LightweightPortableSecurity vs Puppy - Puppy wins

For discussions about security.
Message
Author
CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#16 Post by CLAM01 »

Cowboy,

I should have put a string of emoticons after my question-marks, ending with the one I can never find, a smiley with a tin-hat on... LPS being developed by government for government, its FAQs are written for in-government readers, not us out here, so the "virtual GFE" means "a virtual computer a government employee can trust as a government owned and issued machine". I was spinning it out of context a bit...

I like especially LPS's feature to ignore everything except CPU and RAM for security. And the advice given in the FAQs and manual, telling the user how to maintain security, as, for example, for making secure banking transactions to start up, or reboot and connect to your bank immediately, before visiting anywhere else that you could pick up a kibitzer or companion. I like also that they seriously inform the user of their repo security, emphasize the importance of knowing where software you put in your computer was made and provide full hash data.

I've downloaded the "deluxe" version, with open office, adobe, etc. to try out. If it works as I expect, with the basic productivity apps and installed on a USB stick it should provide a take anywhere and just add computer fully secure personal pocket field-os.

Maybe the foundation, or inspiration, for a Paranoid Pup build...

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#17 Post by Lobster »

Puppy from a Live CD, the apps simply aren't there.
Boot. Connect. Run.
You can do this with both
In fact many distros now boot live, if a little slowly

Some distros are more complete.

Those interested in a 'bank mode' might wish to develop Fido
http://bkhome.org/blog/?viewDetailed=02240
and incorporate GROWL or use Wardog
http://puppylinux.org/wikka/security

:)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#18 Post by CLAM01 »

Lobster,

Puppy's primary security weakness is its unrestricted and unpoliced repositories structure. Anything can be built into a puppy, a pet or a puppy sfs. Users installing and using install and use what is in the package.

Puppy's second security weakness is the woof build system, because it provides a seemingly secure collection of system programs for all puplet builders to download and install. As with the unrestricted and unpoliced repositories, the woof system is potentially insecure, for being potentially, intentionally, misguidedly, "for security", or accidentally infected with malware, spyware, etc.

See, for instance, the "freedesktop" application, which is in woof, masquerading as a "bookmarking" app, but which appears to be more an event logger, which records what files a user accesses and where they are in a file owned by freedesktop, which can outload to a couple of http locations on the freedesktop site. I have not found any real bookmarking functionality in freedesktop, except bookmarking what I access in local files for freedesktop to be able to find for their having my local locations logged to their site.

Puppy's "root" user is not a security problem in itself because while puppies have two roots, "/" and "user-root", as all linux systems have, the "/" root is firewalled in the main sfs, essentially read-only, and loads fresh to ramdisk each boot. user-root can't modify "/" root. It can only black and white list and add accessory apps and mods by adding them to its pup-save, which tailors the "/" file in the virtual ram install. Viruses, malware, etc. slough on reboots, unless they have been saved to pup-save, which can be "rebooted" by delete-all emptying it, since puppy will refill it with unmodified, from the main sfs.

For this, puppy users' real dangers come from inclusions in things that are user-saved and let accumulate and things a builder may wittingly or unwittingly include in a build, or that may be in a program he's used in a build.

For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used). Open source, of course, means one may freely add spyware, too, if one wants to.

User avatar
cowboy
Posts: 250
Joined: Thu 03 Feb 2011, 22:04
Location: North America; the Western Hemisphere; Yonder

lps thoughts

#19 Post by cowboy »

CLAM01 wrote:Cowboy,

I should have put a string of emoticons after my question-marks, ending with the one I can never find, a smiley with a tin-hat on... LPS being developed by government for government, its FAQs are written for in-government readers, not us out here, so the "virtual GFE" means "a virtual computer a government employee can trust as a government owned and issued machine". I was spinning it out of context a bit...

I like especially LPS's feature to ignore everything except CPU and RAM for security. And the advice given in the FAQs and manual, telling the user how to maintain security, as, for example, for making secure banking transactions to start up, or reboot and connect to your bank immediately, before visiting anywhere else that you could pick up a kibitzer or companion. I like also that they seriously inform the user of their repo security, emphasize the importance of knowing where software you put in your computer was made and provide full hash data.

