firewall useless for puppy

[jonyo]

yup liters for a few decades now

[Bernie_by_the_Sea]

Flash has its own cookie storage system separate and apart from the browser. The settings for these cookies aren’t determined by the browser. If you delete all cookies using the browser you have not deleted Flash cookies. Flash cookies can reinstall regular cookies that were deleted by the browser. Flash allows supercookies that continuously replace themselves on all browsers on the system every time an attempt is made to delete them.

Flash cookies can be deleted by right clicking on any Flash content, then choosing Global Settings, then Website Storage Settings. On some operating systems clicking on Website Storage Settings leads to the settings manager in Gnome, KDE, etc. There choose Adobe Flash Player. I don’t know if this works in any of the many variants of Puppy since I no longer use Puppy.
^

[gcmartin]

(Post Moved to this Thread)

[Béèm]

When I was in Windows, I used firewalls, but none of them were user-friendly and easy to set up.

[jonyo]

When I was in Windows, I used firewalls, but none of them were user-friendly and easy to set up.

which ones did you try?

[Béèm]

Tiny Personal Firewall, Kerio, Outpost.
The first one was the easiest, but I think they were taken over by Kerio if I remember well.

[jonyo]

there's a ton out there

tried a bunch here
http://www.techsupportalert.com/best-fr ... tion_Guide

[Béèm]

there's a ton out there

tried a bunch here
http://www.techsupportalert.com/best-fr ... tion_Guide

Thank you for the link.

BTW, after all this time you still don't know how to make a click-able link?

[jonyo]

i cant be bothered i've asked for years why there was a change to the forums without a reply

it used to be automatic

[Béèm]

i cant be bothered i've asked for years why there was a change to the forums without a reply

it used to be automatic

I never have seen it automatic.
Making a click-able link is a courtesy towards fellow posters.
And if you take that attitude because of not having a reply, it is sad.

[increa]

Firewall = blocking of packets. (over simplifying... but that's basically it)

Instead of speaking of a firewall in some mysterious mystical way such as "it stops viruses or trojans", let's just say what it does. It stops packets from reaching your computer. Some malformed packets can cause certain IP stacks to trip up and let bad code get to your computer CPU, so people like to stop extra packets.

Firewalls mostly stops packets based on various criterion such as what IP the come from, or what port they're addressed to. A hardware NAT router will basically do the same thing, but doing it with software on the computer is easier, especially when I'm hooking up wireless at new locations.

The folks at GRC.come also point out that without a firewall, your computer will often reply "sorry, I can't respond to that", which begs the hacker to keep trying more probes. A firewall can make it so you computer never sees the unacceptable packet, and so issues no reply.

A firewall can also stop programs on YOUR computer from sending packets out to the world. A hardware NAT router won't do that.

In other words, I don't think people need to prove that anybody should use a firewall. If you don't want the function of a firewall, don't use one. See if there is any performance increase when you turn it off; probably not because other things are slower.

[increa]

so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it. in this case (also the same case with 100's of thousands of vps servers with linux on them that are mainly accessed via ssh to administer them etc that generally have no firewalls, i have one myself) the sshd program itself provides the security.

Broaden your idea of security! Within 1 day of putting an ssh server up, my logs showed thousands of packets trying to log in with a dictionary attack of names from an IP in China. Yes, mostly wasted time, but in the process, the remote hacker now knew the name of the two accounts that WERE on my computer. Now they come back later, and trying only those two names, pound me with a dictionary attack of passwords. You're right that my computer was "secure" in that nobody got in -- that time.

Nonetheless, I changed the names, and moved my sshd to a non-standard port and firewall blocked the standard port so my computer would show "nobody's here, go poke a different IP address".

[increa]

My original post is easy enough to understand. Ive replied to the " define the resources yourself..." posts. So now for the 443223th time im saying the amount of resources isnt the point. If a program is not doing anything worth while then the bits/ bytes whatever its taking up in ram isnt doing anything usefull.

Next person who challenges me to find the exact resources it uses ill simply use the same stupidity back at them and say that you should prove that the firewall is not using resources and to define exactly how much its not using.

