Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 29 Aug 2014, 04:06
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Doesn't Linux need antivirus and firewall?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [27 Posts]   Goto page: 1, 2 Next
Author Message
carmelosawyer

Joined: 04 Apr 2012
Posts: 1

PostPosted: Wed 04 Apr 2012, 02:00    Post subject:  Doesn't Linux need antivirus and firewall?  

Hi there. Are there any antivirus apps for Linux, like there are for Windows? Or maybe Linux doesn't need any such apps? I just got puppy linux, but I am afraid to connect to the net without any security apps running. It does have a firewall of its own, though. Anything I need to download and run along with it?
Back to top
View user's profile Send private message 
rokytnji


Joined: 20 Jan 2009
Posts: 1312
Location: Pecos/ Texas

PostPosted: Wed 04 Apr 2012, 04:09    Post subject:  

If you download windows files from the net or music or images and put on a pen drive to share with friends or relatives on Windows computers.

I consider it good manners to run a scan on those files in Puppy linux before putting them on a pen drive and plugging it into their computer.

I have not had any malware issues running Puppy Linux for years though.
Your mileage may vary though.

http://www.murga-linux.com/puppy/viewtopic.php?t=68099

http://murga-linux.com/puppy/viewtopic.php?t=72327
Back to top
View user's profile Send private message Visit poster's website 
musher0


Joined: 04 Jan 2009
Posts: 4231
Location: Gatineau (Qc), Canada

PostPosted: Wed 04 Apr 2012, 08:32    Post subject:  

You may unadvertedly transmit Windows viruses through data files brought in from some Windows system, but in and of itself, Puppy doesn't need anti-viruses, etc. Any Linux is virus-proof, because its structure makes it very complicated to create a virus for it. You can theoretically create viruses for Linux, it's been done in computing labs. But the lab conditions do not exist in the real world.

If you're worried, always boot your Puppy from CD or DVD, and make a double of your pup-save file.

But as the previous poster said, there has never been any report of a virus on PuppyLinux.

BFN.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
Iguleder


Joined: 11 Aug 2009
Posts: 1885
Location: Israel, somewhere in the beautiful desert

PostPosted: Fri 06 Apr 2012, 08:25    Post subject:  

Totally, totally wrong!

Any computer program is insecure! You can always find a vulnerability, either in the program itself, a library it is linked against or even the kernel.

Linux isn't virus-proof either, because it's just another piece of software. One buffer overflow vulnerability that allows remote code execution and you're in the system as root - that's more than enough to install a rootkit. Also, Puppy uses an old kernel, traditionally - e.g kernel 2.6.37.6 (as in 5.3.1) has many known vulnerabilities and exploits already exist. I'm pretty sure they even get executed by scanners on many computers around the world as I type these words ... maybe even yours!

"Lab conditions" is a lie - there's no difference between a pristine Puppy image and an installed Puppy - both share the same vulnerabilities, except those present in extra packages, of course.

Also, remember - virus scanners are not enough. They rely on viruses already discovered by data security companies - maybe you have a trojan no company ever found, installed on your "secure" Puppy for years.

The bottom line is simple: protect yourself as much as you can - get a restrictive firewall (e.g an iptables-based one), be careful with stuff you install, always be aware of what you have on your system, install security updates and be responsible for your actions. If there's a very sensitive piece of data you don't want to be stolen from your digital systems - make a carbon copy; write it down and keep it in a safe.

Remember - software is always insecure and there's nothing you can do about this, because it means you'll have to change the human nature.

_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
izezi

Joined: 19 Mar 2012
Posts: 58

PostPosted: Fri 06 Apr 2012, 08:34    Post subject:  

How to write a Linux virus in 5 easy steps
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4231
Location: Gatineau (Qc), Canada

PostPosted: Fri 06 Apr 2012, 11:39    Post subject:  

Thanks, guys.

I stand corrected...

What's the advantage of Linux, then, from the standpoint of security? ...

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
2byte

Joined: 09 Oct 2006
Posts: 357

PostPosted: Fri 06 Apr 2012, 11:54    Post subject:  

Quote:
What's the advantage of Linux, then, from the standpoint of security? ...
Linux is less prone to virii and exploits than Windows but the gap is beginning to narrow.

I created a post that has already been somewhat addressed, but I will post it anyway. It may be useful to some.
------------------------
Puppy is vulnerable to exploits; don’t kid yourself. Especially when you use a browser and email client that won’t update and you browse as root.

What can you do to improve the situation?
#1 Activate your firewall. Note, this will not prevent browser exploits.
#2 Change your root password.
#3 Use a browser and email client that can update themselves and keep them updated.
# Disable javascript and flashplayer in the browser. Only enable it as needed.
#5 Run your browser and email client as a limited user. Not spot.
#6 Install Avast! antivirus for Linux, use it and keep the virus defs current.

