How safe is running from hard drive?

[Oh Carolina]

Hi All,
I have had to do a full install of puppy Carolina onto my hard drive as cannot boot from USB and cd player is very unreliable and will boot only occasionally.. Can anybody tell me how safe this will be from outside threats,viruses ,malware etc,I have other computers running Windows 7 and 8 on the same internet connection.If not secure ,Can I make more so?

[Galbi]

Hello and welcome.

In general, Linux systems are very safe against those pests you mention. Specially because they are designed and targeted to Windows systems.

To be more secure you can activate the firewall (supposing you haven't done that yet).

Greetings.

[Oh Carolina]

Hi Galbi,

Thanks for the reply. .I have heard that Linux is safer than some others and yes I do have the firewall on.
I was mainly concerned that running as root seemed to be like running as administrator in windows and not good.I am a bit security scared and always have several security programs on Windows.Guess I miss them with Puppy.

Thanks again for your help.

[musher0]

Hello, Oh Carolina.

To expand a bit on shat Galbi said, Linux is more secure than Windows because
of a couple of things:

• the Linux folder structure is different from the W. folder structure, so a malware
  designed for W. will 99 % likely hit and miss on a Linux;
  
  on Linux, each and every folder AND executable requires a permission to run
  and/or be used, so again, a W. malware will 99 % likely hit and miss, because it's
  targeting places or executables that Linux doesn't have.
  
  Finally, and this is perhaps the killer argument, a W. malware written on W. cannot
  run on Linux. Linux cannot execute a W. program natively, period.

To increase security at this level, you may remove the "access from world" option
from any folder or executable. (More on this later.)

What's left now are spying bots and the like that are Internet-based.

To protect yourself against those, you may want to:

• use an add-on to your browser such as AdBlockPlus
  
  run your browser as user "spot"
  
  get the latest "hosts" file from mvps.org or from a similar reliable source and
  copy it to /etc/hosts
  
  clean up your "cookies" after each Internet session
  
  not open/delete any e-mail from unverified senders.

For an individual Linux user, I believe that the above should provide more than
adequate protection, even on a full install.

For the record, Mr. Barry Kauler, the inventor/author of PuppyLinux, teamed up with
an Internet connection expert 4-5 years ago to see if Puppy was vulnerable from
the Internet. There was a concern because Puppy defaults to "root" user (aka
"administrator"), instead of "some-name" user. It turned out that all the ports Puppy
uses to roam the Internet are "invisible" to an outside user on the Internet. So
PuppyLinux is entirely secure at that level.

Of course, all of the above doesn't preclude that a witty hacker who knows Puppy
well would want to have fun with / make fun of anyone using the OS by trying to
break the Puppy, but that's the field of ethics and/or law rather than the field of
computer techniques. Generally speaking, PuppyLinux is very well designed, and
can resist pretty much all malware.

Finally, please remember that the ultimate protection, for any computer system, is
always a full "yesterday" back-up that you've tucked somewhere safe!

I hope this will help to alleviate your concerns. Best regards.

musher0

[Oh Carolina]

Hi Musher0,

Thanks for helping a beginner.I've installed AdblockPlus as suggested but am unsure how to do the other things you advise.Would you explain the procedures please?If you have the time of course.

once again thanks ,and BFN

Oh Carolina
'D')

[mikeb]

Or do absoulutely nothing like I have since using linux several years ago.
Use old software and never bother with a firewall.

basically you lack internet explorer, outlook express and windows messenger...activex, netbios, mshta, htmlhelp,update, zone system,dcom, and so on ..malware has so many options to give you the nasties.

Linux is simply safer as it lacks such gateways...if the malware cannot get in then it ceases to be a threat. Windows is too easy a target why bother trying to crack a system that lacks options to do so.

mike

[Oh Carolina]

Hi Mike,

Thanks ,that's reassuring but I'm a "belt and braces kind of person" .I like to take my Umbrella even if the forecast is fine.

BFN

Oh Carolina

[Barkin]

...I've installed AdblockPlus as suggested

Also add NoScript ... http://en.wikipedia.org/wiki/NoScript then you whitelist the sites you permit to use things like JavaScript and Adobe Flashplayer which can be security weaknesses.

adding WOT is worth considering ... http://en.wikipedia.org/wiki/WOT_Services , it red-lights links to dodgy websites you may accidentally click on.

