Viruses? can I get them?
- gposil
- Posts: 1300
- Joined: Mon 06 Apr 2009, 10:00
- Location: Stanthorpe (The Granite Belt), QLD, Australia
- Contact:
Lobster,
Dpup484beta2 which will be out later today includes an all new "Sandboxed SafeBrowser", which runs as a non-root user and on closing destroys it's own cache, history...etc
Just thought those security conscious people would be interested.
Cheers
Dpup484beta2 which will be out later today includes an all new "Sandboxed SafeBrowser", which runs as a non-root user and on closing destroys it's own cache, history...etc
Just thought those security conscious people would be interested.
Cheers
[img]http://gposil.netne.net/images/tlp80.gif[/img] [url=http://www.dpup.org][b]Dpup Home[/b][/url]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
GuyJust thought those security conscious people would be interested
Mind viruses are the real enemy
For example the Dpup Beta 2 is uploaded to about 60MB at present
BUT
some people will download (gosh may even do it myself for that noob sensation]
check the md5sum
convince themselves their security is breached or some hacker is intercepting or . . .
[pause for breath]
is the worm in your head bigger than the threat
Answers in a crypted message to the usual drop zone
...not only trojans, but rootkits as well...
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
@mikeb
Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
ah those things....they use javascript and then make a page look like windows explorer or similar, or as you mentions the you are infected tripe...if only they knew . I'm not sure how the javascript settings in preferences would affect these happenings..the ones designed to limit what javascript can do.Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
mike
Pop-unders
I have seen those kind of "scare-windows" a few times whilst using Puppy. They are quite amusing - especially the ones that refer to directories which you don't even have on your Windows partition - which isn't even mounted!
You sometimes see a pop-under window which only appears after you close or minimise the browser but this is just a scary window, it doesn't mean they are scanning or installing anything on Puppy Linux. Some of them are quite persistent - the only way I can get rid of these is to kill the process.
As far as I know, though, all quite harmless if you are using Puppy. I know this might be alarming for would-be Windows refugees but is it possible the pop-under is generated by a site you visited before Puppy Linux? If the Puppy forum is the last site you visit before closing the browser that's when you'd see the pop-under.
I usually visit the Forum with adblock enabled either on Seamonkey in Puppy or on Firefox in XP. Is it possible that's why nobody else has reported this? If it comes from an ad I'd never see it.
The last thing we should be doing is allowing these rogues to scare people away from Puppy.
You sometimes see a pop-under window which only appears after you close or minimise the browser but this is just a scary window, it doesn't mean they are scanning or installing anything on Puppy Linux. Some of them are quite persistent - the only way I can get rid of these is to kill the process.
As far as I know, though, all quite harmless if you are using Puppy. I know this might be alarming for would-be Windows refugees but is it possible the pop-under is generated by a site you visited before Puppy Linux? If the Puppy forum is the last site you visit before closing the browser that's when you'd see the pop-under.
I usually visit the Forum with adblock enabled either on Seamonkey in Puppy or on Firefox in XP. Is it possible that's why nobody else has reported this? If it comes from an ad I'd never see it.
The last thing we should be doing is allowing these rogues to scare people away from Puppy.
word to the wise: When I was getting those popups on Puppy Forum, I actually had one trojan and three rootkits in operation on my Windows computer, which I occasionally used to visit the forums. The rootkits prevented my security software from detecting them, as well as preventing Windows security patches and updates from AVG.
More details required
Well tell us their names, then perhaps someone can scan the Forum for nasties - assuming it isn't some ad containing a cross-site script which is no longer present.
The problem with modern exploits like this is that one vulnerability may be used as an enabler or hook for something else to attack your system. You may have picked up the rootkits from elsewhere and these enabled some nasty on the Forum to try something else.
Worst infestation I have ever encountered (not on one of my own machines) was two and a half million files produced by a worm (I think it was) on a Windows Server. Couldn't even open that directory in Windows. If you opened a command line the machine rebooted. It modified something/System32/drivers/etc/hosts so that all common anti-virus sites were mapped to 127.0.0.1 . It prevented you viewing hidden directories or files which it had dumped on the machine and did a whole heap of other nastiness.
