Puppy Linux Discussion Forum

HiDeHo · Joined: 16 Mar 2011 Posts: 262

Hi just wanting to start a discussion on this

Puppy runs as root by default this could leave you vulnerable to being hacked or getting viruses, so does pose some risks.

some users setup there puppy os with all settings and accounts setup. then they remaster(make an iso) of this and burn it on cd. they run from cd in ram and don't use a save file or they use a re-writable (rw) cd and have a small save file on the cd/dvd. this is pretty secure. viruses that are designed to run on a hdd cant as there is none.
if you run your puppy os on a hdd or flashdrive full or frugalett the hdd or save file has a risk of getting a virrus. (even though linux generally is safe from viruses and hacking both still can happen.
run as spot user (runs apps without being root) or fido (fido is user account setup like any normal operating system). both run as a non root. also you can just run the apps that access the internet in spot
puppy also has a great firewall and there was also a system wide adblocker app made

what are your thoughts, experiences, ideas about security in puppy. feel free to share them

I have written this post quickly to get the ball rolling and will add relevant links when i have time or if anyone provides them below.

Lobster · Posted: Tue 08 May 2012, 04:10 Post subject:

Your router probably has a firewall
You don't need GROWL security, I wrote the program but never bother with it. I may eventually port it to Puppi on the Raspberry Pi
GROWL is somewhere here and built into Puppy Slacko 5.3.3
http://puppylinux.org/wikka/security

If you want to worry about security
then first know that my ISP recently censored
a web site (the Pirate Bay) as no longer accessible according to British
'Law'.
http://www.guardian.co.uk/technology/2012/may/02/pirate-bay-block-virgin-media

Good thing the Law is protecting the rights of Lobbyists [ain't it always the case] - no relative incidentally
I may have to join the Pirate Party
http://www.pirateparty.org.uk/

Google Mail and other cloud services are being data mined etc.
You can always trust your bank manager with your root password I suppose . . . or maybe not . . . Confused

Thanks for starting the debate. Smile

I think I may go to the local police station and hand myself in for using Linux without due patent payment to Microsoft. Very Happy

http://www.linuxtoday.com/infrastructure/2011052900139NWMSLL

The question is who is after you
and have they already pwned you?
Who said 'Long Live FUD'?

Puppy is a state of penguin
Security is a state of Mind

nooby · Joined: 29 Jun 2008 Posts: 9382 Location: SwedenEurope

HiDeHo wrote

"run as spot user (runs apps without being root)
or as fido (fido is user account setup like any normal operating system).

both run as a non root. also you can just run the apps
that access the internet in spot"

Thanks for taking up this subject. Are you good at using spot and fido?
I fail to get how it works. Okay no surprise because I am a confused user.

1.) Can you describe how you do it? Fido or Spot which is best? Pro et Cons for them?

2.) Suppose you have activated Fido at shutdown? Are you on Lupu
Slacko or Wary or what? So you are using Firefox and posting here in forum.

And there is a .sfs file you want to save from the forum.
How does that work in Spot or Fido? does it end up only
within Spot or Fido and you later have to move it to root HD?

3.) Suppose you want to download an iso from DW and you browse to that
link and click on it. How do you save to a linux-iso directory on the root
HD using your Fido or your Spot user?

4.) I know nothing but I get the gut feeling that Spot or Fido makes you
safer in that as a restricted user the Virus or Malware or Trojan can only
reach the home of Spot or Fido and have to log off and log in as root
for to save itself to the HD?

But as soon as you yourself does log into Root again for to move the
downloaded files .sfs and .iso files to root HD then the Virus or Malware
or Trojan also can move itself to root HD and then there where no safe
usage of Spot or Fido? The only way to make it safe is to reboot? before
using root again??? I may be wrong explain please!

