Dell Inspiron 910 (mini-9) / Puppy 5.1.1
This Dell Mini-9 has a failed SSD and no optical drive. I installed Puppy from Live CD to a USB thumb drive using the Puppy Universal Installer. I did this on an ACER notebook. I also followed directions on this forum to place this in section 7) of rc.shutdown:
dialog --yesno "Save this session?" 0 0 >/dev/console
if [ $? -eq 0 ]; then
<< no change to the rest of the script in this section except adding the 'if' to the end>>
Upon reboot or power down, I choose 'no' at the "Save this session?" question unless I've made a change to the desktop config. Never after accessing the Internet.
Here's my question: Is this method of using Puppy as secure as using the Live CD ? I'd like to use this PC only to access online banking sites and make CC purchases. Is it possible that malware/crimeware could reach the USB thumb drive during a Firefox session ?
Also, I noticed that there's no user or root password. Doesn't this open up Puppy to intrusion ?
Last, is there a way to reverse the Yes/No order and maybe place a timer on the little dialog box that pops up now when I power down ? So that if I do nothing in say 10 seconds, the answer is 'no'....
Thanks !
RDL
USB install: saving only on command [ Solved ]
USB install: saving only on command [ Solved ]
Last edited by Robbobden on Mon 24 Jan 2011, 23:29, edited 1 time in total.
-
Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
GROWL
http://murga-linux.com/puppy/viewtopic. ... 216#335216
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows. "If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking," van der Graaf said.
http://puppylinux.org/wikka/Security
http://murga-linux.com/puppy/viewtopic. ... 216#335216
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows. "If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking," van der Graaf said.
http://puppylinux.org/wikka/Security
-
postfs1
I know I had more than one question in my post. What I'm really concerned with is that there is no root or user password. And I don't find a way to password protect after the installation. So, like the guy who posted "Safe Browsing Puppy" on Nov 12th last year to this sub-forum, I'd like to run Puppy totally in RAM after having set up Desktop etc., then after that never allow anything that happened during a session get back to the HD or USB stick. Run in RAM and dump it afterwards. Like a Virtual Machine.
I modified rc.shutdown with the two lines someone suggested in this forum:
dialog --yesno "Save this session?" 0 0 >/dev/console
if [ $? -eq 0 ]; then
So, I get the Save yes or no question at poweroff or reboot. When I arrow to 'no' and hit enter, I don't see any activity (the little USB lamp indicating read or write), then the PC shuts down. Is this the protection I need ? The same as a virtual machine ? Or can there still be some way to alter the contents of the USB during a browsing session which would propagate to future sessions regardless whether the session was saved or not afterwards ?
RDL
I modified rc.shutdown with the two lines someone suggested in this forum:
dialog --yesno "Save this session?" 0 0 >/dev/console
if [ $? -eq 0 ]; then
So, I get the Save yes or no question at poweroff or reboot. When I arrow to 'no' and hit enter, I don't see any activity (the little USB lamp indicating read or write), then the PC shuts down. Is this the protection I need ? The same as a virtual machine ? Or can there still be some way to alter the contents of the USB during a browsing session which would propagate to future sessions regardless whether the session was saved or not afterwards ?
RDL
Rob, you may not realize it but your questions about the security of operating in root are going to reopen a long-standing discussion which has never come to a definite conclusion. I can only say that in the 5 years or more since I started using Puppy, no one has reported a verifiable instance of his computer being taken over while he was using Puppy.
As for protecting your USB installation, what happens if you remove the USB thumb drive after Puppy has loaded into RAM? I run Puppy from a multisession DVD and I can remove the DVD after booting Puppy. After that, if I don't want to save anything, I just turn off the power.
As for protecting your USB installation, what happens if you remove the USB thumb drive after Puppy has loaded into RAM? I run Puppy from a multisession DVD and I can remove the DVD after booting Puppy. After that, if I don't want to save anything, I just turn off the power.
Thanks for the reply Flash, - Well, from what little I've read about one of the more secure Linux OSs, Ubuntu 10.10 for instance, the Desktop user can not know the root password since it's encrypted or it's a hash code generated during the installation. An intrusion from say a malicious script on a web page would have no chance of writing to or deleting or changing any files owned by root. Possibly only files in user owned files or directories like /home. This is my understanding and I could have it wrong.
This same web site could affect Puppy, though. Am I right or wrong ? So, if I'm going to open up my PC to that, I'd rather dump the whole thing after a browsing session and start over the next time with everything as it was when first installed.
I would think there would be a market for a simple machine that has no permanent storage medium (no hard drive), gets its operating system from a read only device like a USB stick. This machine is only used to browse the Internet and read email online from Gmail or Yahoo etc. Not used for any real work such as word processing, graphics etc. As an added plus, no anti-virus, adware, or spyware software would be needed.
I might get close to that with this little Dell Inspiron Mini-9. The SSD failed, so it doesn't have a hard drive. I have Puppy 5.1.1 on a 4G USB stick with that hack to rc.shutdown. I get a reminder now and again about not removing the USB and have seen comments about possible file corruption if this is done. I was hoping to get a lot of feedback from this forums guru's about this setup. -
RDL
This same web site could affect Puppy, though. Am I right or wrong ? So, if I'm going to open up my PC to that, I'd rather dump the whole thing after a browsing session and start over the next time with everything as it was when first installed.
I would think there would be a market for a simple machine that has no permanent storage medium (no hard drive), gets its operating system from a read only device like a USB stick. This machine is only used to browse the Internet and read email online from Gmail or Yahoo etc. Not used for any real work such as word processing, graphics etc. As an added plus, no anti-virus, adware, or spyware software would be needed.
I might get close to that with this little Dell Inspiron Mini-9. The SSD failed, so it doesn't have a hard drive. I have Puppy 5.1.1 on a 4G USB stick with that hack to rc.shutdown. I get a reminder now and again about not removing the USB and have seen comments about possible file corruption if this is done. I was hoping to get a lot of feedback from this forums guru's about this setup. -
RDL
If it won't work, perhaps it's because of the way you installed Puppy on the USB flash drive. You might try a frugal install, if that's possible on a flash drive. I'm out of my depth here, as I've only run Puppy from a multisession DVD.
Last edited by Flash on Sun 23 Jan 2011, 13:41, edited 1 time in total.
Puppy itself and apps seem to all get loaded in RAM; everything on the Desktop seems to run ok after removing the USB. Firefox won't run. If I'm surfing on the Internet, when I remove the USB, the browser window stays up until I try to link to someplace. Then it shuts down and returns me to the Desktop.
RDL
RDL
On an ACER notebook, I zero'd the MBR, wrote random data on the HD, then ran the Puppy 5.1.1 LiveCD. Set up wireless and the Desktop, then did a 'Remaster Puppy LiveCD' in Menu > Setup. When I'm finished using the PC, I just power it down. The remastered CD stays in the optical drive. Any malware that may have infected RAM gets flushed the next power cycle.
For the Dell Inspiron Mini-9 to use the Internet safely, I'm going to invest in an Imation Clip USB drive. It has an external write protect switch.
RDL
For the Dell Inspiron Mini-9 to use the Internet safely, I'm going to invest in an Imation Clip USB drive. It has an external write protect switch.
RDL