You are most vulnerable when browsing. I was recently exploited while using Puppy 5.1, a DOS executable that was found in spot’s firefox cache by avast. Yes I have wine and jre installed. I learned my lesson; never accept an expired site certificate even for a trusted site! If you get a popup notice about that, don’t touch the popup gui, just close the browser.

Linux may be less prone to exploits, but it is not immune to them, especially an OOTB Puppy.

A quick tutorial for new kids on the block.
How to add a limited user for browsing, named safebrowser, that uses Firefox.

From a console run:
# mkdir /home
# adduser -D safebrowser

Copy .fonts.cache, .fonts.conf, gtkrc* from /root/ to /home/safebrowser/. If you want to use a copy of your bookmarks, preferences and other things copy /root/.mozilla to /home/safebrowser/. Notice that these are hidden files and directory.

Create a script to launch the browser
Code:
 #! /bin/bash
su safebrowser -c firefox "$@"
Make it executable and drag it to your desktop for a shortcut.

From a console run:
# chown -R safebrowser:safebrowser /home/safebrowser/.*.*

The reason I did not use ‘user spot’ for this is with all the ‘limited user spot’ experiments going on in woof lately I feel safer creating my own user.

_________________

Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11092
Location: The Peoples Republic of California

PostPosted: Fri 06 Apr 2012, 12:04    Post subject:  

I don't use a firewall. I use the built in NAT technology in my existing router. The router uses an old version of Linux which is too dumb to be very hackable. (I think)

As for virus scanners, I don't think they have good enough signature files for finding every Linux badware, although they have signatures for lots of badware, mostly Windows badware.

If I were concerned enough about viruses and because I don't think existing Linux anti-virus scanners are good enough, I would defer to making md5sum databases of my key directories.

The utility I would use would be md5deep to make base files to check against. Then run md5sum periodically to see if any files have been added or modified. Looking for files which shouldn't have been added or modified.

Maybe there are scripts written for us to use. If not, scripts to make the task easy could be written.

I think the main problem is that Linux has not suffered enough external compromises or malware to cause enough developer enthusiasm to necessitate building really good and easy to use firewalls and scanners.

Sort of like saying we need some problems in order to make solutions. Maybe a better way of saying what I want to say is; necessity is the mother of invention.

Anyway, not having perfect solutions, here is some information for anyone interested about the feature set of the md5deep program.


Code:
md5deep version 3.6 by Jesse Kornblum.
$ md5deep [OPTION]... [FILE]...
See the man page or README.txt file for the full list of options
-p  - piecewise mode. Files are broken into blocks for hashing
-r  - recursive mode. All subdirectories are traversed
-e  - compute estimated time remaining for each file
-s  - silent mode. Suppress all error messages
-S  - displays warnings on bad hashes only
-z  - display file size before hash
-m <file> - enables matching mode. See README/man page
-x <file> - enables negative matching mode. See README/man page
-M and -X are the same as -m and -x but also print hashes of each file
-w  - displays which known file generated a match
-n  - displays known hashes that did not match any input files
-a and -A add a single hash to the positive or negative matching set
-b  - prints only the bare name of files; all path information is omitted
-l  - print relative paths for filenames
-k  - print asterisk before filename
-t  - print GMT timestamp
-i/I- only process files smaller than the given threshold
-o  - only process certain types of files. See README/manpage
-v  - display version number and exit


For man page: http://md5deep.sourceforge.net/hashdeep.html a similar utility.

Also, http://md5deep.sourceforge.net/md5deep.html
~

_________________
New! Puppy Linux Links Page

Last edited by Bruce B on Fri 06 Apr 2012, 12:10; edited 1 time in total
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Fri 06 Apr 2012, 12:08    Post subject:  

Apple is a bit like Linux. A unix like kernel with an overlay.
Apple has had problems with exploits.
Here is a text in Swedish and most likely they have that knowledge
either from PCWorld or from IDG News service and from Mac mags.

http://www.idg.se/2.1085/1.437860/myten-om-den-sakra-macen

The Myth about the secure Mac.

Linux is mostly protected by being the almost unknown OS
among the majority of average Joe users. So it is finanancely
more attractive to exploit Windows being used by 90% of users.
Here is another such report recently.
Edit Swedes had taken it from BBC

Half a million Mac computers 'infected with malware'

More than half a million Apple computers have been infected
with the Flashback Trojan, according to a Russian anti-virus firm.
http://www.bbc.co.uk/news/science-environment-17623422


Linux being another variant of Unix like OS should be as vulnerable
Consider how much money Apple can affort to invest in good security
compared to Linux Devs who are mostly doing all programming on
free time.

So Linux is less targeted and that is fortunate for us

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11092
Location: The Peoples Republic of California

PostPosted: Fri 06 Apr 2012, 12:31    Post subject:  

Iguleder,

I want to add some things to your excellent post.

Of course as we all know a CD disc can't be modified by a hacker.