So it would only work if you shutdown completely and then reboot into root?

greengeek · Joined: 20 Jul 2010 Posts: 1184 Location: New Zealand

It doesn't really matter if you are using Microsoft, Apple, Android or Linux. The internet (and router code) was developed by the U.S military. Everything you enter into your (internet connected) computer is visible to other people.
http://www.naturalnews.com/036147_Flame_virus_malicious_code_cyber_terrorism.html

nooby · Joined: 29 Jun 2008 Posts: 9382 Location: SwedenEurope

Is it not typical that this few people share their views?
I feel disappointed. Was it my post that caused others
to decide to not contribute? Should I edit my posts
and write wrong thread and have no comment at all?

puppy_apprentice · Joined: 07 Feb 2012 Posts: 62

check this topic for some info:
http://www.murga-linux.com/puppy/viewtopic.php?t=50488

nooby · Joined: 29 Jun 2008 Posts: 9382 Location: SwedenEurope

Nope that is not a good place to look.
http://www.murga-linux.com/puppy/viewtopic.php?p=427743#427743
I made a post in that thread and nothing useful came out of it
on the level I need to know.

Then you have this long thread. Fixing Fido.. by 01micko
http://www.murga-linux.com/puppy/viewtopic.php?t=71358
one of Puppy's best developer and that thread has not solved it either.

AFAIK not developed well enough to have an official status on how to set up things.

But back to the topic of this thread.

tallboy · Joined: 21 Sep 2010 Posts: 343 Location: Oslo, Norway

I agree with nooby, that this is an interesting subject. I think that one of the reasons that few people take part in this discussion, is that the concept of 'security' is misused every day. We are regularly being bombarded with reports of virus attacks, made by hoardes of bandits having nothing else to do than attacking domains and causing havoc. The constantly evolving browsers and other internet based applications, with all their new smart fatures, makes it difficult to grasp the basic problems; they drown in all the other hype over this and that security hole!

I think that a listing, or an overview, of the elements having a basic need for protection when using a network, made by one of you experts on the subject, is necessary to publish here, before any useful discussion can progress. Matters regarding running as root, and possibly other puppy related issues, are of course of special interest. It would also be interesting to know if the focus of attention regarding security, has moved over the last years, as a consequence of the technological advances.

I, for my part, know far too little about network issues to make any valuable contribution in the matter.

My views in the debate on the /root vs /home/user/ issue:

Puppylinux is a small, but very powerful, single user distribution, running as root is the only way to do it.
When running from a live CD/DVD, as I always do, there is no other way to access a HD or a memory stick, than as root. An alternative would be to use the same user name as owner of the devices, but then, what is the point of a puppy if it isn't portable?
When that is said, I also have to mention the number of times I have uploaded files to my /home-directory at the university, and forgot to change the permissions, making my own files inccessible from an on-site pc, where safety issues prevent me from booting my dpup...
Puppylinux is small because it is intended for a single-user, anyone can carry it on a CD/DVD or a USB stick, it 'works right out of the box', with a minimum of setup. I see no need for puppylinux as a multi-user distribution whatsoever!
I really think that people who need a multi-user puppy, should maybe look for another distribution? Why complicate life by adding more code to a puppy?
Although I am the only one accessing my machines, my multi-GB Debian on HDs is run as multi-user. Very sensible, not only because of all the hazzle of installing such a massive distribution, but to avoid having several users spending their remaining days with configuring and setting up, potentially thousands of applications.
I feel safe! I don't have a home page in my dpup's browser, I usually turn on privacy mode when I use it, my internet provider has firewalls, they give me a new IP every time I log on, I have a firewall, I run from RAM, no savefile on HD, but I can access all devices plugged in, if needed.
I don't have the need for communicating to god knows who, through our new 'social media', all kind of private information that might be useful for some attack on my privacy.
To feel even more safe, there are always the applications that hide your IP, let you browse from an anonymous 'safe' account, through TOR if you want that, and probably lots of other safe ways to access the internet. I don't use them, and I don't know anything about them. (Yet.)
Chroot, anyone?

tallboy

Bruce B · Posted: Thu 14 Jun 2012, 21:41 Post subject:

Lobster · Posted: Thu 14 Jun 2012, 21:52 Post subject:

Fatdog 600 beta1 has non root capability. Use multiuser.

nooby · Joined: 29 Jun 2008 Posts: 9382 Location: SwedenEurope

Thanks Bruce.

