Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Apr 2014, 06:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
What makes Linux safer than Windows?
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 7 [99 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Author Message
droope


Joined: 31 Jul 2008
Posts: 814
Location: Uruguay, Mercedes

PostPosted: Tue 18 Aug 2009, 20:14    Post subject: Re: Ant-virus working perfectly  

drongo wrote:
Err, how do you know? You can tell when your anti-virus catches a nasty and you can tell when you have a false positive. How do you know when it has missed something?

Tin-foil hats all round.


I do my calculations this way:

No bad news = Good news. Smile

_________________
What seems hard is actually easy, while what looks like impossible is in fact hard.

“Hard things take time to do. Impossible things take a little longer.” –Percy Cerutty

Mi blog (Spanish)
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11051
Location: The Peoples Republic of California

PostPosted: Wed 19 Aug 2009, 02:04    Post subject:  

PaulBx1 wrote:
Quote:
The system files are really read-only.


Quote:
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!


Uh, I must be laboring under a misapprehension. :)

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something?

As to discounting the lack of linux viruses out there "merely" because linux (or BSD) is not as popular; well, it's worked pretty well so far! Better than any anti-virus software. It is an advantage now. When linux hits 30% market share, then you can bring this one up.


Comments on Subjects Discussed

An unmounted partition can be copied bit for bit. It can be erased, formatted and ??

If I were concerned about viruses (malware), I wouldn't use a virus scanner. The reason being is I don't think the signature databases contain much if any Linux signatures.

I would, if I were very concerned, maintain my own md5sum database of files. With the checks looking for changes, new files and deleted files. The report used to alert me to things I might want to look into.

With Linux, files can be set so even root can't modify or delete them. Some of the key files used in traditional root kits can be set immutable and this would make it more difficult to install a traditional root kit.

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 19 Aug 2009, 03:30    Post subject:  

Using something like this for penetration testing (sounds a bit erotic to me)
http://www.pentoo.ch/
should keep the tin hats happy for a while . . .

Let us know of any vulnerabilities
one or two of us might even care . . . Wink

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Bruce B


Joined: 18 May 2005
Posts: 11051
Location: The Peoples Republic of California

PostPosted: Wed 19 Aug 2009, 05:04    Post subject:  

Lobster wrote:
Using something like this for penetration testing (sounds a bit erotic to me)
http://www.pentoo.ch/


Judging by the scope of things, you might be close. I did read this much at the site.

    Q: My card is not supported, will you crack my girlfirend account password for me ?

    Probably not, unless you send pics of her first.


Take a little - give a little. Send pix of the eX - they wouldn't care.

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 13 Oct 2009, 21:04    Post subject:  

Quote:
So what is it that you Puppy users know that I don't? What makes you confident that you're not likely to get hacked, even running as root? I'd really like to know...

Most of us experienced Windows (security nightmare)
Other distros, so secure you can not even open your own CD drive - bah - humbug. Embarassed
Then carefree Puppy usage Very Happy
Carefree I like. Very Happy

We have special tin hatted penguins to do our worrying.
They have been programmed this way (probably by the government) Shocked

Quote:
Would a honeypot puppy be of use to anybody?

Maybe to our so secret everyone knows about it
black ops Puppy users Cool
http://puppylinux.org/wikka/BlackOps

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
clarf


Joined: 13 Jun 2007
Posts: 612
Location: The old Lone Wolf

PostPosted: Thu 15 Oct 2009, 11:58    Post subject:  

A short answer for the initial question. Windows never was designed with security in mind.

If you read:

http://www.computerworld.com/s/article/9139364/In_six_years_of_Patch_Tuesdays_400_security_bulletins_745_vulnerabilities?taxonomyId=17&pageNumber=1

Then you´ll see that Microsoft had released so many security patchs for each Windows versions that you´ll conclude this software quality standards and design are very poor for a secure OS.