Also, the mounted SFS included with our Puppy can't be modified remotely with any ease at all, even if it is copied to writeable media such as a hard disk or USB stick.

Modified or added files will be found in /initrd/pup_rw subdirectories, (at least in my version and I hope in all versions)

I think knowing where to look makes the task of monitoring one's system easier. It is for example, much easier to peruse /initrd/pup_rw/usr/bin because it contains only changes than it is to peruse /usr/bin because that directory displays the changes as well as the unchanged.

Bruce

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Iguleder


Joined: 11 Aug 2009
Posts: 1885
Location: Israel, somewhere in the beautiful desert

PostPosted: Sat 07 Apr 2012, 03:01    Post subject:  

Right, it's impossible to modify a CD, but:
- A virus can penetrate through network, an infected hard drive/flash drive with some file system or SCSI/IDE driver vulnerability. Maybe even through the optical device driver.
- The virus can stay in memory, without being written to a file you can see in the writeable Aufs layer.
- Maybe the virus is a rootkit that hides files - that's the ultimate win. It lives in the kernel and hides itself.
- Maybe it replaces an existing, legitimate file that is always present in the writeable layer - e.g /etc/windowmanager with the path to a dummy window manager contained in a naive-looking, binary log file that runs JWM and some evil code.
- Overburn? Laughing

In short, you can never know. Thinking like a hacker means always being at least two steps ahead of the victim.

There is always a way to penetrate a system - sometimes it's because of the human stupidity and sometimes it's the hacker's technical skills. No matter what it is in this case, the bottom line is: it's impossible to be secure in the digital world.

_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
amigo

Joined: 02 Apr 2007
Posts: 2236

PostPosted: Sat 07 Apr 2012, 03:57    Post subject:  

The argument that your read-only CD cannot be altered ignores what may be happening *while you are running*. A rootkit or other malware doesn't need to live on a disk in order to work. Sure, if you are only on-line for a few minutes and then shut down your system then you are at less risk. But many people boot their system and then leave it running for a long time. They are just as vulnerable as anyone can be.
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1111
Location: England

PostPosted: Sat 07 Apr 2012, 05:06    Post subject:  

I would be interested in participating in any experimental test(s) if the object was to demonstrate vulnerability as opposed to inflicting malicious damage.
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11092
Location: The Peoples Republic of California

PostPosted: Sat 07 Apr 2012, 19:38    Post subject:  

Considerations of Attitude


I think many of the theoreticals introduced in this section are not strictly theoreticals, they could really happen.

Just yesterday, a script I run daily changed. It lost one character and this caused a malfunction in almost all the script. Say what! How?

It just doesn't seem practical for me to cover myself for almost all scenarios. Worse yet, it doesn't seem practical for me to cover myself for all scenarios in the real world, where damages can be much worse, such things as injuries, financial disasters, loss of loved ones.

Also, fear, (too much of it), at a minimum, will make a person miserable if he has to live it day in and day out.

I don't want to be fearful. Frankly, I want to enjoy my computing.

I could reduce many, many risks simply by not connecting to the Internet. But that would take away much of the joy of computing. I think I'd rather have risks associated with Internet usage, than not have the Internet.

I propose something like this: Reduce risks by being informed and taking smart minded precautions. With the knowledge that there are still risks, then enjoy your computing.

Take a personal inventory of one's greater concerns or fears. In other words things he really doesn't want to be a victim of and try and cover himself for those scenarios.

For example: What I hate the most is losing irreplaceable data. The basic solution for that is, for me, making backups of files on a separate storage device.

Concluding

We can never be 100% safe. Even if I take every precaution, it may not be enough, some could still swipe my computer. Do I want to install it in an air-conditioned safe? I suppose I would like to, but I don't have the kind of money to justify the expense.

I don't like taking losses. I don't like the emotion of fear or over concern having much of a role in my life.

I suppose others feel the same.

Asking ? ? ? ? ? ? ? opinions - thoughts ? ? ? ? advice ???

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4231
Location: Gatineau (Qc), Canada

PostPosted: Sat 07 Apr 2012, 21:45    Post subject:  

Bruce B.,

I'll endorse that. There has to be a balance; one's computer security is important, but, as you said, not to the point of killing the enjoyment of using a computer.

Beyond that balance point, it becomes paranoia. Reminds me of the tale of the old miser who didn't trust banks: he had put double locks on his doors and windows, and had sensors recording at every angle for fear that whatever cash he has stored in a lead drawer underneath the floor will be stolen. He also had a shotgun, of course. One evening, he inadvertedly shot his son who came in late because he thought he was an intruder... The son had had one beer too many, had forgotten the security code and was simply knocking at the door instead...

Sure it's a tale. But transpose it to the computer situation, and paranoia may lead you to do yourself more harm than good.

FWIW. BFN.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 2 [27 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1086s ][ Queries: 13 (0.0071s) ][ GZIP on ]