[musher0]

Hello, again, Oh Carolina.

The simplest way to cancel world-access to your folders is:

Open the ROX-Filer. Go to the very top by clicking the up arrow next to the house
icon as many times as needed. (That's where all the main folders are listed. A hint
is that ROX-Filer won't go any higher.)

Right-click on, say, the /root folder. A secondary menu pops up.

Click "properties". The sub-menu closes and a little panel pops up. At the bottom of
that, you will see 3 lines: owner, group and world.

Untick the boxes on the "world" line. They should all be empty now. ROX may ask
"Do you want to change the ownership to all files in sub-folders?" (I don't remember
the exact wording.) I would suggest answering yes.

That's it.

Now this will make your /root folder un-changeable even from yourself if you are
trying to do so from another Linux or Puppy. Remember: even from yourself if you
try to access it from any other Linux. To change anything in this /root folder now,
you now have to be in this particular Puppy: this is exactly what we want, don't we?

The procedure is similar for all other folders.

A note, here:
Do not try to protect your "/" folder in this way through console or by highlighting all
the folders in that level of the ROX-Filer. It will freeze your Puppy. I don't really
know why, but it does.

Now, depending on the size of the folder it may take up to a minute, even two,
to complete the procedure.

~~~~~~~~~~~~~~~

http://winhelp2002.mvps.org/hosts.htm is an excellent source for the hosts
file. The programmer there is always updating the file.

An easy way is to open the "text" version in your folder and save it directly in your
/etc folder as a text file. Now this file will be named "HOSTS", in capitals.

Next step is to open a console and type

Code: Select all

cd /etc

Make sure you are there by typing

Code: Select all

pwd

Now back-up the original hosts (the default Puppy one) by typing

Code: Select all

mv hosts hosts.bkp

Now "assimilate" the new HOSTS file in the Puppy by typing

Code: Select all

mv HOSTS hosts

Now type

Code: Select all

defaulttexteditor hosts hosts.bkp &

Both files appear in your editor.

Now in the hosts.bkp file (the original Puppy one), you will see a line such as

127.0.0.1 localhost puppypc54321

Copy the "puppypc-number" part.

Now go to the new hosts file in your editor.You will see a similar line just
underneath the initial comments.

127.0.0.1 localhost

Paste the puppypc-number part just after the "localhost". Make sure there is a
space between the two (between "localhost" and "puppypc-number").

(Don't copy the above number, it's given as an example. It's a dummy number, your
Puppy has its own.)

That's it. Close your editor.

AFAIK, this is required to speed-up the ROX-Filer. ROX will look there instead of
trying to connect to its home site, rox.sourceforge.net.

You don't need to activate anything. The hosts file is recognized automatically by
any and all browsers as soon as you put it in place in /etc.
~~~~~~~~~

Phew, I need a coffee! Next lesson tomorrow!
I hope this helps. BFN.

musher0

[mikeb]

That's no problem.

I happen to run windows without antivirus, zone alarm, firewall or updates by disabling or removing the parts mentioned and have had not one virus in 10 years which sort of confirms why linux enjoys this higher level of security....but I am an odd bod.

ok I will skip off into thee sunset

mike

[Barkin]

It's still possible for malware to be injected into the browser , even on a Linux computer. Like a hidden addon to the browser which functions as a keylogger , to or redirect your browser (browser hijack).

The NoScript addon is very effective at preventing that sort of thing.

[NickAu]

I have a stupid question.

After having read how stuff written for W.os cant run on linux because of this and that and the other . Dose that include wine? The reason I ask is because if i download a W,os .exe and double click it the exe runs as if it was in W.os native enviroment. Eg when i installed MS office all i did was insert the dvd with office on it, I just clicked the exe and ms office ran the same set up as it would in W.os.

I also installed.
Paltalk(a chat client)
Telstra mobile 3g broad band setup exe.
and have run several progs coded in VB.NET that also seem to run fine in linux ( Wine)without any install needed.

[mikeb]

not a stupid question.

The damage might be limited to the wine folder and doing things like getting IE running on it are not a good idea. WineHQ suggest it should not be run as root anyway. Its not an emulator... the windows functions are ported to elf so its in effect direct code.

