Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 21 Oct 2014, 21:45
All times are UTC - 4
 Forum index » Off-Topic Area » Security
What makes Linux safer than Windows?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 2 of 7 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Author Message
maddox

Joined: 28 Sep 2007
Posts: 453
Location: sometimes in France

PostPosted: Wed 05 Aug 2009, 20:59    Post_subject:  

Puppy is as safe as your router's setup (statefull packet inspection enabled) or your puppy firewall setup.

This seems new :
check-out strange noises when you you surf (clicks, pops, wizz sounds or frequent buffering on video streams as compared to before) while listening to radio or video.
This seems to be some sort of intrusion attempt, or a new statefull packet inspection by the internet provider ?
Back to top
View user's profile Send_private_message 
Colonel Schell


Joined: 06 Jul 2009
Posts: 51
Location: Columbus, Ohio

PostPosted: Thu 06 Aug 2009, 16:55    Post_subject:  

Being new to this, I may be stupid now, but I feel that I need to ask something in order to test one of my assumptions about Puppy.

I was under the impression that Puppy, when installed as a Frugal install, resided on the HD but was still run in RAM, i.e. was called to unzip on the fly from the HD into RAM, much as it does when running the LiveCD. We all know that the difference in running Puppy from other live CD's such as Knoppix is that de-compressing on the fly feature: you're not actually running off the CD; you're running from a Puppy image in RAM.

If this is true, what are its implications for security? If it's not true, please shoot down my false assumption.
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Thu 06 Aug 2009, 21:57    Post_subject:  

Quote:
The system files are really read-only.


Quote:
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!


Uh, I must be laboring under a misapprehension. Smile

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something?

As to discounting the lack of linux viruses out there "merely" because linux (or BSD) is not as popular; well, it's worked pretty well so far! Better than any anti-virus software. It is an advantage now. When linux hits 30% market share, then you can bring this one up.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11118
Location: Arizona USA

PostPosted: Thu 06 Aug 2009, 23:41    Post_subject:  

PaulBx1 wrote:
Quote:
The system files are really read-only.
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!


Uh, I must be laboring under a misapprehension. Smile

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something? ...

I think so. As I've said many times in many ways, everything saved on a multisession disk is fragmented into sessions. You can tell Puppy at boot to not incorporate the last n sessions when it builds Puppy in RAM with unionfs or aufs.
Back to top
View user's profile Send_private_message 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Fri 07 Aug 2009, 17:01    Post_subject: Safe but not useful  

@PaulBx1,

Perhaps I wasn't clear. If you haven't mounted any partitions you'll have nowhere to save the pupsave file. So if you boot a live-CD as puppy pfix=ram and you have no pupsave, there is nothing writable on the CD to change. Files in ram can be changed but they will disappear after a reboot. Still the caveat about password stealing trojans applies. Whether Puppy is that useful in this mode is a bit moot. You can't work on any files and then store the results of your work.

But I don't use Puppy as my primary OS and I only have a pupsave file on one of my machines at the moment.

If you accept those limitations (no mounted persistent storage) it's as safe as houses. If you're not running Internet Explorer with ActiveX enabled you're fairly safe even on a Windows machine. I use Firefox with Noscript and Flashblock enabled, this has been fairly secure so far.

The only viruses I have picked up in last year have been boot-sector viruses from USB sticks which have all been caught by my anti-virus. None of these would have harmed Puppy as they are usually targetted at Windows systems.

No need to be complacent though, aren't most botnets composed of thousands of Windows boxes controlled from rootkitted Linux servers?

With Puppy the only thing you have to worry about is hardpad.
Back to top
View user's profile Send_private_message 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Mon 10 Aug 2009, 15:52    Post_subject: What makes Linux safer than Windows?
Sub_title: Multisession and Flash Boot
 

I have been using multisession Puppy 4.12 from DVD, on and off, for about 7 months now. I have a machine with no hard drive and Puppy works great there. My motive is security. After installing Firefox and the various security add-ons, the browsing experience is much like under Windows. But the usual random malware attack probably is going to address the largest group, which is running Windows, not Linux.

Many modern attacks go through the browser instead of the OS. Sometimes this is actual weakness, but normally it is just getting the user to click something, whereupon the malware gets its way. Beyond using Adblock Plus, NoScript, WOT, RequestPolicy and BetterPrivacy add-ons, only so much can be done automatically.

To survive on a machine past reboot, malware must change files used during boot. The potential advantage of the multisession DVD is that malware would have to change the DVD. Naturally, malware can change files in memory, and then those files might be written to the boot DVD at the end of session, but only if the user allowed it, which can be made fairly unusual. Even if malware is saved, the system can be recovered by voiding the last n sessions. And worst case, replacement is just another DVD. We do not lose the entire contents of a massive hard drive when there is no hard drive. But if a hard drive is present, even if unmounted, it probably is at risk.

If we download files, they could have format hacks that subvert the reader or player or viewer, but we can hardly blame Puppy for application faults. If we download programs, they could be Trojans, which is an argument for using an up-to-date antivirus solution in Linux. But even undetected, the Trojans *probably* will target Windows, and so not function on Linux. When something strange happens we do not want to write that session to DVD.

