Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 16 Dec 2017, 18:52
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Plugging an infected USB/HD into a Puppy
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 3 [35 Posts]   Goto page: 1, 2, 3 Next
Author Message
belham2

Joined: 15 Aug 2016
Posts: 1363

PostPosted: Fri 17 Nov 2017, 11:21    Post subject:  Plugging an infected USB/HD into a Puppy  

Hi all,

Need your expertise and opinions here. I had posted this in DebianDog thread, then it struck me this applies to Puppies to.

Here's the question/issue:

You know for sure you've got an infected USB and/or HD.

Is it ok to boot up a Puppy, with that infected USB/HD plugged in too, and use terminal to DD-wipe it, then Gparted to format it? Or are you risking infection, in some way, leaping across to the Puppy you're in? Puppy obviously knows the infected drive is there, has in someway communicated with it, otherwise how could Puppy create an desktop icon for us to click on to "officially" mount it? So when Puppy communicates, what is exchanged? At what level? Can malware/infections jump across at this level of communication between the plugged-in-infected-drive-that-is-not-yet-mounted and the puppy OS???



I know most of us would probably use a CD burned Pup to do this, or a "pfix=ram" loaded pup, but what if you've been assuming all this time that it is ok-dokie to just plug in infected drive(s) to a Pup to wipe them? (and the pup either did its automatic save thing, or you went on to do other things and hit the save-on-exit)?
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11285
Location: Gatineau (Qc), Canada

PostPosted: Fri 17 Nov 2017, 11:58    Post subject:  

Hi belham2.

Sincere sympathies. The best I can suggest is:

Boot your Puppy from a CD or DVD and do your cleaning, re-formating, etc. of
your sick drive from there, live, with absolutely no pupsave or pupfolder.

For additional safety, unmount or better, unplug, any internal or external
hard drive, or USB device or stick beforehand.


If you have the time, zero the sick disk before reformatting. Fill it with zeroes with
the shred command before you reformat it. Please see reply # 158 on this page:
https://askubuntu.com/questions/17640/how-can-i-securely-erase-a-hard-drive )

BTW, if it's a WhineDose infection, the bug could leap on your Puppy system but
could not do it harm. But it could hitch-hike later on a window-ish file and go
infect a correspondent. That is how Linux systems can be vectors for viruses even
if we cannot be harmed by them (mostly).

However with all your HD's unplugged and your Puppy running from a metal disc, no
bug can be transmitted, since it has nothing to "cling" to.

Good luck.

Last edited by musher0 on Fri 17 Nov 2017, 12:10; edited 1 time in total
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1363

PostPosted: Fri 17 Nov 2017, 12:10    Post subject:  

musher0 wrote:
Hi belham2.

Sincere sympathies. The best I can suggest is:

Boot your Puppy from a CD or DVD and do your cleaning, re-formating, etc. of your sick drive from there, live, with absolutely no pupsave or pupfolder.

For additional safety, unplug any internal or external hard drive or USB stick
beforehand.


BTW, if it's a WhineDose infection, the bug could leap on your Puppy system but
could not do it harm. But it could hitch-hike later on a window-ish file and go
infect a correspondent. That is how Linux systems can be vectors for viruses even if
we cannot be harmed by them (mostly).

However with all your HD's unplugged and your Puppy running from a metal disc, no
bug can be transmitted, since it will have nothing to "cling" to.

Good luck.


Hi Musher,

It's not for me. Also, I am trying to ascertain a theoretical question about how Puppy's overall deal with an infected-drive that is plugged in?

Even though it is not mounted, can the Puppy be infected?

Does anyone actually know??

Because the Puppy OS must communicate with this infected-drive in some way when it is "plugged in" even though it is NOT YET MOUNTED. So what is communicated? And how? Does it provide an avenue for infection?


To everyone:
Please do not write describing how to deal with this. I already know. This is a theoretical question that applies to all pups and is NOT about how to handle it. Please read the 1st post in this thread closely, or read this one again.

Thank you.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11285
Location: Gatineau (Qc), Canada

PostPosted: Fri 17 Nov 2017, 12:25    Post subject:  

Hi belham2.

Gee, your feathers are easily ruffled today !!! Wink

AFAIK. if the disk is unmounted, there is only some kind of ACK (acknowledgement)
signal exchanged at the hardware level. No data from the disk is actually transferred.
Maybe ask a truly technical guy for confirmation.

And as I said above, if you're running the operation from a system on an "airtight"
metal disc, you're completely safe. If you proceed as I describe above, it doesn't
even matter if the bug tries to infect at any moment, because it simply can't with
such a set-up.