Fixed it with SLAX (Puppy wouldn't mount the RAIDed drives). Even that couldn't open a directory with millions of files in a graphical window so I deleted them all from CLI.
Point is, I have fixed broken/infested Windows boxes a few times with a Linux live-CD (usually Puppy)
I have never fixed a rootkitted Linux box with a Windows recovery disk!
The problem with modern exploits like this is that one vulnerability may be used as an enabler or hook for something else to attack your system. You may have picked up the rootkits from elsewhere and these enabled some nasty on the Forum to try something else.
Worst infestation I have ever encountered (not on one of my own machines) was two and a half million files produced by a worm (I think it was) on a Windows Server. Couldn't even open that directory in Windows. If you opened a command line the machine rebooted. It modified something/System32/drivers/etc/hosts so that all common anti-virus sites were mapped to 127.0.0.1 . It prevented you viewing hidden directories or files which it had dumped on the machine and did a whole heap of other nastiness.
Fixed it with SLAX (Puppy wouldn't mount the RAIDed drives). Even that couldn't open a directory with millions of files in a graphical window so I deleted them all from CLI.
Point is, I have fixed broken/infested Windows boxes a few times with a Linux live-CD (usually Puppy)
I have never fixed a rootkitted Linux box with a Windows recovery disk!
" word to the wise: "
///////////
Dreamin.
http://www.imdb.com/title/tt0118826/quotes
" I am sorry to tell you in quite this fashion.
Tell 'im 'e's dreamin'
http://www.youtube.com/watch?v=dik_wnOE4dk
///////////
Wise up.
Did you not read my second post.
" I am sorry to tell you in quite this fashion.
But >>>>Absolute Bullshit Moment. "
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
///////////
Dreamin.
http://www.imdb.com/title/tt0118826/quotes
" I am sorry to tell you in quite this fashion.
Tell 'im 'e's dreamin'
http://www.youtube.com/watch?v=dik_wnOE4dk
///////////
Wise up.
Did you not read my second post.
" I am sorry to tell you in quite this fashion.
But >>>>Absolute Bullshit Moment. "
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
Oh, I know the nasties came from another source, not Puppy Forum. Sorry if I gave the impression the problem originates here. Point being, if you're seeing popups here, you may already have trojans, possibly rootkits. At least, I had those guests on my WinXP laptop when I was seeing popups here. The incidents I mention above are reports on another forum.
http://www.murga-linux.com/puppy/viewto ... 144#378144
I personally experienced rogue AV popups and spontaneous browser closing using Puppy Seamonkey 1.1.8 on the problem site (not Puppy Forum). That's why I requested Adblock, and user Patriot supplied a link to the latest version for Seamonkey 1.1.x. Works good, smooth installation, no problems so far.
Adblock Plus version 1.0.2
https://addons.mozilla.org/en-US/seamon ... sions/1865
@cthisbear: np
http://www.murga-linux.com/puppy/viewto ... 144#378144
I personally experienced rogue AV popups and spontaneous browser closing using Puppy Seamonkey 1.1.8 on the problem site (not Puppy Forum). That's why I requested Adblock, and user Patriot supplied a link to the latest version for Seamonkey 1.1.x. Works good, smooth installation, no problems so far.
Adblock Plus version 1.0.2
https://addons.mozilla.org/en-US/seamon ... sions/1865
@cthisbear: np
Last edited by nubc on Wed 06 Jan 2010, 02:09, edited 6 times in total.
nubc
I find running ABP, + Noscript + WOT in either seamonkey or firefox/firepup works for most nasties
WOT will warn of sites before you visit, but spammer redirects are OS independent
https://addons.mozilla.org/en-US/seamon ... 7604afae7a
https://addons.mozilla.org/en-US/firefox/addon/3456
Aitch
I find running ABP, + Noscript + WOT in either seamonkey or firefox/firepup works for most nasties
WOT will warn of sites before you visit, but spammer redirects are OS independent
https://addons.mozilla.org/en-US/seamon ... 7604afae7a
https://addons.mozilla.org/en-US/firefox/addon/3456
Aitch
Malware is coming, we need to be ready for it
With all due respect to everyone here, I believe the sanguine attitudes in this thread about the immunity of Linux and Puppy to viruses and other malware are inaccurate and unforunate.