The multisession DVD stuff is great when it works, and I wish it would work better. Sadly, I have never been able to continue to a second DVD automatically; the write always fails. Recently I had some sort of end-of-session update write error coasterize a half-full DVD. That was an unexpected loss of substantial updating and customization, and so actually might have been worse than malware. That caused me to question further use of the multisession mode.

I have tried Puppy on a flash drive, but it did not function as I had hoped. What I want is to put everything into RAM, and then be able to *remove* the flash, just like the DVD can be removed after a boot. But what I got was a warning not to remove mounted drives, including the flash. And, of course, the flash could not be unmounted. This is a problem because I cannot save something to flash to move it to another machine with everything running.

The idea of encrypting a boot flash makes a lot of sense. But it kind of makes me wonder why the general file updates to the DVD are not also encrypted.

Perhaps someone who knows Puppy far better than I do can suggest something for multisession problems or to improve flash boot. Thanks!
Back to top
View user's profile Send_private_message Visit_website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11118
Location: Arizona USA

PostPosted: Mon 10 Aug 2009, 23:19    Post_subject: Re: What makes Linux safer than Windows?
Sub_title: Multisession and Flash Boot
 

RandSec wrote:
I have been using multisession Puppy 4.12 from DVD, on and off, for about 7 months now. I have a machine with no hard drive and Puppy works great there. ...

... Sadly, I have never been able to continue to a second DVD automatically; the write always fails.

Barry comes out with a new version of Puppy so often that I never come close to filling up a multisession DVD before I switch to a new version of Puppy. The way I switch to a new version of Puppy may solve your problem. You don't even have to be upgrading to a different version of Puppy for this to work. What I do is, with Burniso2cd, burn a Puppy iso to a DVD then shut down with the newly burned DVD still in the drive. Puppy asks if I want to save. I say yes. Puppy burns the first session, which contains everything from all the sessions of the old DVD. This has the effect of "defragmenting" the old multisession DVD by condensing all the sessions from it into the first session on the newly burned DVD.

Note that if something goes wrong you haven't lost anything from the old DVD. Just boot the old DVD and try again.

Quote:
... Recently I had some sort of end-of-session update write error coasterize a half-full DVD. That was an unexpected loss of substantial updating and customization, and so actually might have been worse than malware. That caused me to question further use of the multisession mode. ...

You can make a backup of your multisession DVD by periodically doing what I just described. Burniso2cd will burn a Puppy iso to a DVD+RW without having to blank the disk first. I alternate two DVD+RW disks.

_________________
Puppy Help 101 - an interactive tutorial for Lupu 5.25
Back to top
View user's profile Send_private_message 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Tue 11 Aug 2009, 03:16    Post_subject: Multisession users  

So there's two of you?

Very Happy
Back to top
View user's profile Send_private_message 
levian

Joined: 06 Aug 2009
Posts: 36

PostPosted: Tue 11 Aug 2009, 03:24    Post_subject:  

droope wrote:
Never tried it. Avast on windows does a pretty good job.


agreed. my office pc is using the free edition avast since the very beginning n it is doing well so far too. hehe.
Back to top
View user's profile Send_private_message Visit_website 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Tue 11 Aug 2009, 03:56    Post_subject: Ant-virus working perfectly  

Err, how do you know? You can tell when your anti-virus catches a nasty and you can tell when you have a false positive. How do you know when it has missed something?

Tin-foil hats all round.
Back to top
View user's profile Send_private_message 
Colonel Schell


Joined: 06 Jul 2009
Posts: 51
Location: Columbus, Ohio

PostPosted: Tue 11 Aug 2009, 14:43    Post_subject:  

It's not paranoia if there's really someone out to get you.
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 11 Aug 2009, 23:49    Post_subject:  

Quote:
It's not paranoia if there's really someone out to get you.


Assume they already got you.
Now what? Laughing

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
disciple

Joined: 20 May 2006
Posts: 6447
Location: Auckland, New Zealand

PostPosted: Wed 12 Aug 2009, 01:58    Post_subject:    

They're not out there to get me. They're out there to get people running Windows Cool
_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send_private_message 
Colonel Schell


Joined: 06 Jul 2009
Posts: 51
Location: Columbus, Ohio

PostPosted: Sat 15 Aug 2009, 20:56    Post_subject:  

Lobster wrote:
Quote:
It's not paranoia if there's really someone out to get you.


Assume they already got you.
Now what? Laughing


Shocked I may not sleep tonight.

Thanks. Sad
Back to top
View user's profile Send_private_message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Sat 15 Aug 2009, 22:20    Post_subject:  



Rough translation:

Panel 1: "Why are you bringing up the root-vs-user issue?"

Panel 2: "Because I'm too lazy to use the search feature on Murga's forum to locate and read pre-existing threads on the topic."

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 2 of 7 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0955s ][ Queries: 11 (0.0045s) ][ GZIP on ]