firewall useless for puppy
- Bernie_by_the_Sea
- Posts: 328
- Joined: Wed 09 Feb 2011, 18:14
Another problem with Flash
Flash has its own cookie storage system separate and apart from the browser. The settings for these cookies aren’t determined by the browser. If you delete all cookies using the browser you have not deleted Flash cookies. Flash cookies can reinstall regular cookies that were deleted by the browser. Flash allows supercookies that continuously replace themselves on all browsers on the system every time an attempt is made to delete them.
Flash cookies can be deleted by right clicking on any Flash content, then choosing Global Settings, then Website Storage Settings. On some operating systems clicking on Website Storage Settings leads to the settings manager in Gnome, KDE, etc. There choose Adobe Flash Player. I don’t know if this works in any of the many variants of Puppy since I no longer use Puppy.
^
Flash cookies can be deleted by right clicking on any Flash content, then choosing Global Settings, then Website Storage Settings. On some operating systems clicking on Website Storage Settings leads to the settings manager in Gnome, KDE, etc. There choose Adobe Flash Player. I don’t know if this works in any of the many variants of Puppy since I no longer use Puppy.
^
[color=green]Frugal[/color]: Knoppix 6.4.4 DVD
[color=blue]USB[/color]: DSL 4.4.10
[color=red]Full[/color]: WinXP Pro
Puppy (Feb. 4 - May 12, 2011) led me back to Linux.
[color=blue]USB[/color]: DSL 4.4.10
[color=red]Full[/color]: WinXP Pro
Puppy (Feb. 4 - May 12, 2011) led me back to Linux.
Suggestion for Puppy Firewall
- Attachments
-
- firewall.png
- Firewall screen that is extremely User Friendly
- (26.5 KiB) Downloaded 1002 times
Last edited by gcmartin on Sun 22 May 2011, 19:21, edited 3 times in total.
- Béèm
- Posts: 11763
- Joined: Wed 22 Nov 2006, 00:47
- Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win
When I was in Windows, I used firewalls, but none of them were user-friendly and easy to set up.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
- Béèm
- Posts: 11763
- Joined: Wed 22 Nov 2006, 00:47
- Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win
Tiny Personal Firewall, Kerio, Outpost.
The first one was the easiest, but I think they were taken over by Kerio if I remember well.
The first one was the easiest, but I think they were taken over by Kerio if I remember well.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
- Béèm
- Posts: 11763
- Joined: Wed 22 Nov 2006, 00:47
- Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win
Thank you for the link.jonyo wrote:there's a ton out there
tried a bunch here
http://www.techsupportalert.com/best-fr ... tion_Guide
BTW, after all this time you still don't know how to make a click-able link?
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
- Béèm
- Posts: 11763
- Joined: Wed 22 Nov 2006, 00:47
- Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win
I never have seen it automatic.jonyo wrote:i cant be bothered i've asked for years why there was a change to the forums without a reply
it used to be automatic
Making a click-able link is a courtesy towards fellow posters.
And if you take that attitude because of not having a reply, it is sad.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]
Puppy firewall does what any firewall does
Instead of speaking of a firewall in some mysterious mystical way such as "it stops viruses or trojans", let's just say what it does. It stops packets from reaching your computer. Some malformed packets can cause certain IP stacks to trip up and let bad code get to your computer CPU, so people like to stop extra packets.Firewall = blocking of packets. (over simplifying... but that's basically it)
Firewalls mostly stops packets based on various criterion such as what IP the come from, or what port they're addressed to. A hardware NAT router will basically do the same thing, but doing it with software on the computer is easier, especially when I'm hooking up wireless at new locations.
The folks at GRC.come also point out that without a firewall, your computer will often reply "sorry, I can't respond to that", which begs the hacker to keep trying more probes. A firewall can make it so you computer never sees the unacceptable packet, and so issues no reply.