I've downloaded the "deluxe" version, with open office, adobe, etc. to try out. If it works as I expect, with the basic productivity apps and installed on a USB stick it should provide a take anywhere and just add computer fully secure personal pocket field-os.

Maybe the foundation, or inspiration, for a Paranoid Pup build...
CLAM01, sorry I didn't catch the humor in your first post, and you obviously know a good deal about security. Your "tin hat" reference is interesting, as often, if one does discuss security vis-a-vis Linux, immediate inferences are often made about the metallic headware. Yet there are concerns, primarily, for me, about software. I like the way you write about, and approach, security. Nothing too wacky, or alarmist, and with a good dose of common sense. Could use that around.
[i]"you fix what you can fix and you let the rest go.."[/i] - Cormac McCarthy - No Country For Old Men.

User avatar
cowboy
Posts: 250
Joined: Thu 03 Feb 2011, 22:04
Location: North America; the Western Hemisphere; Yonder

lps continued

#20 Post by cowboy »

CLAM01 wrote:
...Puppy's primary security weakness is its unrestricted and unpoliced repositories structure. Anything can be built into a puppy, a pet or a puppy sfs. Users installing and using install and use what is in the package.

Puppy's second security weakness is the woof build system, because it provides a seemingly secure collection of system programs for all puplet builders to download and install. As with the unrestricted and unpoliced repositories, the woof system is potentially insecure, for being potentially, intentionally, misguidedly, "for security", or accidentally infected with malware, spyware, etc.

...Puppy's "root" user is not a security problem in itself because while puppies have two roots, "/" and "user-root", as all linux systems have, the "/" root is firewalled in the main sfs, essentially read-only, and loads fresh to ramdisk each boot. user-root can't modify "/" root. It can only black and white list and add accessory apps and mods by adding them to its pup-save, which tailors the "/" file in the virtual ram install. Viruses, malware, etc. slough on reboots, unless they have been saved to pup-save, which can be "rebooted" by delete-all emptying it, since puppy will refill it with unmodified, from the main sfs.

For this, puppy users' real dangers come from inclusions in things that are user-saved and let accumulate and things a builder may wittingly or unwittingly include in a build, or that may be in a program he's used in a build.

Clam this ought to be stick-ied. You've summed up the biggest issue with Puppy security (the repository), and given one of the best defenses of running while root I've ever seen on the forum.

The repository issue is one that has always concerned me. I get around it pretty much by simply running stock Puppy. I rarely add anything to the initial release. On the rare instances I add a program, I only use the "official" repository on ibiblio, for whatever that is worth. However, one of the security features of Linux is supposed to be, well, eyeballs. The eyeballs of hundreds (thousands?) of developers skim over Ubuntu, or Slackware, or Arch, one supposes, and the nasties are put to the sword. I'll admit I'm unsure of the Puppy vetting process.
[i]"you fix what you can fix and you let the rest go.."[/i] - Cormac McCarthy - No Country For Old Men.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#21 Post by Lobster »

Lobster,

Puppy's primary security weakness is its unrestricted and unpoliced repositories structure. Anything can be built into a puppy, a pet or a puppy sfs. Users installing and using install and use what is in the package.
My policy of diving behind the sofa in a tin hat is not going to do it? :wink:

Would (for example) spup being built from Slackware binaries and only providing binaries from Slackware in PPM be potentially more 'policed?
Same question for a dpup?
Puppy's second security weakness is the woof build system, because it provides a seemingly secure collection of system programs for all puplet builders to download and install. As with the unrestricted and unpoliced repositories, the woof system is potentially insecure, for being potentially, intentionally, misguidedly, "for security", or accidentally infected with malware, spyware, etc.
Would that mean that systems such as TXZpup of Fatdog (outside of Woof) would be more secure or again trust in the developer is required?
The problem for me is knowledge. I believe the most likely compromises are already in the the Linux kernel or in major browsers. Perhaps in combination.
However I do not know and must rely on part time grayhats to point out where these are and how to circumnavigate them.

