Puppy Linux Discussion Forum

[carmelosawyer]

Hi there. Are there any antivirus apps for Linux, like there are for Windows? Or maybe Linux doesn't need any such apps? I just got puppy linux, but I am afraid to connect to the net without any security apps running. It does have a firewall of its own, though. Anything I need to download and run along with it?

[rokytnji]

If you download windows files from the net or music or images and put on a pen drive to share with friends or relatives on Windows computers.

I consider it good manners to run a scan on those files in Puppy linux before putting them on a pen drive and plugging it into their computer.

I have not had any malware issues running Puppy Linux for years though.
Your mileage may vary though.

http://www.murga-linux.com/puppy/viewtopic.php?t=68099

http://murga-linux.com/puppy/viewtopic.php?t=72327

[musher0]

You may unadvertedly transmit Windows viruses through data files brought in from some Windows system, but in and of itself, Puppy doesn't need anti-viruses, etc. Any Linux is virus-proof, because its structure makes it very complicated to create a virus for it. You can theoretically create viruses for Linux, it's been done in computing labs. But the lab conditions do not exist in the real world.

If you're worried, always boot your Puppy from CD or DVD, and make a double of your pup-save file.

But as the previous poster said, there has never been any report of a virus on PuppyLinux.

BFN.

[Iguleder]

Totally, totally wrong!

Any computer program is insecure! You can always find a vulnerability, either in the program itself, a library it is linked against or even the kernel.

Linux isn't virus-proof either, because it's just another piece of software. One buffer overflow vulnerability that allows remote code execution and you're in the system as root - that's more than enough to install a rootkit. Also, Puppy uses an old kernel, traditionally - e.g kernel 2.6.37.6 (as in 5.3.1) has many known vulnerabilities and exploits already exist. I'm pretty sure they even get executed by scanners on many computers around the world as I type these words ... maybe even yours!

"Lab conditions" is a lie - there's no difference between a pristine Puppy image and an installed Puppy - both share the same vulnerabilities, except those present in extra packages, of course.

Also, remember - virus scanners are not enough. They rely on viruses already discovered by data security companies - maybe you have a trojan no company ever found, installed on your "secure" Puppy for years.

The bottom line is simple: protect yourself as much as you can - get a restrictive firewall (e.g an iptables-based one), be careful with stuff you install, always be aware of what you have on your system, install security updates and be responsible for your actions. If there's a very sensitive piece of data you don't want to be stolen from your digital systems - make a carbon copy; write it down and keep it in a safe.

Remember - software is always insecure and there's nothing you can do about this, because it means you'll have to change the human nature.

[izezi]

How to write a Linux virus in 5 easy steps

[musher0]

Thanks, guys.

I stand corrected...

What's the advantage of Linux, then, from the standpoint of security? ...

[2byte]

[Bruce B]

I don't use a firewall. I use the built in NAT technology in my existing router. The router uses an old version of Linux which is too dumb to be very hackable. (I think)

As for virus scanners, I don't think they have good enough signature files for finding every Linux badware, although they have signatures for lots of badware, mostly Windows badware.

If I were concerned enough about viruses and because I don't think existing Linux anti-virus scanners are good enough, I would defer to making md5sum databases of my key directories.

The utility I would use would be md5deep to make base files to check against. Then run md5sum periodically to see if any files have been added or modified. Looking for files which shouldn't have been added or modified.

Maybe there are scripts written for us to use. If not, scripts to make the task easy could be written.

I think the main problem is that Linux has not suffered enough external compromises or malware to cause enough developer enthusiasm to necessitate building really good and easy to use firewalls and scanners.

Sort of like saying we need some problems in order to make solutions. Maybe a better way of saying what I want to say is; necessity is the mother of invention.

Anyway, not having perfect solutions, here is some information for anyone interested about the feature set of the md5deep program.

[nooby]

Apple is a bit like Linux. A unix like kernel with an overlay.
Apple has had problems with exploits.
Here is a text in Swedish and most likely they have that knowledge
either from PCWorld or from IDG News service and from Mac mags.

http://www.idg.se/2.1085/1.437860/myten-om-den-sakra-macen

The Myth about the secure Mac.

Linux is mostly protected by being the almost unknown OS
among the majority of average Joe users. So it is finanancely
more attractive to exploit Windows being used by 90% of users.
Here is another such report recently.
Edit Swedes had taken it from BBC

Half a million Mac computers 'infected with malware'

More than half a million Apple computers have been infected
with the Flashback Trojan, according to a Russian anti-virus firm.
http://www.bbc.co.uk/news/science-environment-17623422


Linux being another variant of Unix like OS should be as vulnerable
Consider how much money Apple can affort to invest in good security
compared to Linux Devs who are mostly doing all programming on
free time.