A firewall can also stop programs on YOUR computer from sending packets out to the world. A hardware NAT router won't do that.
In other words, I don't think people need to prove that anybody should use a firewall. If you don't want the function of a firewall, don't use one. See if there is any performance increase when you turn it off; probably not because other things are slower.
sshd type security
Broaden your idea of security! Within 1 day of putting an ssh server up, my logs showed thousands of packets trying to log in with a dictionary attack of names from an IP in China. Yes, mostly wasted time, but in the process, the remote hacker now knew the name of the two accounts that WERE on my computer. Now they come back later, and trying only those two names, pound me with a dictionary attack of passwords. You're right that my computer was "secure" in that nobody got in -- that time.sickgut wrote:so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it. in this case (also the same case with 100's of thousands of vps servers with linux on them that are mainly accessed via ssh to administer them etc that generally have no firewalls, i have one myself) the sshd program itself provides the security.
Nonetheless, I changed the names, and moved my sshd to a non-standard port and firewall blocked the standard port so my computer would show "nobody's here, go poke a different IP address".
Proving what we claim
In the spirit of this email thread, I just can't resist... Can you PROVE it was the 443223th time? I think you should provide some hard evidence, or else I just won't believe you. If you claim that the resources of your life are being wasted, you should take the time to document this prior to claiming it! (that was intended to be light hearted humor)sickgut wrote: My original post is easy enough to understand. Ive replied to the " define the resources yourself..." posts. So now for the 443223th time im saying the amount of resources isnt the point. If a program is not doing anything worth while then the bits/ bytes whatever its taking up in ram isnt doing anything usefull.
Next person who challenges me to find the exact resources it uses ill simply use the same stupidity back at them and say that you should prove that the firewall is not using resources and to define exactly how much its not using.
Seriously: Why so much contention in this email thread?! sickgut, remember, nobody is obliged to even answer any given post. Why levy on others so much effort to provide hard evidence for free? I bet if you offer $100 into the mix, you'll get some hard evidence based on 2 hours of someone's life to get it to you. I'm not sure why anybody should put so much effort into your demands -- because that would be wasting THEIR resources of fun time/life at the Puppy keyboard without compensation.
A decade or more ago, I was part of a thread debating if computer cooling fans should blow in or out. It intrigued me enough that I spent a week collecting cooling data and playing with the fans of my computer cases. I typed up a report and put it out onto the email backbone links (there was no internet at the time). If you're interested in balancing firewall resources/effect, take the time to lead the role! For me, firewalls "waste my life" only in the constant upgrade, options, etc. I value a firewall being quiet and doing it's job. The fact that it takes 2 useconds extra time is irrelevant for me, with my needs.
Example of WHICH kind of documented threat?
Do you use your words in context of the full security landscape? Do you mean threat, risk, susceptibility, or vulnerability? Which are you looking for an example of?sickgut wrote:Alot of people still say that you must have a firewall in Puppy for protection, but I would have thought it reasonable that just one example of a valid threat could be documented and posted here. This leads me to believe that the threat is non existent.
I use my firewall to block standard port SSH traffic. Is the simple type of example you're looking for? Or do you want documentation that somebody tried to use that port and had a way to attack the port that would take down Puppy? Well.. because my port is blocked, I don't know what somebody ~could~ have done on the port. I already gave the example that somebody DID collect all the usernames on my computer by using a non-blocked standard SSH port. Was collecting usernames a hack? You'll have to decide your standard of what constitutes a "hack".
Pings are like life?
Kind of like life, isn't it?! If I breath, live, eat, and sleep, that makes me vulnerable to the bad guys. Being vulnerable to hackers is like getting old. Given the choice... I would rather...Bernie_by_the_Sea wrote:Actually pings are necessary for the Internet to work properly. Turn them off and they'll be things you can't do on the web. Turn them on and you can be found by hacker/crackers.
Firewall blocking what my computer sends.