It would seem that a government sponsored 'secure system' is more of a target (because of the potential users)?
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

gcmartin

Security in Puppy not LPS security

#22 Post by gcmartin »

On the reference to Slackware and Debs, I think what Clam01 is sharing is that a PET/SFS could be built into the Puppy REPO stack which modifies a program/subsystem for some misuse.

This in essence takes a secure app and tailors it for some PET/SFS author's misuse.

This is along the same lines on this thread
Hope this helps.

User avatar
Turpin
Posts: 120
Joined: Wed 16 May 2007, 08:07

#23 Post by Turpin »

How much do you trust its security?
How much do you trust your government?

Bligh
Posts: 480
Joined: Sun 08 Jan 2006, 11:05
Location: California

#24 Post by Bligh »

I have run the basic version, I liked that it booted unattended to the desktop and connected to the net vie comcast digital. With the exception of the agreement. As someone else said, I am somewhat wary, I would prefer a Puppy like this. It appears to work well for it;s intended application. For me, I can just remove the internal hdd and run Puppy live. It would appear that it would be fairly easy to do this with Puppy for someone that knows how to do this. I haven't tried to save files to flash drive to see if that works.
Cheers

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#25 Post by CLAM01 »

Lobster,

I think woof and all puppy repos, are as secure as slackware or deb or any other reputable distro repos. In all cases the people who take linux packages apart and check through them are an important part of the security. The people who poke and prod and try things to see if they can make a hole or find a way to wiggle through are, too. A group of puppy code security enthusiasts doing those things with the packages in puppies and in woof would be good for woof and puppy security. I imagine diffing deb and slack and puppy packages between each other would eliminate the common parts, which could be assumed either not infected or all infected. Then the distro specific could be eliminated and only the remaining would need inspection.

The puppy community's problem with security in puppy is that it doesn't take it seriously. Puppy is, in itself, secure enough the community hasn't had to. It is mostly the potential, which is always there, which has to be watched out for. And developments that make things that once did not matter matter. For example, an event logger that locates and identifies files on a computer out in the net. With patent law changed to allow filers to claim patent, having files in computers identifiable elsewhere becomes potentially troublesome.

Salting bits into program parts is potentially not difficult. Developers when they are developing are focused to what they are developing. When they need something, a lib or other dependency, they grab it from where they can and add it, looking to see if it will make their program work. This makes dependencies a place to slip extra bits in. Not called and not interfering, the developer would not notice the added baggage.

Auto-updating mechanisms are dangerous. There has been a surge to make OSs auto-updating. Most browsers, too, are today auto-updating. Malware, spyware and so forth, if it can manipulate an auto-updating feature can install itself. I suspect some of the recent rapid version advancing by Firefox, for example, with equally rapid abandonment of older versions has been to patch vulnerabilities opened by auto-updating advances.

I prefer puppies to not auto-update. They traditionally did not because the main sfs file has to be 'unsquashed' to open it to add or change its contents, then has to be re-squashed. I consider puppies' resistances to sfs updating a key security feature. Auto-updating is currently popular and considered a 'modern' feature, so making puppy main sfs files updatable is being, or has been, worked on (I think tazOC succeeded in making lighthouse auto-updatable, to some extent, but I don't know if his auto-updating was of the sfs files or the pup-save).

I make md5 files for my pup sfs and put them in the folders with them so I can check for continuing sfs integrity periodically. So far I haven't found any changed, but I keep checking.

How far we can trust anything that is 'government sponsored' is a good question. Nowadays, when public servant integrity is justifiably discountable to somewhere below what a Wall Street rating agency would classify ZZZ-minus, if those agencies could be trusted to rate accurately the answer is generally not far. But it depends. For agencies with police powers and political and power agendas, such as "Homeland Security", the FBI, the CIA, any policing agency spying division, the answer is necessarily do not trust. I can't think of any law enforcement agency anywhere today that can be said to have any integrity. Today, even a person with absolute personal integrity, on joining with a policing agency will lose his integrity. Acting with integrity he will surprise people and be classified a misfit. This is unfortunate, but is the case.