It could try to hide in the RAM, but just leave the computer off for a couple of
minutes after you're done so all electrical current is purged from it. And then you
committed the perfect bug-icide. Smile

BFN.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1363

PostPosted: Fri 17 Nov 2017, 12:36    Post subject:  

musher0 wrote:
Hi belham2.

Gee, your feathers are easily ruffled today !!! Wink

AFAIK. if the disk is unmounted, there is only some kind of ACK (acknowledgement)
signal exchanged at the hardware level. No data from the disk is actually transferred.
Maybe ask a truly technical guy for confirmation.

And as I said above, if you're running the operation from a system on an "airtight"
metal disc, you're completely safe. If you proceed as I describe above, it doesn't
even matter if the bug tries to infect at any moment, because it simply can't with
such a set-up.

It could try to hide in the RAM, but just leave the computer off for a couple of
minutes after you're done so all electrical current is purged from it. And then you
committed the perfect bug-icide. Smile



No feathers left on this old body to ruffle, Musher Wink !

Am trying to help a neighbor out......and then started thinking about pups overall. Metal discs, or pfix=ram, or Vbox loading, along with DD-wiping everything, I already know about and practice whenever faced with something like this. But my neighbor? He just used a USB 'frugal' installed DDog to do it (which, for this purpose, is basically like a Pup in how it doesn't mount anything when plugged in as long as you have it set that way, which he did).

Was just wondering, at the level of when an infected USB/HD is attached to a puppy (but not mounted), can it pass the infection to the pup before it gets DD-ed and re-formatted? Because then it is entirely possible the infection lives in the Puppy for some minutes, then is planted right back on the same USB/HD you just DD-wiped & Gparted-formatted.

Hmmmmm. this seems to be a deep question with possibly no answer unless one of our builder gurus (micko, phil, barry, gyro or a few others) tells us what actually happens in that moment something is connected but not mounted.
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 720
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Fri 17 Nov 2017, 13:59    Post subject:  

The BIOS will read the hard drive but not the partition table.

If you plug in a drive/media and it is available for mounting, that means the system can see the file system type. That means it read the partition table and the file system type is supported by the operating system.

Are there partition table virus thingies?
If there are, can they be transferred to memory simply by reading the partition table?


..

_________________
.
Back to top
View user's profile Send private message 
peterw

Joined: 19 Jul 2006
Posts: 279
Location: UK

PostPosted: Fri 17 Nov 2017, 14:32    Post subject: udev detects USB  

I remember that udev detects the presence of the USB https://www.linux.com/news/udev-introduction-device-management-modern-linux-system and whatever that does in communication is most unlikely to transfer the virus.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11285
Location: Gatineau (Qc), Canada

PostPosted: Fri 17 Nov 2017, 16:38    Post subject:  

Hi guys.

It just struck me: some anti-virus programs have Linux versions, to use in cases like this,
I guess. Here is one tally among many:
http://www.makeuseof.com/tag/free-linux-antivirus-programs

IHTH.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1363

PostPosted: Fri 17 Nov 2017, 17:21    Post subject:  

musher0 wrote:
Hi guys.

It just struck me: some anti-virus programs have Linux versions, to use in cases like this,
I guess. Here is one tally among many:
http://www.makeuseof.com/tag/free-linux-antivirus-programs

IHTH.



Musher, you crazy Canadian!

Can you not take a direct hint when I answered you before?

For the 100th time, this thread is not about how to solve an infected drive! We all know how to do that.

This thread is about finding what info is passed to Puppy when an infected-drive is attached but not mounted. Exactly what is communicated? Is that channel of communication susceptible to bringing across a virus??

Start your own thread if you want to talk about and tout anti-virus for Linux.

Dam#, show some courtesy Evil or Very Mad
Back to top
View user's profile Send private message 
p310don

Joined: 19 May 2009
Posts: 1124
Location: Brisbane, Australia

PostPosted: Fri 17 Nov 2017, 17:59    Post subject:  

There are questions.

What is the nature of the infection? If it is a windows virus (as most are), then Puppy won't do anything. It won't be able to execute it's malicious code (maybe in wine).

