Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 18 Dec 2018, 09:18
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Puppy security question
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [13 Posts]  
Author Message
puppy_king


Joined: 13 Jan 2017
Posts: 91

PostPosted: Sun 15 Jan 2017, 06:08    Post subject:  Puppy security question  

Hi,

I was wondering if Puppy saves its configuration during shutdown/reboot how can it be any more secure than the other main stream distros ?

For example if some malware lands in Firefox's profile and that profile gets saved. Then what ?

Just want to learn how Puppy works.

The only full proof security model that comes to mind is run entirely from CD and lose all settings on exit.
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3323
Location: Tamworth UK

PostPosted: Sun 15 Jan 2017, 08:44    Post subject:  

It does not protect the user from stupidity. However the core of the system IS read only and therefore not subject to alteration as easily as other distributions.
_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13110
Location: Arizona USA

PostPosted: Sun 15 Jan 2017, 09:25    Post subject:  

Puppy_king, a reasonable compromise is to run Puppy from a multisession CD or DVD. Mulitsession Puppy saves its state onto the Puppy CD or DVD as a session each time it shuts down, but only if you want it to. Otherwise, you just shut off the electricity. It's kind of fun to hear the strangled cry the computer sometimes gives when I do that. Smile

When Puppy boots from a multisession DVD, it normally goes through all of the saved sessions to arrive at the state it was in when the last session was saved. However, you can tell it, at the boot screen, to skip any or all saved sessions. That way, you can isolate a suspect session and then go back and examine that session for clues after Puppy is up and running.

This does not prevent you from picking up malware and saving it, but at least you can hope to exclude it from a running Puppy, and you may even be able to find out exactly what and where the malware is.
Back to top
View user's profile Send private message 
puppy_king


Joined: 13 Jan 2017
Posts: 91

PostPosted: Sun 15 Jan 2017, 09:38    Post subject:  

Burn_IT wrote:
It does not protect the user from stupidity. However the core of the system IS read only and therefore not subject to alteration as easily as other distributions.


By user stupidity I guess you mean installing packages from outside of the official repos. I am safe from that one coz I never install anything outside of the main repos.

By core of the system you mean the kernel ? Coz the packages that I install gets saved.

Flash wrote:
Puppy_king, a reasonable compromise is to run Puppy from a multisession CD or DVD. Mulitsession Puppy saves its state onto the Puppy CD or DVD as a session each time it shuts down, but only if you want it to. Otherwise, you just shut off the electricity. It's kind of fun to hear the strangled cry the computer sometimes gives when I do that. Smile

When Puppy boots from a multisession DVD, it normally goes through all of the saved sessions to arrive at the state it was in when the last session was saved. However, you can tell it, at the boot screen, to skip any or all saved sessions. That way, you can isolate a suspect session and then go back and examine that session for clues after Puppy is up and running.

This does not prevent you from picking up malware and saving it, but at least you can hope to exclude it from a running Puppy, and you may even be able to find out exactly what and where the malware is.


But the question is how do I know that I have picked up a malware? A malware may be present and running in the background.

I guess am being too paranoid and my present setup is secure enough.

Thanks to both for your replies.
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3323
Location: Tamworth UK

PostPosted: Sun 15 Jan 2017, 10:45    Post subject:  

Quote:
But the question is how do I know that I have picked up a malware? A malware may be present and running in the background.
This is the point about running in frugal mode. You boot from the protected source so there IS nothing running in the background. The only additions are those you are in control of (or not - as the case may be).
If you use Puppy a lot and on different machines, the way to configure it to your preferences is to use a SAFE machine to do the configuration and use that to reMaster Puppy so that you don't have to keep doing it every time.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
puppy_king


Joined: 13 Jan 2017
Posts: 91

PostPosted: Sun 15 Jan 2017, 11:16    Post subject:  

Burn_IT wrote:
Quote:
But the question is how do I know that I have picked up a malware? A malware may be present and running in the background.
This is the point about running in frugal mode. You boot from the protected source so there IS nothing running in the background. The only additions are those you are in control of (or not - as the case may be).
If you use Puppy a lot and on different machines, the way to configure it to your preferences is to use a SAFE machine to do the configuration and use that to reMaster Puppy so that you don't have to keep doing it every time.


I booted from the Puppy CD. Completed the initial configuration, enabled the firewall then when shutting down saved the configuration on /dev/sda which is my Debian's root. I also saved the sfs file. Now Puppy boots from the CD then from /dev/sda. It boots very fast.

Based on my description above I want to know what kind of installation am I running.

