Vbox would make Puppy safer to use? (solved)

[nooby]

I am not intelligent enough to get it but that is what I read into the following text.

http://www.csicop.org/si/show/thinking_ ... trade-offs

The tipping point was when it became so easy to restore a machine to a previous clean state with the advent of virtual machines. This allows you to freeze the exact state of a machine, do something that may risk infection of your computer, and revert back to that clean state afterwards and know that your machine is not infected.

That sounds easy and good and I remember that people here use pupsave that way to restore the known pupsave and delete the one that may have got corrupted.

But that only works for malware that end up in pupsave not those that download itself outside of pupsave.

One would have to set the HDD as read only and then open it each time one want to save something on it.

But back to the virtuality.

Suppose I start up Fluppy and then start vbox and in that vbox start up a Vbox version of Fluppy.

Would that create a "Sandboxed" version of Fluppy that can not reach the HDD?

How am I supposed to save a picture of the screen or some news medua text or something.

Sure I could send it as mail to Gmail or something and use that as a Cloud computing storage. ?

Could someone explain what is the pro et cons?

Are there a vbox pet in PPM for Fluppy? Or some pet on puppy wiki or somewhere?

Would not the bad guy go directly on to the booted Flupy and not care for the virtual one?

I would still make hdd untouchable by chainging the write eprsimssion in a way they can not change.

But how can I change it to writable then without them being able to do the same.

I would have to take it out or cut power to it and work only on USB memory stick that one can set mechanically to not be writeable.

[noryb009]

I wouldn't really bother, when you can just run pfix=ram, and not download anything suspicious.

I wouldn't even worry much about viruses/malware on puppy.

[nooby]

Yes that works for some users but then one have to install everthing each time one boot up.

You have to tell OS to change from US keyboard to Swedish and use the Intel driver instead of somethign else.

You need to change all those changes that Jemimah prefered single click and double click and Woof sounds and background and bookmarks and such.

She prefer Chrome so that comes with the boot but I need Firefox with Noscript activated and the gmail webmail in place.

Much work each time. That become soon too tedius to set up each time.

one would have to do a remaster for some script to load or something to set it all up automatically as preferred.

And it helps very little to do pfix=ram because the malware will still download outside of pupsave and load itself to the HDD.

[noryb009]

Have you ever seen a Puppy virus?

Creating a virtual box state is a lot more work then remastering, in my opinion.

[nooby]

I am all ear. Tell me how to remaster Fluppy008

How will pfix=ram prevent a malware from installing a keylogger? through the booted pfix=ram Fluppy008?

Being frugal it is still on an unprotected HDD and if I boot it on an USB it still can mount the HDD in the background in same way that I would do it manually and hide that it does.

Through the Firefox it can do downloads in same way as I does.

I want answers to the thread topic. I see your texts to be about something else.


I maybe misled you due to the text I cited was about virus but I talk about malware at such.

Mainly Trojan and Keyloggers.

[Flash]

If you run Puppy from a multisession CD or DVD you get the benefits of running entirely from RAM, plus your settings and installed programs are saved on the CD or DVD. Try it, you'll be impressed.

[nooby]

Thanks Flash I did that 2008 on several computers but these modern Netbooks like Acer D250 have no such think onboard and I will not pay for an external one just to be able to do it.

But it can do it from USB memoru flash stick. Is that very different?

[noryb009]

In a multi session CD/DVD, you get to choose if you want to save your session. In a USB, I don't think you get that choice.

[Flash]

I've never run Puppy from a USB stick. I think it can be set up so that nothing is saved onto the stick unless you tell Puppy to do it.

[nooby]

I've never run Puppy from a USB stick. I think it can be set up so that nothing is saved onto the stick unless you tell Puppy to do it.

Yes that could be as you say Flash.

Sad fact is that I know too little. If someone explain to me how much safer I would be using a Flash that way then most likely I would set it up that way.

Shinobar told me how to create a good Flash install of puppy on a flash memory stick.

But at that time I forgot to ask him about such things as securing that mem stick from being altered by others.

[nooby]

Flash here is an important question that I also want to know.

http://murga-linux.com/puppy/viewtopic. ... 287#467287

I am running quirky on a bootable usb flashdrive, and at shutdown Quirky tells me that things are already saved in the top laver.

Not sure if you can work around that. Not being able to select no save at shut down is a huge inconvenience when you do not want or need to save changes....killing the power or performing usb interruptus has never appealed to me.

Thom

the answer he gets is to read his PM so none of these guys think others also wants to know how to do it.

[Pizzasgood]

To answer your original question, if you run a virtual Puppy, everything you do within that virtual Puppy will stay in the virtual Puppy and not touch the outside harddrive. If the program you use to provide the virtual machine - virtual box for example - has the right kind of bug, a person could theoretically slip out and modify things in your real installation, however they would have to know you are using virtualization, that it has the bug, and how to exploit it. The odds of that happening are tremendously low unless you are a very high profile target. In other words, you would be safe from the random junk on the web, and would only need to worry about somebody who is very intelligent and has a very strong motivation to gain access to your computer specifically. And that is of course assuming such a bug even exists.

You would not, however, be able to save things outside the virtual Puppy. Preventing that is the point, after all. Depending on the program you use, you could set the virtual Puppy up so that it can write outside of the virtual environment (you have to configure that from the real Puppy - a hacker couldn't do that from the inside), but that would defeat the purpose in running it virtually, unless you only set it up that way for limited times to transfer certain items. And not all emulation software supports that kind of feature. (I don't know whether virtual box has it.)

The only way anything bad could get into the real installation is if you ran untrusted code on it, or ran a server on it. If you do everything through the virtual install, the real install would be pretty darned safe.