The LPS OS of the Air Force, however, because its makers' purpose was to make themselves a secure environment, for their own and any other government users' use, to protect against penetration efforts from in or out of government, can probably be trusted. It appears they built the OS for real individual user security. For this I am pretty sure the files used to build and in the repositories have all been vetted for unwanted inclusions. That the OS was built not to spy but to protect from spying makes the difference.

The same OS, offered on an FBI website, I would assume to be spyware and would not touch it, even if I only used my computer on the internet to post a church bulletin: I have encountered computers used only that way, that had been botted and set up to be remote porn servers, and I have seen no signs yet of any policing agency, or any prosecutor's office, being interested to recognize victims of exploitations not criminals when there is an easy nab and a sure win, especially if there is name-in-the-papers potential, too ("Church Director Running Porn Server From Rectory"). I have also never seen a computer that a law enforcement agency could reach into that it did not reach into, looking just for what it could find that might be illegal. This kind of climate makes security a big deal for everyone, including the naive.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#26 Post by Lobster »

Auto-updating mechanisms are dangerous.
It was one of the reasons I started using Puppy. The auto-updating feature of programs such as 'ad-aware' were being targeted as were the update features of virus protectors.

Android, which I have just started using, makes use of auto updating and when you you install many free apps you give it permission to email your grandmother to spook central or the nearest bot server.

I am not sure what is being targeted these days but the browser contains such wonderful cross-OS potential. It is where I would be investing my javascripting roubles.

. . . meanwhile I notice this forum has been targeted again. This time by posts not from whom they are meant to be.

Strange days. :shock:
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#27 Post by PaulBx1 »

Its purpose is probably the installation of a keylogger in your Windows partition. :lol:

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#28 Post by PaulBx1 »

Its purpose is probably the installation of a keylogger in your Windows partition. :lol:

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#29 Post by PaulBx1 »

Its purpose is probably the installation of a keylogger in your Windows partition.

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#30 Post by CLAM01 »

Lobster,

Carried away in my paranoid hallucinations, I forgot to address the serious issue you raised, about diving behind the sofa. I have found that this works very well, provided you have a nice tin-foil sham on the back of the sofa. In my experience, drawn from experimentation, I have found that the dust-critters, the dust-bunnies, dust-kittens, dust-puppies, etc., under my sofa, suitably shammed, are saner than I am.

I am thinking to move forward from tin-foil to mylar now, though, since NASA uses mylar extensively and seems to be doing very well with it: They are sane enough they are suggesting starting a new web, one to be secure and for secure communicating entirely. At least abandoning the present web entirely to the animals, bugs and vermin, letting it be a jungle-playland for everyone mad enough to brave its perils, seems a sane idea to me.

It's what I do with puppies, running them with no securities but what is native through public wifis of all the least secure sorts, the kinds whose operators deliberately run them as man-in-the-middle, to see who is able to poke into what, and outload how and where. This is how most users use their computers. Those with ability and expertise to monitor and shield themselves are about one in a hundred-thousand, so the security of no security is where security has to begin. :)

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#31 Post by CLAM01 »

Lobster,

Carried away in my paranoid hallucinations, I forgot to address the serious issue you raised, about diving behind the sofa. I have found that this works very well, provided you have a nice tin-foil sham on the back of the sofa. In my experience, drawn from experimentation, I have found that the dust-critters, the dust-bunnies, dust-kittens, dust-puppies, etc., under my sofa, suitably shammed, are saner than I am.

I am thinking to move forward from tin-foil to mylar now, though, since NASA uses mylar extensively and seems to be doing very well with it: They are sane enough they are suggesting starting a new web, one to be secure and for secure communicating entirely. At least abandoning the present web entirely to the animals, bugs and vermin, letting it be a jungle-playland for everyone mad enough to brave its perils, seems a sane idea to me.

