data files with Blowfish007
http://www.murga-linux.com/puppy/viewto ... 2942#22942
Most security info is for network computers
http://www.linux-tutorial.info/modules. ... pageid=188
Puppy is standalone
So secure the boot media (CD, computer, keydrive) and secure your save file (save on CD or USB keydrive) and think about what you have . . .
Your operating system, data and saved material is separate from your computer location. Most of us need nothing like this level of security even if we work in security.
Theoretically (if you were interested) you could create
a disposable OS, for one time use, that only ran from memory and wiped all your data each time.
In fact running 'puppy pfix=ram' at boot up and then deciding not to save data at shut down, means you have been running invisibly and left no trace.
Depends what you wish to do.
or multisession ('recordable on CD' Puppy)
2. Save data on USB key drive and secure that drive
Other things you can do
Use the open source Firefox 3 Beta or closed source Opera Browsers for more protection
Disable Java and javascript in browser
Encrypt sensitive data files with Blowfish007
http://www.murga-linux.com/puppy/viewto ... 2942#22942
Most security info is for network computers
http://www.linux-tutorial.info/modules. ... pageid=188
Puppy is standalone
So secure the boot media (CD, computer, keydrive) and secure your save file (save on CD or USB keydrive) and think about what you have . . .
Your operating system, data and saved material is separate from your computer location. Most of us need nothing like this level of security even if we work in security.
Theoretically (if you were interested) you could create
a disposable OS, for one time use, that only ran from memory and wiped all your data each time.
In fact running 'puppy pfix=ram' at boot up and then deciding not to save data at shut down, means you have been running invisibly and left no trace.
Depends what you wish to do.
Last edited by Lobster on Sun 16 Dec 2007, 09:44, edited 1 time in total.
The only secure computer is one that isn't connected to a network. Period. Don't conduct banking or other finances online. Support local businesses and pay with cash.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
No doubt you're right, but is that a general comment, or is it directed specifically at Puppy?The only secure computer is one that isn't connected to a network.
All of the "security" blurb on the web has made me increasingly paranoid . I have the same question as the OP, and more.... (I hope it's ok to post them here rather than starting a new thread)
My main aggravation with Windows is that installed programs and services are all set up to run merrily away without the user having the foggiest what's going on and having to google endlessly to find out what they are and how to turn them off, and then they "phone home" for "updates" without telling you. I've spent a lot of time finding out what's running on Windows and disabling stuff I don't like the look of.
My questions in relation to the OP's question is what puppy does in this regard - is there any process which runs upon booting that can give access to remote users? Is there anything that needs to be turned off? Do the programs only run if you click on them? Are any set up to "phone home"? What about "backdoors" - has anyone gone through all the code and can say there isn't some means for some "linux geek" somewhere to log onto my computer behind my back? Can I see the list of IP addresses that my browser is accessing in Puppy? Thanks.
The main problem with windows is active X.
In the Linux-world there was the consens instead:
ActiveX provides only such a small amount of comfort, that it is not acceptable to develop an equivalent, because of the potential risk such comfort has.
So as there is no activeX, most attacs are simply not working, as the required infrastructure is not provided by the system.
I always must laugh, when I visit a porn-site, and see all these Javasripts, that try to run a dialer.exe without success
A problem can be buffer-overflows, that are erratic programs.
If an attacer knows such a bug, he can use it, to access a computer.
As programs for Linux usually are updated often, these bugs are usually only available on a very small amount of computers.
So usually noone tries to write exploits for them, except to prove that they exist.
The other thing is, how could a computer be infected.
On windows, the main infection is activeX (email, prepared websites), or if the user installs infected programs.
Those programs are usually installed, because people do not want to pay for them.
So they download them from where they can get them for "free", from warez-sites.
Well, guys who have no scrupels to steal other peoples property (commercial programs), also have no scrupels to add some trojan horses to the stuff they spread...
In Linux, you usually will not need warez, so the second big risk is gone.
There are further points like binary-incompatibility between different distros, the "inhomogenious infrastructure".
This makes it difficult, to spread malware like viruses.
If you use Puppys firewall, and don't install programs you don't know where they come from, you are almost safe.
If you really need to try cracking sites or such, you could boot Puppy with "puppy pfix=ram", so without a personal storage.
Then all changes that could happen, are lost, if you power off.
Mark
In the Linux-world there was the consens instead:
ActiveX provides only such a small amount of comfort, that it is not acceptable to develop an equivalent, because of the potential risk such comfort has.
So as there is no activeX, most attacs are simply not working, as the required infrastructure is not provided by the system.
I always must laugh, when I visit a porn-site, and see all these Javasripts, that try to run a dialer.exe without success
A problem can be buffer-overflows, that are erratic programs.
If an attacer knows such a bug, he can use it, to access a computer.
As programs for Linux usually are updated often, these bugs are usually only available on a very small amount of computers.
So usually noone tries to write exploits for them, except to prove that they exist.
The other thing is, how could a computer be infected.
On windows, the main infection is activeX (email, prepared websites), or if the user installs infected programs.
Those programs are usually installed, because people do not want to pay for them.
So they download them from where they can get them for "free", from warez-sites.
Well, guys who have no scrupels to steal other peoples property (commercial programs), also have no scrupels to add some trojan horses to the stuff they spread...
In Linux, you usually will not need warez, so the second big risk is gone.