So Linux is less targeted and that is fortunate for us

[Bruce B]

Iguleder,

I want to add some things to your excellent post.

Of course as we all know a CD disc can't be modified by a hacker.

Also, the mounted SFS included with our Puppy can't be modified remotely with any ease at all, even if it is copied to writeable media such as a hard disk or USB stick.

Modified or added files will be found in /initrd/pup_rw subdirectories, (at least in my version and I hope in all versions)

I think knowing where to look makes the task of monitoring one's system easier. It is for example, much easier to peruse /initrd/pup_rw/usr/bin because it contains only changes than it is to peruse /usr/bin because that directory displays the changes as well as the unchanged.

Bruce

~

[Iguleder]

Right, it's impossible to modify a CD, but:
- A virus can penetrate through network, an infected hard drive/flash drive with some file system or SCSI/IDE driver vulnerability. Maybe even through the optical device driver.
- The virus can stay in memory, without being written to a file you can see in the writeable Aufs layer.
- Maybe the virus is a rootkit that hides files - that's the ultimate win. It lives in the kernel and hides itself.
- Maybe it replaces an existing, legitimate file that is always present in the writeable layer - e.g /etc/windowmanager with the path to a dummy window manager contained in a naive-looking, binary log file that runs JWM and some evil code.
- Overburn?

In short, you can never know. Thinking like a hacker means always being at least two steps ahead of the victim.

There is always a way to penetrate a system - sometimes it's because of the human stupidity and sometimes it's the hacker's technical skills. No matter what it is in this case, the bottom line is: it's impossible to be secure in the digital world.

[amigo]

The argument that your read-only CD cannot be altered ignores what may be happening *while you are running*. A rootkit or other malware doesn't need to live on a disk in order to work. Sure, if you are only on-line for a few minutes and then shut down your system then you are at less risk. But many people boot their system and then leave it running for a long time. They are just as vulnerable as anyone can be.

[Jasper]

I would be interested in participating in any experimental test(s) if the object was to demonstrate vulnerability as opposed to inflicting malicious damage.

[Bruce B]

Considerations of Attitude


I think many of the theoreticals introduced in this section are not strictly theoreticals, they could really happen.

Just yesterday, a script I run daily changed. It lost one character and this caused a malfunction in almost all the script. Say what! How?

It just doesn't seem practical for me to cover myself for almost all scenarios. Worse yet, it doesn't seem practical for me to cover myself for all scenarios in the real world, where damages can be much worse, such things as injuries, financial disasters, loss of loved ones.

Also, fear, (too much of it), at a minimum, will make a person miserable if he has to live it day in and day out.

I don't want to be fearful. Frankly, I want to enjoy my computing.

I could reduce many, many risks simply by not connecting to the Internet. But that would take away much of the joy of computing. I think I'd rather have risks associated with Internet usage, than not have the Internet.

I propose something like this: Reduce risks by being informed and taking smart minded precautions. With the knowledge that there are still risks, then enjoy your computing.

Take a personal inventory of one's greater concerns or fears. In other words things he really doesn't want to be a victim of and try and cover himself for those scenarios.

For example: What I hate the most is losing irreplaceable data. The basic solution for that is, for me, making backups of files on a separate storage device.

Concluding

We can never be 100% safe. Even if I take every precaution, it may not be enough, some could still swipe my computer. Do I want to install it in an air-conditioned safe? I suppose I would like to, but I don't have the kind of money to justify the expense.

I don't like taking losses. I don't like the emotion of fear or over concern having much of a role in my life.

I suppose others feel the same.

Asking ? ? ? ? ? ? ? opinions - thoughts ? ? ? ? advice ???

~

[musher0]

Bruce B.,

I'll endorse that. There has to be a balance; one's computer security is important, but, as you said, not to the point of killing the enjoyment of using a computer.

Beyond that balance point, it becomes paranoia. Reminds me of the tale of the old miser who didn't trust banks: he had put double locks on his doors and windows, and had sensors recording at every angle for fear that whatever cash he has stored in a lead drawer underneath the floor will be stolen. He also had a shotgun, of course. One evening, he inadvertedly shot his son who came in late because he thought he was an intruder... The son had had one beer too many, had forgotten the security code and was simply knocking at the door instead...

Sure it's a tale. But transpose it to the computer situation, and paranoia may lead you to do yourself more harm than good.

FWIW. BFN.