Malware today is predominantly criminal in intent. It is often developed in parts of the world that are largely immune to western legal prosecution and it is often well-organized, technically proficient, and highly capitalized.
When Linux malware gathers steam it could be highly effective simply because the Linux community as a whole does not yet take the threat seriously and has not prepared for it. Many Linux users don't know to turn on their firewalls (it's not on by default in Ubuntu and Puppy... why not? it is in Windows), and they are under the impression they don't have to install anti-malware scanners. This makes them easy prey -- so when significant Linux malware appears, we could really get walloped, and our well-deserved reputation for superiority to Windows in this area could become tarnished. We could end up looking pretty naive for having not prepared to repel even the less sophisticated attacks that are initially expected.
I hope the Linux community will start to take this threat more seriously before we find our reputation compromised.
Malware today is predominantly criminal in intent. It is often developed in parts of the world that are largely immune to western legal prosecution and it is often well-organized, technically proficient, and highly capitalized.
When Linux malware gathers steam it could be highly effective simply because the Linux community as a whole does not yet take the threat seriously and has not prepared for it. Many Linux users don't know to turn on their firewalls (it's not on by default in Ubuntu and Puppy... why not? it is in Windows), and they are under the impression they don't have to install anti-malware scanners. This makes them easy prey -- so when significant Linux malware appears, we could really get walloped, and our well-deserved reputation for superiority to Windows in this area could become tarnished. We could end up looking pretty naive for having not prepared to repel even the less sophisticated attacks that are initially expected.
I hope the Linux community will start to take this threat more seriously before we find our reputation compromised.
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
A windows user was scammed
Bless her, she now has a website
She was featured in this weeks BBC Click program
and is campaigning to make Windows safer and offering tests like so
http://www.cyberfraud.org.uk/risk/isyou ... rsafe.aspx
Taking these test you will find Puppy is 'unsafe' (not quite true)
In fact you might like to read how the Borg will be defeated in another multiverse . . .
http://www.ariel.com.au/jokes/Star_Trek ... cript.html
anyways . . . I wrote to her and suggested she used Puppy.
Which is safer than any known Windows configuration
For those needing military grade software I would recommend
BSD - but then . . . many military outfits are using Windows.
The NSA I believe use a hardened Linux
Maybe this scam and bad site search engine will be of use . . .
http://www.jasonmorrison.net/is-this-a-scam/
Perhaps someone would be kind enough to write a Puppy Virus
so that everyone who needs one can study the code?
(Make it Open Source)
- Or you might not bother . . .
Normal tin hat paranoia is now resumed . . .
Bless her, she now has a website
She was featured in this weeks BBC Click program
and is campaigning to make Windows safer and offering tests like so
http://www.cyberfraud.org.uk/risk/isyou ... rsafe.aspx
Taking these test you will find Puppy is 'unsafe' (not quite true)
In fact you might like to read how the Borg will be defeated in another multiverse . . .
http://www.ariel.com.au/jokes/Star_Trek ... cript.html
anyways . . . I wrote to her and suggested she used Puppy.
Which is safer than any known Windows configuration
For those needing military grade software I would recommend
BSD - but then . . . many military outfits are using Windows.
The NSA I believe use a hardened Linux
Maybe this scam and bad site search engine will be of use . . .
http://www.jasonmorrison.net/is-this-a-scam/
Perhaps someone would be kind enough to write a Puppy Virus
so that everyone who needs one can study the code?
(Make it Open Source)
- Or you might not bother . . .
Normal tin hat paranoia is now resumed . . .
If you had any understanding on why windows gets infected you would not make such statements....a common myth.I hope the Linux community will start to take this threat more seriously before we find our reputation compromised.
Microsoft have known the cause and the cure for years but will never implement it because having an OS that will fails after a year or 2 is good business for them.
I have in the past deliberately clicked on scam links, visited dodgy sites and run infected binaries on puppy and the worst I ever got was a browser crash....try it.
mike