Also, is my method unsafe for daily use ?
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3323
Location: Tamworth UK

PostPosted: Sun 15 Jan 2017, 12:21    Post subject:  

It is frugal boot, but with dangers.
It is perfectly safe for daily use, but I would use a fresh CD boot for security work like banking.
I try to keep my "secure" Puppy completely seperate from ANY other OS. That means (in my case) disabling all other media than the Puppy source whilst that Puppy is active and only updating that media from that Puppy which was created from Puppy on a fresh CD. That keeps me as secure as I can think of without excessive costs.

Security is mostly concerned where you browse and what tool you use to do it. I alway use AV software.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
puppy_king


Joined: 13 Jan 2017
Posts: 91

PostPosted: Sun 15 Jan 2017, 12:29    Post subject:  

Burn_IT wrote:
It is frugal boot, but with dangers.
It is perfectly safe for daily use, but I would use a fresh CD boot for security work like banking.


I also do a little bit of internet banking. So if I do puppy pfix=ram and then do internet banking will that be enough ?

Burn_IT wrote:
Security is mostly concerned where you browse and what tool you use to do it. I alway use AV software.


I use only Firefox both under Puppy and Debian. By AV software you mean antivirus software ? I thought you dont need any antivirus protection under Linux.
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 1068
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Sun 15 Jan 2017, 12:36    Post subject:  

Since this seems to be a "save or not to save" thread, just a mention of the excellent pupsaveconfig utility (from forum member shinobar),
asks whether you wish to save the session when shutting down if running with a save file using a frugal install.
http://www.murga-linux.com/puppy/viewtopic.php?t=60678

The latest is version 2.26

_________________
Giving with an expectation for return brings misery.
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3323
Location: Tamworth UK

PostPosted: Sun 15 Jan 2017, 13:24    Post subject:  

Quote:
I also do a little bit of internet banking. So if I do puppy pfix=ram and then do internet banking will that be enough ?
Probably, but I would still use AV software as well.
Quote:

use only Firefox both under Puppy and Debian. By AV software you mean antivirus software ? I thought you dont need any antivirus protection under Linux.
Linux is just as vulnerable as any other OS. It just hasn't been targetted as much. YET. though it is becoming an easy target just because the users tend to be more complacent.

Most modern viruses atack the browser not the OS directly, and it is the browser that is usually the carrier even when the OS is targetted.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
musher0

Joined: 04 Jan 2009
Posts: 13181
Location: Gatineau (Qc), Canada

PostPosted: Sun 15 Jan 2017, 14:07    Post subject:  

Hi gang.

We've been over this subject probably a zillion times (+/- this question gets
asked every 2 months), but I'll pretend it's the first time:

-- Puppy's main sfs files are a sort of archived file which can be opened and
edited by the user only;
-- For even better protection, run these main Puppy files from CD/DVD.

Any outside process trying to unpack those files or burn to the disc, you
would instantly notice by noise or severe slowdown, whereas hackers like
to operate incognito. It's no fun getting your hack noticed -- and possibly
interrupted by the user.

Assuming the hackers can get to that point, of course, because...

-- Puppy is invisible online;
-- Linux has a complicated and unique file permissions system. So OOTB,
NO Puppy Linux file can be executed from "world". WhineDose does not
have such a file permission system and neither do "Macs". Please see a
brief explanation of how it works, here.

Which is why Puppyists are safe.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)

Last edited by musher0 on Sun 15 Jan 2017, 14:29; edited 4 times in total
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 1164

PostPosted: Sun 15 Jan 2017, 15:44    Post subject:  

Puppy has the tools to be very safe, even for the highly paranoid.

Get it set up the way you want and then remaster. Then all your applications and settings will be on the read only sfs.

You could use multiple save files, with a highly encrypted save file on a usb key kept in a safe you use just for banking, a lightly encrypted save file for porn, boot without save file for intentional virus hunting or clicking links on Twitter, and then a general use unencrypted save file.
Back to top
View user's profile Send private message 
musher0

Joined: 04 Jan 2009
Posts: 13181
Location: Gatineau (Qc), Canada

PostPosted: Sun 15 Jan 2017, 16:42    Post subject:  

dancytron wrote:
Puppy has the tools to be very safe, even for the highly paranoid.

Get it set up the way you want and then remaster. Then all your
applications and settings will be on the read only sfs.

You could use multiple save files, with a highly encrypted save file on a usb
key kept in a safe you use just for banking, a lightly encrypted save file for
porn, boot without save file for intentional virus hunting or clicking links on
Twitter, and then a general use unencrypted save file.

Thanks, dancytron. I had forgotten about the choice offered to the user to
encrypt save files.

So there you go, puppy_king and all you anxious souls out there:
encryption adds another layer of security to your Puppy.

BFN.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [13 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1575s ][ Queries: 12 (0.0541s) ][ GZIP on ]