Viruses? can I get them?

For discussions about security.
Message
Author
ragaman
Posts: 186
Joined: Sun 14 Jan 2007, 12:55

#21 Post by ragaman »

There is one virus though that keeps wiping out my Puppy hard disk install. It's called distro-hopping virus that causes an itch that needs to be scratched.

elglobie
Posts: 24
Joined: Fri 21 Aug 2009, 09:46

Re: Why you are pretty safe

#22 Post by elglobie »

stanjam wrote:Still, you are not as safe running as root in Puppy as you would be as a limited user in say, Fedora or Ubuntu.

Any plans to be able to run puppy as user ?

elglobie
Posts: 24
Joined: Fri 21 Aug 2009, 09:46

#23 Post by elglobie »

ecomoney wrote:I offer a (not very) commercial service to install puppy as a dual boot (with CD) alongside windows. In our ads we put "No more viruses again EVER, or your money back"

Do you have a link to your service ?

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

Re: Why you are pretty safe

#24 Post by Pizzasgood »

elglobie wrote:
stanjam wrote:Still, you are not as safe running as root in Puppy as you would be as a limited user in say, Fedora or Ubuntu.

Any plans to be able to run puppy as user ?
I'm working on that. It isn't very hard. I just don't have much motivation lately (just a phase - I cycle between work-all-night level motivation and spend-my-time-watching-anime/reading level motivation). But it's coming along. The most important stuff is finished, except Xvesa, which I had working not long ago, but it stopped for some reason.


Meanwhile, in any normal Puppy, you can already run most applications as a limited user with very little effort. For example, if I wanted to run seamonkey as a limited user, I could do this:
su spot seamonkey
Seamonkey will be running as spot, while everything else is root.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
Bert
Posts: 1103
Joined: Fri 30 Jun 2006, 20:09

#25 Post by Bert »

So, following Pizzasgood's idea, could something like this be useful?
:lol:

(with thanks to trio for the GUI-making-Gui)
Attachments
Root-grapje.png
(85.52 KiB) Downloaded 2283 times
[url=http://pupsearch.weebly.com/][img]http://pupsearch.weebly.com/uploads/7/4/6/4/7464374/125791.gif[/img][/url]
[url=https://startpage.com/do/search?q=host%3Awww.murga-linux.com%2F][img]http://i.imgur.com/XJ9Tqc7.png[/img][/url]

User avatar
mikeslr
Posts: 3890
Joined: Mon 16 Jun 2008, 21:20
Location: 500 seconds from Sol

Viruses? can I get them? Malware in general

#26 Post by mikeslr »

It doesn't surprise me that that some malcontent wrote a virus which infected A Linux Server in general business use. But there's not even a hint of a rumor that a virus was written which effected more than one distribution's servers.

Viruses and Trojans are applications. Unless I'm wrong --I'm no expert-- in order for them to function they have to be able to run under the kernel of a particular operating system, using or including libraries applicable to that kernel. With exceptions such as Puppy 3s compatibility with Slackware 12.0s, you can't directly port an application from one Linux Distribution to another. Similarly, Puppy 4s were not developed using the same base as Puppy 3s: consequently, not every application which runs under Puppy 3 will run under Puppy 4 unless additional libraries are installed. There are hundreds, if not thousands, of distributions if you take into consideration each "Distribution's" version built with a different kernel.

I know nothing about "Full Installed" Puppies. It is, however, my understanding that running from a Frugal Install or a LiveCD, Puppies employ a layered file system. On bootup, Puppy first decompresses and loads the "Save" file, which contains your settings and the applications you've installed to "base" system. The "base" system is then decompressed and integrated with the decompressed "Save" file. When you install a new application, or change your settings, they are written to the Save file and do not become part of your "base" system unless and until you remaster.
Absent remaster, the next time you bootup, a pristine "base" system is again decompressed. Unless and until someone figures out how to write to a compressed "base" system, the worst that can happen is that the "Save" file would be "corrupted": the solution to which is to rebooted from a LiveCD, with Puppy pfix=RAM, delete the Save file and start again to add your favorite applications and set your desired settings. [Hint: if you have favorite applications you'll always want to use, download and save them in addition to just allowing Pet Package Manager install them].
The greatest threat using Puppy Linux, therefore, would be exposure to 'phishing.' There are several things you can do to minimize that. Of course, use Puppy's Firewall. Of course, avoid known "attack sites." If you use Opera or Firefox, set or do not unset their phishing protection. If you use Mozilla based web browsers such as Firefox and Seamonkey, install "NoScript." And there's one other step you can take not available under Windoz. Other than your HOME Drive or Partition, Puppy does not automatically mount drives and partitions. Install a second hard drive, create a separate partition or plug in a special purpose USB Key where you'll store your valuable data. Don't mount it while you're on line.
You can also try the Truecrypt Pet. But, to be on the safe side, back up your valuable data when changed to 'almost-always off-line' media.