In the spirit of this email thread, I just can't resist... Can you PROVE it was the 443223th time? I think you should provide some hard evidence, or else I just won't believe you. If you claim that the resources of your life are being wasted, you should take the time to document this prior to claiming it! (that was intended to be light hearted humor)

Seriously: Why so much contention in this email thread?! sickgut, remember, nobody is obliged to even answer any given post. Why levy on others so much effort to provide hard evidence for free? I bet if you offer $100 into the mix, you'll get some hard evidence based on 2 hours of someone's life to get it to you. I'm not sure why anybody should put so much effort into your demands -- because that would be wasting THEIR resources of fun time/life at the Puppy keyboard without compensation.

A decade or more ago, I was part of a thread debating if computer cooling fans should blow in or out. It intrigued me enough that I spent a week collecting cooling data and playing with the fans of my computer cases. I typed up a report and put it out onto the email backbone links (there was no internet at the time). If you're interested in balancing firewall resources/effect, take the time to lead the role! For me, firewalls "waste my life" only in the constant upgrade, options, etc. I value a firewall being quiet and doing it's job. The fact that it takes 2 useconds extra time is irrelevant for me, with my needs.

[increa]

Alot of people still say that you must have a firewall in Puppy for protection, but I would have thought it reasonable that just one example of a valid threat could be documented and posted here. This leads me to believe that the threat is non existent.

Do you use your words in context of the full security landscape? Do you mean threat, risk, susceptibility, or vulnerability? Which are you looking for an example of?

I use my firewall to block standard port SSH traffic. Is the simple type of example you're looking for? Or do you want documentation that somebody tried to use that port and had a way to attack the port that would take down Puppy? Well.. because my port is blocked, I don't know what somebody ~could~ have done on the port. I already gave the example that somebody DID collect all the usernames on my computer by using a non-blocked standard SSH port. Was collecting usernames a hack? You'll have to decide your standard of what constitutes a "hack".

[increa]

Actually pings are necessary for the Internet to work properly. Turn them off and they'll be things you can't do on the web. Turn them on and you can be found by hacker/crackers.

Kind of like life, isn't it?! If I breath, live, eat, and sleep, that makes me vulnerable to the bad guys. Being vulnerable to hackers is like getting old. Given the choice... I would rather...

[increa]

One point I'd like to learn more about is configuring the firewall to deny all programs, except certain ones I trust, access to the net.

Non-Puppy comment: I use free "Zone Alarm" to do this in Windows.

[increa]

One last thought in this thread for this morning:

It's often not one specific thing (get through my firewall) that creates a threat. Here's an example where individual non-threat pieces built into enough of a threat that I secured my system.

I enabled the Haiwatha web server. Even opened up to respond to all IP addresses (like a honey pot, I was interested who was on the hotel network and would choose to browse into my computer).

Then I enabled the Puppy personal blog. All okay, until I READ the default files served up by the server and the blog. In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.

So, anybody could admin my blog, dump whatever they want there and as a minimum bury my computer in downloaded trash. That will crash any hard drive when it becomes full. Or the database will die first.

So... I went back and turned off the web server. OR, what I could have done is install a firewall so that only packets from within my local network could get to the web server Puppy. In this case, the firewall ~would~ have protected me. That's a pretty tangible example, I think. However, I solved the problem a different way.

However, I still run the Puppy firewall because it's overhead is a simple XOR statement against a port or IP number. Takes about a microsecond. I can afford that cost to cover my ~other~ braindead actions such as web serving my own blog post that gives my own password to the world.

[Aitch]

In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.

I think that should be brought to Barry K's attention somewhat urgently, as a security bug!

Aitch

[puppyite]

About Hiawatha:
I would think that anyone who runs a web server on their local machine would know that it should have a password set before it will start or at least give some warning if a password isn’t set.

I have no experience using the Hiawatha web server in Puppy Linux so I don’t know if it has a default password set up or not. If not then that may be a problem if the user starts it and no warning is given.

[SimpleWater]

After doing research, i have found the solution for the flash cookies. There is actually an extension for firefox called "Betterprivacy"(essential). It is made specially for deleting super cookies and is very easy customizable. If your worried about javascript then theres "noscript"(nonessential). Another firefox add-on. Something else you can do is go into your about:config and look for dom.storage.enabled and set the value to false.

I also tried to find warning threads about malware. I searched other big distros like ubuntu forums, and nothing of course. This is linux i don't think the word "malware" exist in linux yet. You might want to include your sources when you make big claims like that bernie.

When html5 becomes a standard, then you can ditch flash