It´s true that recently Microsoft redesigned the architecture of Windows and Microsoft have many defense-in-depth improvements in Windows Vista. Even the level of security alerts are fewer than XP:



There are other technologies like Kernel Patch Protection (protects code and critical structures in the Windows kernel from modification), user account control (Microsoft called UAC one of the "most controversial" features of Vista for the thousands of unnecessary prompts fo each system change) and others in the way for Windows 7:

http://windowsteamblog.com/blogs/windowssecurity/archive/2009/04/20/windows-7-security-helping-enable-the-mobile-workforce.aspx

But those technologies are immature, problematic and the better ones are aimed for Server versions (the expensive line), future releases (x64 architectures) and are not available for end users using standards Windows versions.

That's why Linux which is based on BSD Unix at its heart, are fundamentally safer. Their design were multi-user, networked systems to support Server machines.

clarf
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Tue 10 Nov 2009, 01:32    Post subject:  

Quote:
Perhaps I wasn't clear. If you haven't mounted any partitions you'll have nowhere to save the pupsave file. So if you boot a live-CD as puppy pfix=ram and you have no pupsave, there is nothing writable on the CD to change.


Yes, but who uses Puppy this way? Almost everyone full installs it or uses pupsaves or multisessions. Pfix=ram is a diagnostic function, not the way people work normally. OK, maybe for online banking, it might make sense to put up with the inconvenience, but that would be about it. And that wouldn't protect you from malware that came in during that same session.

Multisession ability to throw away the last sessions does not help you if the malware is quiet. A keylogger for example. You have to KNOW there is a problem, to throw away sessions.

No, I think this claim that Puppy's liveCD nature protects it, is almost completely bogus. The instant unionfs allowed everything to be writable, that evaporated. Even before then, certain directories could harbor malware. But now when you run the "ls" command, who knows what you are really doing?

Maybe we need to make that "tripwire" program a standard feature of Puppy. It would also be nice if we could control the directories that are writable. That is, nothing is writable in e.g. /bin unless we give a go-ahead first. And the directory where tripwire is located is not writable at all (comes only from the CD).

This may be a bit too tinfoil-hat-like for Barry though. Wink

BTW, if you go look at the release notes for each version of OpenBSD, it's amazing how many vulnerabilities they plug each release, and they have been focusing on security for a very long time. Linus even called them a bunch of masturbating monkeys. Laughing One would think they'd run out of vulnerabilities at some point, but I guess not...
Back to top
View user's profile Send private message 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Tue 10 Nov 2009, 07:54    Post subject: pfix=ram  

Who uses Puppy this way? Well I do, a lot of the time, depending on which machine I am using. I have never done a full or frugal install of Puppy in the five years or so I have been using it.

It always surprises me when people on this Forum claim to know how everyone else uses Puppy. You don't know, I don't know, Barry doesn't know, nobody knows. I have no idea if most people use full, frugal, multi-session or whatever. It started life as a live-CD and that is mostly how I use it. Some machines I use may have a pupsave, but most don't.

I don't know what the rest of you do, I suspect some of the longer-term users still use pfix=ram. But I really don't know, and neither does anybody else.

If I use pfix=ram I don't need the tin-foil hat.

I don't do online banking and probably never will.
Back to top
View user's profile Send private message 
sikpuppy


Joined: 29 Mar 2009
Posts: 433

PostPosted: Tue 10 Nov 2009, 09:25    Post subject:  

If linux had a unified set of default software and settings, as does Windows, it would be just as insecure (or secure).

Because each installation of Linux differs by at least some degree, unless it's on identical computers, any malware doesn't have much of a chance to propagate beyond that same setup.

I suppose I get a bit tired of people claiming Linux is so secure that it never gets hacked, because in fact it does get hacked, and for the reason I mentioned before. Large corporations and governments who use Linux often have many identical machines, running identical Linux setups. Since they are all up to the same "patch" level for vulnerabilities then it stands to reason that they are all vulnerable.

However, for the average user on a small network this generally isn't an issue, and that is a reason I can see that people feel (for the wrong reasons) that Linux is necessarily more secure than Windows.