Non-Puppy comment: I use free "Zone Alarm" to do this in Windows.miriam wrote:One point I'd like to learn more about is configuring the firewall to deny all programs, except certain ones I trust, access to the net.
System Threat
One last thought in this thread for this morning:
It's often not one specific thing (get through my firewall) that creates a threat. Here's an example where individual non-threat pieces built into enough of a threat that I secured my system.
I enabled the Haiwatha web server. Even opened up to respond to all IP addresses (like a honey pot, I was interested who was on the hotel network and would choose to browse into my computer).
Then I enabled the Puppy personal blog. All okay, until I READ the default files served up by the server and the blog. In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.
So, anybody could admin my blog, dump whatever they want there and as a minimum bury my computer in downloaded trash. That will crash any hard drive when it becomes full. Or the database will die first.
So... I went back and turned off the web server. OR, what I could have done is install a firewall so that only packets from within my local network could get to the web server Puppy. In this case, the firewall ~would~ have protected me. That's a pretty tangible example, I think. However, I solved the problem a different way.
However, I still run the Puppy firewall because it's overhead is a simple XOR statement against a port or IP number. Takes about a microsecond. I can afford that cost to cover my ~other~ braindead actions such as web serving my own blog post that gives my own password to the world.
It's often not one specific thing (get through my firewall) that creates a threat. Here's an example where individual non-threat pieces built into enough of a threat that I secured my system.
I enabled the Haiwatha web server. Even opened up to respond to all IP addresses (like a honey pot, I was interested who was on the hotel network and would choose to browse into my computer).
Then I enabled the Puppy personal blog. All okay, until I READ the default files served up by the server and the blog. In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.
So, anybody could admin my blog, dump whatever they want there and as a minimum bury my computer in downloaded trash. That will crash any hard drive when it becomes full. Or the database will die first.
So... I went back and turned off the web server. OR, what I could have done is install a firewall so that only packets from within my local network could get to the web server Puppy. In this case, the firewall ~would~ have protected me. That's a pretty tangible example, I think. However, I solved the problem a different way.
However, I still run the Puppy firewall because it's overhead is a simple XOR statement against a port or IP number. Takes about a microsecond. I can afford that cost to cover my ~other~ braindead actions such as web serving my own blog post that gives my own password to the world.
I think that should be brought to Barry K's attention somewhat urgently, as a security bug!increa wrote:In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.
Aitch
About Hiawatha:
I would think that anyone who runs a web server on their local machine would know that it should have a password set before it will start or at least give some warning if a password isn’t set.
I have no experience using the Hiawatha web server in Puppy Linux so I don’t know if it has a default password set up or not. If not then that may be a problem if the user starts it and no warning is given.
I would think that anyone who runs a web server on their local machine would know that it should have a password set before it will start or at least give some warning if a password isn’t set.
I have no experience using the Hiawatha web server in Puppy Linux so I don’t know if it has a default password set up or not. If not then that may be a problem if the user starts it and no warning is given.
-
- Posts: 94
- Joined: Tue 19 Apr 2011, 11:53
After doing research, i have found the solution for the flash cookies. There is actually an extension for firefox called "Betterprivacy"(essential). It is made specially for deleting super cookies and is very easy customizable. If your worried about javascript then theres "noscript"(nonessential). Another firefox add-on. Something else you can do is go into your about:config and look for dom.storage.enabled and set the value to false.
I also tried to find warning threads about malware. I searched other big distros like ubuntu forums, and nothing of course. This is linux i don't think the word "malware" exist in linux yet. You might want to include your sources when you make big claims like that bernie.
When html5 becomes a standard, then you can ditch flash
I also tried to find warning threads about malware. I searched other big distros like ubuntu forums, and nothing of course. This is linux i don't think the word "malware" exist in linux yet. You might want to include your sources when you make big claims like that bernie.
When html5 becomes a standard, then you can ditch flash