As it happens i had a game or 2 that managed to damage the MBR under certain conditions (c:mounted...game on it but not always) Not had it happen recently but I used to have to rewrite the mbr to restore booting.

It's still possible for malware to be injected into the browser , even on a Linux computer. Like a hidden addon to the browser which functions as a keylogger , to or redirect your browser (browser hijack).

do you have some examples ..eg addons to avoid for example? sites that do this... what approval messages to be wary off before adding an addon?

Linux is not immune to user added crap but it does lack the auto behind your back stuff...common sense still applies.
It also, at least the distros i have tried, does not do the really, really stupid thing of running executables on optical and flash media automatically.

Interesting the comment of file structure immunity...after removing IE and stuff i did deliberately try some known dodgy sites and emails and the result was usually binary running at 100% trying desparately to use parts of the system that no longer existed..... stop and delete stuff but not infecting on mass...the target is usually the same gateways that let malware in as of course those same mechanisms allow its reproduction on other systems.

Also media is just media...on linux there is no attempt to run scripts in images and video/audio files...another standard windows favourite especially through outlook express.

mike

[musher0]

Hi, mikeb.

You wrote:

> Interesting the comment of file structure immunity...

It's sort of obvious, to me, anyway. Let's say that you have a W. malware with

Code: Select all

del C:\*.* 

Well, C:\ doesn't exist on Linux, and neither does the command "del".

So the W. hacker who wanted to delete your entire C:\ drive is clearly out of luck
on a Linux system!

BFN.