If a drive is not mounted, it won't do anything anyway.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11285
Location: Gatineau (Qc), Canada

PostPosted: Sat 18 Nov 2017, 03:36    Post subject:  

@belham2:

Twisted Evil
If an intelligent person like me can get confused about the nature of your thread, imagine Rolling Eyes
what it must be for a common mortal Puppyist with all feathers still unplucked!!! ROFL
Laughing

Just a thought. BFN.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11285
Location: Gatineau (Qc), Canada

PostPosted: Sat 18 Nov 2017, 04:20    Post subject:  

Now let's reason this through:

A computer virus or infection is made of code; it is a malevolent program, but a program
nonetheless. So it will behave outwardly like a coded program, it will have the trimmings
of it. For one thing, it needs to be stored somewhere, and 2) it needs to be launched.

On the other hand, a detection program such as Puppy's < probepart > only checks
for the minuscule electrical current variation in a plug, USB or otherwise, associated with
a drive being plugged or not in said plug.

It's a hardware thing, like an ACK signal; no code is fetched. That is a
difference between a 0 and a 1 in binary for the plug. If the physical parts touch, the
current passes (1), and we know the plug is occupied; if there are no physical parts
touching each other, the current does not pass (0), and we know that there is nothing
connected in that plug.

This ultra-simple on-off switch structure can not harbor any program code to be
transmitted, benevolent or malevolent. It's just an electrical flux-- the flux passes or
it doesn't.

FWIW.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
Gordie

Joined: 23 Aug 2016
Posts: 87

PostPosted: Sat 18 Nov 2017, 12:51    Post subject:  

Remove hard drive.
Boot live system from CD/DVD or USB flashdrive,
Remove boot media.
Do what you need to do with supposedly infected USB flashdrive.
MOST IMPORTANT -- Put computer in driveway and drive over it. Now burn the crushed computer. Bury the ashes.

Flashdrives are sooooo cheap
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1363

PostPosted: Sat 18 Nov 2017, 12:56    Post subject:  

Gordie wrote:
Remove hard drive.
Boot live system from CD/DVD or USB flashdrive,
Remove boot media.
Do what you need to do with supposedly infected USB flashdrive.
MOST IMPORTANT -- Put computer in driveway and drive over it. Now burn the crushed computer. Bury the ashes.

Flashdrives are sooooo cheap



Gordie,

As I told Musher, who cannot seem to understand simple English despite telling him twice already and appears to want to become the "New Pelo", this thread IS NOT ABOUT what to do. That stuff is all common knowledge! Please do not post that crap here and muddy this thread up.

Damn people, take 5-10 secs and read the thread!! Stay on topic.

If you cannot add any intel and/or wisdom on what happens in the data exchange during udev (like peterw did) when a drive, infected, is plugged in to a pup, then do not post here.

Start your own thread!
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11285
Location: Gatineau (Qc), Canada

PostPosted: Sat 18 Nov 2017, 13:08    Post subject:  

Hello, belham2.

This is your question:
belham2 wrote:
(...)
Here's the question/issue:

You know for sure you've got an infected USB and/or HD.

Is it ok to boot up a Puppy, with that infected USB/HD plugged in too, and use terminal to DD-wipe it, then Gparted to format it? Or are you risking infection, in some way, leaping across to the Puppy you're in? Puppy obviously knows the infected drive is there, has in someway communicated with it, otherwise how could Puppy create an desktop icon for us to click on to "officially" mount it? So when Puppy communicates, what is exchanged? At what level? Can malware/infections jump across at this level of communication between the plugged-in-infected-drive-that-is-not-yet-mounted and the puppy OS???(...)

AFAIK, this is a valid answer to your question.
musher0 wrote:
Now let's reason this through:

A computer virus or infection is made of code; it is a malevolent program, but a program
nonetheless. So it will behave outwardly like a coded program, it will have the trimmings
of it. For one thing, it needs to be stored somewhere, and 2) it needs to be launched.

On the other hand, a detection program such as Puppy's < probepart > only checks
for the minuscule electrical current variation in a plug, USB or otherwise, associated with
a drive being plugged or not in said plug.

It's a hardware thing, like an ACK signal; no code is fetched. That is a
difference between a 0 and a 1 in binary for the plug. If the physical parts touch, the
current passes (1), and we know the plug is occupied; if there are no physical parts
touching each other, the current does not pass (0), and we know that there is nothing
connected in that plug.

This ultra-simple on-off switch structure can not harbor any program code to be
transmitted, benevolent or malevolent. It's just an electrical flux-- the flux passes or
it doesn't.

FWIW.

We now need a hardware nerd -- someone who understands hard drive schematics
AND code -- to confirm that reasoning or not.

BFN.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 3 [35 Posts]   Goto page: 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0601s ][ Queries: 14 (0.0042s) ][ GZIP on ]