As for your fear that running Puppy normally, malware could get installed outside the save file: Well, it could, but that's trickier. Generic malware targeting Linux would try to install somewhere in the main filesystem, because it would not know that you have a save file. It might try spreading itself into other locations and wind up on the harddrive though. But that leads to the next problem: software doesn't magically run itself. Especially not Linux software. It has to be started somehow. In Puppy, with one exception I'll get to in a moment, the only ways that malware could get automatically started on bootup is if it modified something inside the save file. It would need to hook into one of the boot scripts or one of the startup directories, or perhaps a configuration file for a program. Or it could attach to / replace a program you would normally run. But all of those take place inside the save file. So even if it installed the virus itself on the HD, the code that tells it to run would still be inside the save file, and removing the save file (or booting without it, via pfix=ram) would cause the virus to not run anymore.

I mentioned an exception: If the malware created a malicious .sfs file, Puppy would overlay that into the normal filesystem on boot, which could allow harddrive content to show up inside the main filesystem. There are a couple catches with that. One is that the malware/hacker would need to know you use Puppy and specifically create an attack to take advantage of the .sfs system. That is very unlikely. If you were to encounter Linux malware, it would most likely be targeted at either Ubuntu or else an enterprise distro like Red Hat. It could happen though...

But then there's the second problem: I believe that more recent Puppies do do not automatically load .sfs files by default, unless you tell them to. I think the even newer ones don't even let you opt-in to the "load everything with matching version numbers" option anymore? (I haven't really been keeping up anymore, as I use my own distro now...) In that case, there still would be a requirement for changes inside the savefile before the .sfs file would be loaded and the malware run.

[Pizzasgood]

Of course, the above is assuming that you trust the computer you are running a virtual Puppy on. If you do not trust the computer itself (both hardware and software), running a virtual Puppy would have only limited benefits, as explained in this thread. If you were running the host OS off a flash drive you'd be able to trust the software at least, but even then you'd still need to trust the hardware (though it would mostly be confined to spying on you - it would be unlikely and tricky for the hardware to install a virus into your flash-drive based OS installation.... But certainly possible.)

[nooby]

Thanks Pizzasgood,

recently in a thread I mention your multiuser puppy 421 and linked to that thread.

But I did also mention something I want to ask you about. Some Dev thanked you for helping them with a very fresh puppy they made. Could be MyWolfe but I am not sure.

you helped them with code for setting up new users? Not sure and the puppy was basd on Lupu51 or on Luci?

So it could have been Puppy Studio too? In case you remember? Would be nice to know until next time somebody ask about setting up a user on their puppy.

Back to my topic.

So if I use such setup then.

Fluppy or Puppeee running frugal in root with pfix ram and then a vbox with fluppy or puppeee that launch totally within vbox virtualization and I only save things on gmail account then I am kind of very much more safer compared to now when I am using savefile on Fluppy?

[Pizzasgood]

If you create a virtual machine running Puppy, configure it, and save a known good version, and then restore it to that known good version after each session, you would be safer than you would just using Puppy normally.

If in addition, you were running that virtual machine from a pfix=ram Puppy, that would be a bit more secure. Especially if the base Puppy were being run from a physically read-only medium, like a CD.

In fact, if the "real" OS is stored on a truly read-only medium, the only benefit you would have in running a virtual Puppy inside the pfix=ram Puppy vs. just running the pfix=ram Puppy would be that you wouldn't be able to reach the harddrive from inside the virtual Puppy.

If you obtain a remastered Puppy that you can run in pfix=ram mode, and just ignore your harddrive other than for storing data (absolutely no running software from the drive), you would be more than safe enough. Especially if Puppy were being booted from a closed CD-R and you don't allow any .sfs loading. The base OS would be untouchable - you'd have to burn a new CD to change it. There would be no need to use a virtual Puppy. Even if you got infected during a session, and the infection spread onto the HD, it would not matter, because the next time you boot Puppy, the infection would not be in the OS anymore. The bits that got onto the harddrive would not be able to run on their own.

Basically the only thing you'd have to worry about would be images or audio files that exploit a buffer overflow, and files that can have scripts in them (like a PDF). However, those would be a problem no matter what you do, if you intend to save those files. Even if you went with the virtual Puppy, when you re-download such a file from email, it would re-infect you.

But those sorts of things are very rare in the Linux world, and for them to happen, the program you use to read the file has to have an exploitable feature or bug.

[nooby]

Thnaks Pizzasgood.

I also asked about which very new puppy that you helped to get "user accounts".

Could it have been Puppy Studio or MyWolfe? or some third one?

Sadly I have no CD/DVD to my Acer D250 so it has to be an USB then.

I guess that makes it less safe. But one can set it to non writeable?

[Pizzasgood]

Yeah, I forgot that you'd said you don't have CD support. So in that case, a virtual Puppy offers a real advantage over just using pfix=ram, unless you have a USB drive that lets you set it to read-only.

I'm sure such a thing exists, but none of the ones that I've owned have a switch to make them read-only.

On the other hand, unless you're worried that somebody will specifically target you, the odds of them reaching out onto the drive and modifying your frugal Puppy install are pretty small. But yeah, if you have reason to be that paranoid, you'd want to go with a virtual Puppy.

But I don't think there's much point in using pfix=ram mode in conjunction with a virtual Puppy unless you are very paranoid. Somebody who manages to break out of the virtual Puppy is probably going to be smart enough to be able to deal with a pfix=ram Puppy that isn't read-only, unless it's just some kind of automated attack.



Regarding user accounts, I don't remember. I do know that the most I've done since at least May or so is answer a few questions. Sorry I can't be more help.

[nooby]

thanks I have to read through all this and try to understand it.