musher0

~~~~~~~~~
@NickAu:

I'm not using wine programs as much as I used to, so take the following with a
grain of salt. Perhaps ask a more expert opinion?

In any case, I believe that it's theoretically possible for some W. malware to affect
the wine programs and structure (in particular, the pseudo-C:\ drive created by wine).
For the rest, "C:\" doesn't mean anything in Linux, and neither does "del".

Assuming that it's possible for a malware to infect or delete the "drive_c" structure
in wine, it would be logical for the malware to stop when there is no more W.-like
structure or programs to delete.

Also, let's always remember that a "full 'yesterday' back-up" works wonders to
restore any OS. So, what are we waiting for, people? Back-up every day if possible.

Every Puppy user should have the iso for his/her Puppy version, so that takes care
of that. Then, all that's left to back-up is your pupsave file which is easy enough to
copy to another location.

I never work on a fuill install by principle, but for a full install, maybe have a second
partition on which you "tar.gz"-ize the Linux system on the first partition? Or transfer
the "targized" files on a DVD. That'll work, too. Everybody including me feels a lot
less paranoid and a lot more secure with a good recent back-up.

BFN.

musher0

[NickAu]

My specific concearn W.os exe with a key logger.
In W.os a key logger is usually hidden in another prog,And runs in the background. At first yes you had to click the exe. But then some script kiddie came up the the idea of hiding the exe in a jpg or powerpoint presentation etc and by clicking say the jpg to see the picture you also ran the keylogger in the background.

Anybody who is familiar with yahoo chat and the anti yahoo websites will be familiar with yahoo tools coded in vb6 VB.NET that were full of key loggers and trojans. Yahoo ids were worth big bucks and there were brute force cracking tools ( still are) that were used with proxy's to crack Id's.

I don't use any of that stuff anyway so I am safe there.

But wonder if I dl an infected Powerpoint or JPG could it still execute in the background in wine with out me knowing.

Self testing a known safe prog ( made in VB.NET) I notice explorer.exe and wine in the processes on my conky So I guess If I am not running wine and I see it in the process list something is wrong . Memo to self remove Wine as I dont need it.

[musher0]

Hi, NickAu.

Using your expression (I love it!), a "Linux script kiddie" could just as well write a
keylogger for Linux, for that matter, to know what you or I are doing at the moment,
and make some bucks selling the info to the NSA, its Canadian affiliate the CSEC,
Google Analytics, or some major advertiser, or whomever.

I doubt that that info would be of any interest, but still, it's theoretically possible!

If you have confidentiality concerns, load your jpg in mtpaint for Linux and your
powerpoint in OpenOffice for Linux, and re-save them from the Linux program. in
other words use Linux programs whenever possible.

Better still, Linux has versions of anti-malware programs that you can use directly
from a Linux system on various Windows files (can't remember the precise names
at the moment, but they do exist). So use those on the files before you load the
files in your Linux system if you prefer to work that way.

Worthy of mention: nowadays all major Internet providers scan the files that transit
through them with an anti-virus.

Linux is generally 500 % more secure than W., but an evil-minded Linux user
could still try to do us harm through our computers.

We have to be careful with our fears, they can become paranoia in no time.

Let's use our rational mind here. Why would two Puppy forum contributors (e. g.
you and me) exchanging on a technical subject be of interest to anyone except
Puppy-ists?

The OpenBSD site says that they detected only two risks in their system in the
past 10 years. Maybe we should all migrate to OpenBSD?

Then again, OpenBSD has been reported to be the system used by CSIS (the
Canadian CIA), and funded by them in the early years. Is that myth or reality,
nobody knows... So maybe if you use OpenBSD, Canadian spies will be all over
your computer?

Are you getting my meaning? If you start on a "fear" slope like that, who knows
when and where you'll stop? Even the safest OS will appear to you as wanting
with regards to security.

In short, I don't think we should be overly concerned if we are honest citizens and
if we follow general practices of "safe computing" as outlined above in this thread.

Best regards. BFN.

musher0

[musher0]

Hi, NickAu.

Me again. Not that you'd need any of them, IMO, but here's a starting page for a
search on < Linux anti-virus > :

http://www.info.com/searchw?qkw=linux+a ... &qhqn=&KW=

As I said, it's not that you need any anti-virus if your main system is a Linux system,
but if you're a professional designer or writer of some sort working on Linux, you
might still want to scan your clients' files as a courtesy to them, to re-assure them
that the files you send back to them are virus-free.

Besides, if you're a professional, you also want to have the reputation of being a
responsible Internet citizen to keep your clients.

BFN.

musher0

[NickAu]

Thank you for the reply.
And yes i get a lot of files from W.os users that may or may not be infected and occasionally forward them on. Thats why I asked.And I use wine.

Worthy of mention: nowadays all major Internet providers scan the files that transit
through them with an anti-virus.

Can you say crypotlocker? ( comes as an email attachment) they may be able to do it but I doubt they are.

http://en.wikipedia.org/wiki/CryptoLocker

I see ClamAV in ppm cool. I know it from W.os too.
Sorry if im a pain in the a** but other than a few attempts at mint and unbuntu im a fish out of water on linux.

[musher0]

Hello, NickAu.

Thinking about your keylogger possibility, I thought of reviving the link to my lsof pet.

Here's lsof: http://limelinx.com/fkh2m

It's sort of like ps but more complete. (The ps command lists all programs running in
the computer's memory.)

lsof lists all your open programs, Internet and printer ports, everything, with more info
than ps.

You run it in console. To know which Internet ports are open at any given moment,
type

Code: Select all

lsof -i

Typing < lsof > on its own will give you a list about a mile long...

More info here: http://murga-linux.com/puppy/viewtopic. ... 409#710409
on a "security" thread similar to this one.

The opera browser typically opens 4 ports for itself, firefox as many as 8 ports. If you
have a keylogger, it will show an as additional URL. (Never happened to me, though.)

Feeling like a fish out of water, eh? Reminds me of my early days with Puppy, every-
thing seemed so strange, 5 years ago now. But please stick with us a while, you'll see
that Puppy is not that difficult; once you get accustomed to it, some things will even
appear simpler in Puppy than in W. Also, the bunch here is very friendly and helpful;
and that's a real bonus.

BFN.

musher0

[musher0]

Hello again, NickAu.

Just read your info on cryptolocker. Ouch. At the bottom of the article, it says that the
thieves pocketed 27 million US dollars in +/- six months doing this? Re-ouch.

However, as wikipedia says, it's targeting only Windows computers.

Nevertheless, it would be good practice to backup all your important files on a separate
Linux partition, and then unmount that partition for the day. Re-open that partition only
as necessary, to do the next back-up. That way, you keep your files -- and your clients
-- safe.

If you don't have a large hard drive you can divide into partitions, a thumb drive
especially for this purpose will do fine. When finished with your back-up, unmount and
remove the thumb drive. I imagine you already know this.

If the partition is closed, not connected or even not there, no one can access it, even
by accident.

BFN.

musher0