There are further points like binary-incompatibility between different distros, the "inhomogenious infrastructure".
This makes it difficult, to spread malware like viruses.
If you use Puppys firewall, and don't install programs you don't know where they come from, you are almost safe.
If you really need to try cracking sites or such, you could boot Puppy with "puppy pfix=ram", so without a personal storage.
Then all changes that could happen, are lost, if you power off.
Mark
-
jonyo
http://www.murga-linux.com/puppy/viewtopic.php?t=23230oblivious wrote:All of the "security" blurb on the web
http://www.murga-linux.com/puppy/viewtopic.php?t=22448
http://www.murga-linux.com/puppy/viewtopic.php?t=23711
http://www.murga-linux.com/puppy/viewtopic.php?t=22119
http://www.murga-linux.com/puppy/viewtopic.php?t=22730
Uhm, that won't make a computer really secure.alienjeff wrote:The only secure computer is one that isn't connected to a network. Period. Don't conduct banking or other finances online. Support local businesses and pay with cash.
For that, you need to have everything encrypted, and your box, keyboard, cables, monitor shielded so that they don't give off electromagnetic radiation. You also shouldn't be sitting in a room with windows.
Now I realize that that's no the type of security this thread is about, but since you raised the issue of "true" security...
ActiveX is not Java Script. Active X is for IE, and while Mozilla-based browser don't use that, they do support Java Script, which can and is used for all kinds of attacks, especially Phishing. Running Linux won't help you one bit with that. I recommend installing the NoScript plugin for FF.MU wrote:The main problem with windows is active X.
In the Linux-world there was the consens instead:
ActiveX provides only such a small amount of comfort, that it is not acceptable to develop an equivalent, because of the potential risk such comfort has.
So as there is no activeX, most attacs are simply not working, as the required infrastructure is not provided by the system.
I always must laugh, when I visit a porn-site, and see all these Javasripts, that try to run a dialer.exe without success
So I wouldn't call AX the "main problem with Windows". The main problem is MS in that their - like everybody else's - software has bugs and that MS in their desire to make the OS "user friendly" made some bad design decisions. Plus, MS is generally reluctant to disclose their bugs (bad for business) and tends to fix them relatively slowly (unlike the Linux programmers).
Another major issue (one of the aforementioned "bad decisions") is that "normal" users are by default administrators with all rights, so any malware that gets onto a system can immediately take over.
That could also be a problem with Puppy - I think you are a root user when you run it. Although with the general lack of viruses your main problem with that would be you accidentally destroying your system (not an issue if you run off a CD or in RAM).
To sum it up - even with Linux you should be careful when you browse the web. The biggest security threat for any system remains the user. Some OS just make it easier for that threat than others.
I wouldn't say that.
I have been using Linux since 1998 and have never had problems going on the net as root user.
I have also been using Puppy since the pre .9 versions and still have no problems with viruses, spyware, adware or trojans of any kind.
If you are really worried use Puppy's own firewall and if you hear of any real cases of anyone having a Windows-like attack on a Puppy machine please let me know as I would be really interested to see what form such an attack would take.
I think if there were big problems with Linux or Unix the whole Linux/Unix community would be aware at once.
I have been using Linux since 1998 and have never had problems going on the net as root user.
I have also been using Puppy since the pre .9 versions and still have no problems with viruses, spyware, adware or trojans of any kind.
If you are really worried use Puppy's own firewall and if you hear of any real cases of anyone having a Windows-like attack on a Puppy machine please let me know as I would be really interested to see what form such an attack would take.
I think if there were big problems with Linux or Unix the whole Linux/Unix community would be aware at once.
-
Bruce B
Log file shows router being hacked several times an hour.oblivious wrote:So, is the upshot of all of that information that Puppy is not secure and you need a degree in programming to try to do anything about it?
Router doesn't care what kind of OS it serves, it provides same level of unwanted inbound protection.
Does that make everything equal between the other OS and Linux?
By no means!
The other OS will exploit you from the inside out via the core OS and integrated applications and third party apps, unintentionally installed trojans, keyloggers, and viruses.
How could they have gotten there in the first place? Well I tell you how they didn't get there. They didn't get there by the router forwarding packets to it. It was an inside job.
-
Bruce B
'Aware' of course is an understatement. There are things one does not do.Ian wrote: I think if there were big problems with Linux or Unix the whole Linux/Unix community would be aware at once.
I really think if a FOSS development team passed off a significant application that was malware and it was intentional, a fork and cleanup would happen immediately. We would not trust the fox to watch the hen house. And unlike proprietary software we would not have to either.
The malware programmers, had just as well forget their involvement and status in the original trojan horse project and change personal identities as well.
All I am concerned about is my information being deliberately sent out
or intercepted, or things being installed without my permission.
I've been using Windows since 1996 (ish) and I've never had a virus detected, let alone had one blow up my computer, so I don't think too many conclusions can be drawn about the security of an OS from an individual's experience with it.
I just don't understand the information - if they're talking about the firewall on the router, then that isn't intrusion into Puppy at all??
It's all too hard for me.....
or intercepted, or things being installed without my permission.
I've been using Windows since 1996 (ish) and I've never had a virus detected, let alone had one blow up my computer, so I don't think too many conclusions can be drawn about the security of an OS from an individual's experience with it.
I just don't understand the information - if they're talking about the firewall on the router, then that isn't intrusion into Puppy at all??
It's all too hard for me.....