I have tried to get such since about 2006 or 2007
and most likely I am not clever enough to get those things.

Lobster, If Fatdog really is multi user that would be a sensation. Apart from the old one based on 421?
none have accomplished this.

Is Fatdog then a variation or "fatter" version of 421
or a totally new attempt based on Lupu?

(Edit after relearning username. Pizzasgood. I referred to you there Sorry forgot name.)

I mean I read here for hours every day how can I have missed
that it is multi user? Have they kept it secret Smile

My naive guess is that they have a single user with spot and fido more elaborated? If it is based on Woof then it is still a single user OS.

Iguleder has made a multiuser but that is not based on woof or a puppy.
Ah they announce it this week.
http://murga-linux.com/puppy/viewtopic.php?t=79001

jamesbond · Joined: 26 Feb 2007 Posts: 1531 Location: The Blue Marble

nooby · Joined: 29 Jun 2008 Posts: 9382 Location: SwedenEurope

Bruce B · Posted: Sat 16 Jun 2012, 21:05 Post subject:

Hi nooby,

There are some errors in your ideas in the post above this one.

You have to spend some time learning file permissions and ownership in order to understand how it all fits together.

Bruce

~

gcmartin · Joined: 14 Oct 2005 Posts: 2623 Location: Earth

In the LH64 thread, the discussion seemingly is addressing what has been offered in this thread. This is a simple insight to what is discussed.

My History
In 1985, I had an interesting report come across my desk. It was an alert to something that had NOT been present in my industry, heretofore...."Viruses" in DOS. This was simply a theoretical supposition, but, it appeared that a government/business/persons could infect a machine from afar for its own specific purpose which differs from the machine owner.

Since then, a whole industry has been created that contributes to an economy's GNP that has arisen.

Today
Some company execs do not know the difference between viruses, malware, or security, thus, the IT staff and industry experts continue to misrepresent issues in this area of discussion.

Over the past 25 years, there have been many an expert that addressed viruses, malware, real and potential. I say "potential" because this usually arises from a gathering of software engineers who were brought together to "crack" a subsystem or a system. Most often times, when that is done, over 98% if the findings are "a first" which has NEVER been seen (0R exploited) before and over 98% of those have never, ever, been attempted at exploitation in the real world.

The security industry is awash with many, many methodologies that are implemented all of which are done by some person/manager/team whose job it has been to manage-consult a security approach to be used by a company they work for.

That being said, I have worked with so many companies for which there are NO standard approaches, nor implementation, nor methods of protections that addresses all situations.

I have only my own implementation that I work with which, in and of itself, is ONLY designed to address the most likely of situations. This is based upon my experiences, the OSes I use, as well as my current usage practices.

I will say, though, there is a reason that the industry exists in the fashion that it does. The OSes, all have design points. And, every OS has an approach which makes it vulnerable to an exploit.

In a community, like this Puppy Forum, we should concentrate on any OS tools that exist, to assist us in managing important data which resides on our system(s). That management is not just protecting, but providing generational copies to assist our recovery should we have an issue where recreation and recovery is necessary.

None of us, no matter how smart we think we are, can provide a implementation that will cover EVERY POSSIBLE METHOD OF DATA LOSS that is or would be possible.

The OS designers (all of them), do provide and address OS protections in ways that make sense. Where we can help is to understand what they provide and determine it that is sufficient to meet our needs. Then we can add additional tools as we see fit to assist the system's ability to keep our data safe. As well we can contact vendors through various means to offer insights that will be useful in data/subsystem/system protections.

Remembering, that this "security/malware-protection/virus-protection" will continue (for the foreseeable future) to be an individual selection and practice. This applies in the home, the SMB, the SME, or the corporate entity.

Hope this clarifies security/malware/viruses. ("I know... it doesn't!")

Here to help