It's what I do with puppies, running them with no securities but what is native through public wifis of all the least secure sorts, the kinds whose operators deliberately run them as man-in-the-middle, to see who is able to poke into what, and outload how and where. This is how most users use their computers. Those with ability and expertise to monitor and shield themselves are about one in a hundred-thousand, so the security of no security is where security has to begin. :)

CLAM01
Posts: 82
Joined: Sat 22 May 2010, 04:05

#32 Post by CLAM01 »

Lobster,

Carried away in my paranoid hallucinations, I forgot to address the serious issue you raised, about diving behind the sofa. I have found that this works very well, provided you have a nice tin-foil sham on the back of the sofa. In my experience, drawn from experimentation, I have found that the dust-critters, the dust-bunnies, dust-kittens, dust-puppies, etc., under my sofa, suitably shammed, are saner than I am.

I am thinking to move forward from tin-foil to mylar now, though, since NASA uses mylar extensively and seems to be doing very well with it: They are sane enough they are suggesting starting a new web, one to be secure and for secure communicating entirely. At least abandoning the present web entirely to the animals, bugs and vermin, letting it be a jungle-playland for everyone mad enough to brave its perils, seems a sane idea to me.

It's what I do with puppies, running them with no securities but what is native through public wifis of all the least secure sorts, the kinds whose operators deliberately run them as man-in-the-middle, to see who is able to poke into what, and outload how and where. This is how most users use their computers. Those with ability and expertise to monitor and shield themselves are about one in a hundred-thousand, so the security of no security is where security has to begin.

User avatar
dru5k1
Posts: 72
Joined: Mon 12 Apr 2010, 01:15

#33 Post by dru5k1 »

CLAM01 wrote: For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used).
can I ask you to elaborate on what you said here please?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#34 Post by nooby »

dru5k1 wrote:
CLAM01 wrote: For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used).
can I ask you to elaborate on what you said here please?
Yes look for IP address of that one so we can check it up.

More likely it is the test with the server in MountainView google employee consult something. The guy everybody use because his server has a good uptime 99.999 or something. Him watching over it like a Hawk.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
tazoc
Posts: 1157
Joined: Mon 11 Dec 2006, 08:07
Location: Lower Columbia Basin WA US
Contact:

How is Lighthouse Pup compromised?

#35 Post by tazoc »

CLAM01 wrote:For this, puppy users' real dangers come from inclusions in things that are user-saved and let accumulate and things a builder may wittingly or unwittingly include in a build, or that may be in a program he's used in a build.

For an example, Lighthouse pup includes a compromised Firefox browser, which writes home on start up and permits botting (it appears to be some U.S. gov agency's compromise, from the way the botting is used). Open source, of course, means one may freely add spyware, too, if one wants to.
I have no idea what compromise you've found, and I did not include any spyware or web bots in LHP. The only 'writing home' it does is to check for available updates to Lighthouse shortly after login by downloading this small package list and comparing it with the previous one. Only does this once per day. Displays a brief pop-up with gtkdialog-splash if there are any new updates available. The actual updates, e.g., bug fixes or browser updates, are only transferred if user selects them in Lighthouse Update. This behavior can be disabled by deleting or moving /root/Startup/lhp-update-notifier into DisabledItems. This is described in the Lighthouse Update | Help dialog. The notifier script is at /usr/sbin/lhp-update-notifier.

It may have seemed to be Firefox because the notifier sleeps for 20 seconds and waits until an Internet connection is active before continuing. The connection is tested by pinging google or icanhazip.com with /usr/sbin/ifactive. The notifier tries the connection occasionally for 90 seconds and then exits. This is because WiFi connections can take a while to connect. LHP 5.03's browsers run as root, however Lighthouse 64 (in development) follows the prudent Fatdog 64 approach and runs the browsers as the unprivileged user spot by default.

Please PM the appropriate developer directly if you observe unusual behavior in any Pup. I think they will all be happy to clarify and/or improve security where necessary.
-TazOC
[url=http://www.lhpup.org/][b][size=100]lhpup.org[/size][/b] [img]http://www.lhpup.org/gallery/images/favicon.png[/img][/url] [url=http://www.lhpup.org/release-lhp.htm#602]Lighthouse 64 6.02[/url]

Post Reply