mikeslr

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#27 Post by Pizzasgood »

With exceptions such as Puppy 3s compatibility with Slackware 12.0s, you can't directly port an application from one Linux Distribution to another. Similarly, Puppy 4s were not developed using the same base as Puppy 3s: consequently, not every application which runs under Puppy 3 will run under Puppy 4 unless additional libraries are installed.
It isn't as bad as it might seem. Firefox for example used to run on just about any Linux, with no effort. The latest ones aren't quite as portable but they still work on most recent Linuxes out of the box (well, assuming you don't use a CLI only distro).

Generally, the likelihood that a program will work on any given distro is inversely proportional to how complex it is.

One way to make things much more portable is to compile them statically. That way their dependencies are built in, so they don't need to rely on you already having them.

Also, if you use shell scripts, those can potentially run on most any Linux, though there are things to watch out for (different sets of utilities, different default shells, etc.) But they're completely independent of things like 32 vs. 64 bit, kernel versions, libraries, etc. And they can potentially run on Unix/BSD, not just Linux. You have to be even more careful about which utilities are available then though.

Over the summer, I did an internship that involved a Sun Solaris machine. I needed to examine some directory structures, but they didn't have the 'tree' program I use in Linux, and I couldn't get it to compile on that machine. So I wrote a shell script that implemented a crude imitation, along with a number of other scripts to help with various other tasks I had, and they all work just fine in Solaris, Puppy, and whatever distro my webhost uses (I don't remember - RH or CentOS I think). They'd probably work in Windows too, if you installed Cygwin.



BTW, the save file is not compressed, though it can be encrypted.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

purple_ghost
Posts: 416
Joined: Thu 10 Nov 2005, 02:18

Is this true?

#28 Post by purple_ghost »

Since I am not an expert perhaps some of the more knowledgeable here can tell me about these ideas.

Some of us use a live CD of Puppy with the hard drive still set to boot Windows. I would postulate that it might be possible for Puppy to allow some Malware to be installed on the hard drive, which would not run with Puppy, but might later run with the Windows install.

While penetrating Linux might be difficult because of so many different distros with different software install means, plus differences with kernels, where apps start from and such, the first distro that a hacker is likely to try to attack is Ubuntu. If Puppy is going to be based on Ubuntu, it would also be vulnerable. Perhaps they would try Debian, then they only need to access whatever Debian installer Puppy is using.

Someone has previously suggested that a safer means to use Puppy would be to run it from a Multi-Session CD/DVD., where no session is ever saved back onto the optical drive. The hard drive itself is never mounted. Files from web sessions is saved onto a flash key, which one can later scan, scan, scan before copying any thing from the flash drive to the hard drive. Or perhaps, it has been suggested that if that information is placed onto a CD/DVD ( but not the multi-session, since that might corrupt Puppy-???) it will never start to run on its own when using those data files with another OS.

Is it possible for a hacker to remotely mount a hard drive?

While it seems a contradiction to Puppy's intended audience, because it requires more hardware resources in place of the minimal hardware resources Puppy was aimed at, it has been suggested that using a Virtual Machine would also could be more secure, if the user was careful. ??
Google Search of Forum: http://wellminded.com/puppy/pupsearch.html

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#29 Post by Pizzasgood »

Is it possible for a hacker to remotely mount a hard drive?
Depends on what kind of access the hacker has gained. He would need to have root permissions or the permissions of a user who has been configured to be able to mount drives (this isn't configured by default). He would also need the ability to execute the "mount" command.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

purple_ghost
Posts: 416
Joined: Thu 10 Nov 2005, 02:18

Pizzasgood please interpret for me.