_________________
ASUS A1000, 800Mhz PIII Coppermine!, 192Mb RAM, 10Gb IBM Travelstar HDD, Build date August 2001.
Back to top
View user's profile Send private message MSN Messenger 
Sylvander

Joined: 15 Dec 2008
Posts: 3262
Location: West Lothian, Scotland, UK

PostPosted: Tue 10 Nov 2009, 16:17    Post subject:  

1. "I don't do online banking and probably never will."
There's no way I'd be without my online banking; it's just so convenient.
The stuff I can do with it is just SUPERB! [Just like Puppy]

When I went looking for a more secure operating system than Windows, to use for online banking...
A friend suggested I give Puppy Linux a try.
I'd tried a number of Linux distros, and Puppy was the 1st that made we want to stay with it; with the others it seemed to me like pulling teeth just to get the simplest things done.

I'm happy that the techniques I use in conjunction with Puppy provide an adequate level of security.
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Tue 10 Nov 2009, 21:14    Post subject:  

Quote:
It always surprises me when people on this Forum claim to know how everyone else uses Puppy. You don't know, I don't know,


Yeah, but we can guess. Smile Most people probably work on one or maybe two computers with Puppy. Why would they NOT use the persistent storage feature of Puppy? Because they enjoy setting up their networking over and over? Boy, the Network Wizard must be a lot of fun, if they like to do that. And without persistent storage, there is no saving of browser bookmarks or emails or anything else like that.

Even if people who boot pfix=ram all the time were as high as 10% (very doubtful - not even you do it all the time), you are still ignoring 90% of the users with your solution.

Q.E.D., Puppy is really like any other linux distro with respect to security; it is not read-only (except with the quibble, if that it is, about root logins).
Back to top
View user's profile Send private message 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Wed 11 Nov 2009, 02:53    Post subject: Minority report  

It's not my solution! My point is merely that, as originally designed, Puppy is fairly safe even with a default root user. With no persistent storage it's about as safe as you can get with a reboot clearing out all nasties.

Mind you earlier Puppies seemed to boot faster (or that may just be my faulty memory) so rebooting was not much of a chore.

You get quite good at using the Network Wizard after the first hundred times.

If people want to install a live CD that is their lookout. I'm still intrigued enough by the possibility of a live-CD OS to be sad enough to want to use it that way. The only thing I ever saw that had this capability before Knoppix was Solaris on a SPARC workstation in about 1995 (boy, were those guys ahead of their time - and very expensive.)

If you do a full install and run as root I'd say you are probably not that secure, except that Puppy has a different file structure to the traditional Linuxes so you are relying on security through obscurity. It seems to be similar to Slackware in some ways, so if there were a Slack-specific virus/logger/rootkit/whatever I suppose that might be a problem.

Recent events on one of the websites indicate that we have now raised our heads above the parapet enough to be a target.

I think I'll erase pupsave now! Now where is my tinfoil hat?
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 11 Nov 2009, 18:44    Post subject:  

Playing the devils advocate: Rather than rerun the network wizard (and rather than always type in pfix=ram) a chronic pfix=ram'er could simply make a remaster that has the network preconfigured and pfix=ram set up by default. Include some bookmarks and home page while he's at it.

Those few steps can go a long way toward making pfix=ram mode tolerable.

(Assuming the same machine/network were being used each time. This isn't as useful to a nomad.)

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Wed 11 Nov 2009, 19:05    Post subject: Chronic pfix=ram'ers  

That's a very good suggestion Pizzasgood. Even if you used two or three wireless hotspots it would work fine.

Back when new versions of Puppy were coming out every couple of weeks I guess it would have been too much trouble. Now there is a slightly more sedate pace it would be a good idea.

Never thought of myself as a chronic pfix=ram'er before. Do I need help?
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 11 Nov 2009, 19:39    Post subject:  

If you typically use your OS in a mode that does not retain malware, you probably don't need help. Or at least, less help than the average computer user.....
_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 3 of 7 [99 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0859s ][ Queries: 11 (0.0037s) ][ GZIP on ]