#30 Post by purple_ghost »

Are you saying that if the hacker rightly guess the target was using Puppy Linux, it would be trivial?

So could you do it? What is the easiest way to protect ones hard drive while using Puppy and leaving ones computer on-line to a high speed connection twenty four hours a day?
Google Search of Forum: http://wellminded.com/puppy/pupsearch.html

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#31 Post by Pizzasgood »

I'm saying that if somebody manages to "hack into your Puppy" such that they can run commands as root, and the drive is plugged in, then it would be trivial.

But they have to get into your Puppy first, which is not trivial. How do they do that?

If they write a trojan, and you run it as root, then the trojan can do anything root can do, including mounting drives.

If you install and enable an SSH server and they manager to figure out your password and you have Puppy and SSH configured to accept connections from wherever the person is coming from, he could log in and run anything he wants as root.


Otherwise, I don't know how the hacker would get into your Puppy in the first place. He'd have to find some vulnerability to exploit, and I don't know much about how to do that yet.


Best way to protect a harddrive is to unplug it from the motherboard (while the computer is powered down of course, otherwise you are more dangerous to it (and it to you) than any hacker!).

That isn't always practical though. Another method is to not run programs that can be exploited, or at least minimize the damage they could do. The biggest hole is the browser and its plugins. If the browser is run as 'spot' or another limited user, then if an exploit is exploited they still won't have root access (be sure to change your password from the default with the 'passwd' command though!).


Don't run servers that allow outside people to interact with your machine. I mentioned SSH already. Telnet, webservers, ftp servers, etc. also are candidates for attack. If servers must be run, try to deny all the web by default and then only allow specific machines access if possible (/etc/hosts.allow and /etc/hosts.deny are useful for this). Puppy is set up by default to block all non-local hosts. You should also learn something about the firewall. It can do interesting things like temporarily (or permanently) ban people who attempt to access your machine too frequently.


Be careful what programs you install. If possible it's good to look inside a package to see what exactly it does (they're basically just .tar.gz files, with a md5 checksum appended to the end, so you can extract them with tar -xf packagename.pet). You can't look at a binary file and see what it does unless you know machine code, but you can read through any scripts, and make sure important system files aren't being replaced. You'll also come out knowing more about the program you installed, in case it ever breaks.


Learn what your computer normally behaves like so that you notice any changes. (Temperature, CPU load, memory usage, disk activity, network activity, etc.) If you're seeing network activity but not actually doing anything with the network, find out why.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#32 Post by PaulBx1 »

Pizzasgood, I tried that "su spot seamonkey" and it works fine. I can even go and do things on the "about:config" page. The only thing is that my old profile is gone of course.

But I wonder, is there any reason at all for running Seamonkey as root? If not, why is seamonkey not invoked by default with a "su spot seamonkey"? It would seem to be a good security measure. Maybe rattle Barry's cage?

Of course there is the difficulty of moving the old profile over, which some would find a pain. I'm not sure how to do it. Maybe that can be automated too?

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#33 Post by Pizzasgood »

The seamonkey (and firefox if installed) profile is at ~/.mozilla, so you could try something like this (as root):

Code: Select all

rm -r /root/spot/.mozilla
cp -a /root/.mozilla /root/spot/
sed -i 's|/root/|/root/spot/|g' $(grep -Rl '/root/' /root/spot/.mozilla)
chown -R spot:spot /root/spot/.mozilla
If it doesn't work, just delete /root/spot/.mozilla/ and try something different.


Probably one of the reasons we don't use seamonkey as spot by default is that too many people would complain about not being able to download files to other places.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

mystmaiden
Posts: 93
Joined: Thu 23 Jul 2009, 14:36

#34 Post by mystmaiden »

.Flash wrote back in the beginning of this thread:

Still, malware is a possibility to keep in mind.

With windows I found myself having to constantly run 3 different malware detectors to keep xp clean (not one of them would catch everything), how would one deal with malware on puppy? Is it detected by one of the antivirus programs or ?

myst

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#35 Post by Pizzasgood »

You could install an antivirus program like ClamAV or F-Prot.

Most people just don't worry about it, because it isn't an issue yet.

I could carry antivenom in my pocket every day, but there isn't much point - I have such a small chance of being bitten by a deadly snake where I live that it would be a waste of pocketspace. Somebody could introduce some snakes, but they would probably be run over by all the cars before they had a chance to harm me.

I would be more concerned about an enemy attempting to assassinate me by slipping a snake into my bed. As unlikely as that is, it's more likely than being bitten by a random snake released to attack any random person who passes by.


When it comes to Linux, I use Conky so that I can monitor my CPU use, network activity, temperature, etc., and I often look inside a package before installing it to find out what it does (mainly out of curiosity though, so I'll know more about how it works). I also keep any especially confidential information encrypted - not only does that help reduce the harm that could be done through malware, but it helps protect me in the event of theft.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#36 Post by mikeb »

Bear in mind that windows has the mechanism for malware to be installed and run built in (did you see flash install itself??)...It is such an easy target why bother trying to wriggle in the secure_by_default linux.

The mechanism can be removed from windows but we who do so are liars and are lying about having no infections for years whilst running no antivirus software :D

relax

mike

Frank Cox
Posts: 378
Joined: Sun 01 Nov 2009, 06:05

Chat users claim their is a virus

#37 Post by Frank Cox »

I have a weird problem on a Dell 530 duo core running Ubuntu and Puppy.
Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank. Ubuntu still works fine and I blew up windows a month ago and have been afraid to reinstall it as I have almost 60 gigs of files in Ubuntu .

The people in puppy chat claim there is a virus that does that and probably got there using Ubuntu. I wrote the name down but it is not here. Personally I think they are yanking my chain because Ubuntu is unaffected.

Avast makes anti-virus for Linux, it has never failed me in Windows. Its also free. I have not used it because I am concerned it will be too big a resource hit.

If you are that paranoid you could unplug all the hard drives save one that you use for downloads and run in ram off the cd. and then scan it with Avast.

Please tell me how to become a liar and disable that feature in Winders? :D

I guess if someone wanted to they could post an amazing new pet that installs a full blown MSWord suite in Puppy using only 25 megs and con people into installing the virus for them? :}

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#38 Post by mikeb »

Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank.
sounds like a corrupted pup_save/filesystem problem that's a little too common
at the moment...nothing malicious just failing software....a fsck on the partition/pupsave might help sort it and there are some fixes for full installs floating around.
Do not take anything from that chatroom seriously.

As for windows look up nlite and xplite and how integrated internet explorer is the gateway to nasties

mike

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#39 Post by Pizzasgood »

Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank.
Since you didn't specify whether you tried this, I had better ask just in case: Have you tried simply running startx?

If that doesn't work, and if it doesn't provide any error messages (it probably wouldn't), there is an error log that it generates at /var/log/Xorg.0.log. You can read it from the commandline like this:

Code: Select all

less /var/log/Xorg.0.log
Like it says at the top, lines that have warnings will be prefixed with (WW) and lines with errors will have (EE). In particular, at the very bottom it might have a hint about why it didn't start. Of course, try to look through the whole thing too... (You navigate inside of less with the arrow keys. You can also use the spacebar to page down and the 'b' key to page up. You can exit with the 'q' key.)

If you need to copy that file to another location on the drive so that you can access it from another OS to post it here, you can do that with the cp program. For example, if you wanted to copy it to /mnt/home/, you could do that like this:

Code: Select all

cp /var/log/Xorg.0.log /mnt/home/
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#40 Post by Lobster »

I created Growl for the 'there must be devils and viruses brigade'
Never use it myself
http://www.murga-linux.com/puppy/viewto ... 821#371821

Here is more info to scare yourself with
http://en.wikipedia.org/wiki/Linux_malware :roll:

Scared yet? Use this BSD
http://www.openbsd.org/

Hope you find what you are looking for. :)

Puppy Linux - runs as root
and still recommended by Computer Crime Investigation Unit

http://puppylinux.org/wikka/BlackOps
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

Post Reply