Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 02 Sep 2014, 03:01
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How safe is running from hard drive?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 4 [52 Posts]   Goto page: 1, 2, 3, 4 Next
Author Message
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sat 25 Jan 2014, 11:56    Post subject:  How safe is running from hard drive?  

Hi All,
I have had to do a full install of puppy Carolina onto my hard drive as cannot boot from USB and cd player is very unreliable and will boot only occasionally.. Can anybody tell me how safe this will be from outside threats,viruses ,malware etc,I have other computers running Windows 7 and 8 on the same internet connection.If not secure ,Can I make more so?
Back to top
View user's profile Send private message 
Galbi


Joined: 21 Sep 2011
Posts: 398
Location: Bs.As. - Argentina.

PostPosted: Sat 25 Jan 2014, 13:20    Post subject:  

Hello and welcome.

In general, Linux systems are very safe against those pests you mention. Specially because they are designed and targeted to Windows systems.

To be more secure you can activate the firewall (supposing you haven't done that yet).

Greetings.

_________________
Remember: "pecunia pecuniam parere non potest"
Back to top
View user's profile Send private message 
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sat 25 Jan 2014, 13:39    Post subject: Running from Hard drive
Subject description: thanks Galbi
 

Hi Galbi,

Thanks for the reply. .I have heard that Linux is safer than some others and yes I do have the firewall on.
I was mainly concerned that running as root seemed to be like running as administrator in windows and not good.I am a bit security scared and always have several security programs on Windows.Guess I miss them with Puppy.

Thanks again for your help.
Very Happy
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4231
Location: Gatineau (Qc), Canada

PostPosted: Sat 25 Jan 2014, 14:46    Post subject:  

Hello, Oh Carolina.

To expand a bit on shat Galbi said, Linux is more secure than Windows because
of a couple of things:

    the Linux folder structure is different from the W. folder structure, so a malware
    designed for W. will 99 % likely hit and miss on a Linux;

    on Linux, each and every folder AND executable requires a permission to run
    and/or be used, so again, a W. malware will 99 % likely hit and miss, because it's
    targeting places or executables that Linux doesn't have.

    Finally, and this is perhaps the killer argument, a W. malware written on W. cannot
    run on Linux. Linux cannot execute a W. program natively, period.


To increase security at this level, you may remove the "access from world" option
from any folder or executable. (More on this later.)

What's left now are spying bots and the like that are Internet-based.

To protect yourself against those, you may want to:
    use an add-on to your browser such as AdBlockPlus

    run your browser as user "spot"

    get the latest "hosts" file from mvps.org or from a similar reliable source and
    copy it to /etc/hosts

    clean up your "cookies" after each Internet session

    not open/delete any e-mail from unverified senders.


For an individual Linux user, I believe that the above should provide more than
adequate protection, even on a full install.

For the record, Mr. Barry Kauler, the inventor/author of PuppyLinux, teamed up with
an Internet connection expert 4-5 years ago to see if Puppy was vulnerable from
the Internet. There was a concern because Puppy defaults to "root" user (aka
"administrator"), instead of "some-name" user. It turned out that all the ports Puppy
uses to roam the Internet are "invisible" to an outside user on the Internet. So
PuppyLinux is entirely secure at that level.

Of course, all of the above doesn't preclude that a witty hacker who knows Puppy
well would want to have fun with / make fun of anyone using the OS by trying to
break the Puppy, but that's the field of ethics and/or law rather than the field of
computer techniques. Generally speaking, PuppyLinux is very well designed, and
can resist pretty much all malware.

Finally, please remember that the ultimate protection, for any computer system, is
always a full "yesterday" back-up that you've tucked somewhere safe! Very Happy

I hope this will help to alleviate your concerns. Best regards.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)

Last edited by musher0 on Sat 25 Jan 2014, 16:36; edited 3 times in total
Back to top
View user's profile Send private message Visit poster's website 
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sat 25 Jan 2014, 15:37    Post subject:  

Hi Musher0,

Thanks for helping a beginner.I've installed AdblockPlus as suggested but am unsure how to do the other things you advise.Would you explain the procedures please?If you have the time of course.

once again thanks ,and BFN

Oh Carolina
'D')
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8230

PostPosted: Sat 25 Jan 2014, 15:58    Post subject:  

Or do absoulutely nothing like I have since using linux several years ago.
Use old software and never bother with a firewall.

basically you lack internet explorer, outlook express and windows messenger...activex, netbios, mshta, htmlhelp,update, zone system,dcom, and so on ..malware has so many options to give you the nasties.

Linux is simply safer as it lacks such gateways...if the malware cannot get in then it ceases to be a threat. Windows is too easy a target why bother trying to crack a system that lacks options to do so.

mike
Back to top
View user's profile Send private message 
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sat 25 Jan 2014, 16:11    Post subject: How safe is running from hard drive?
Subject description: thanks,
 

Hi Mike,

Thanks ,that's reassuring but I'm a "belt and braces kind of person" .I like to take my Umbrella even if the forecast is fine.

BFN

Oh Carolina Very Happy
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Sat 25 Jan 2014, 16:11    Post subject:  

Oh Carolina wrote:
...I've installed AdblockPlus as suggested

Also add NoScript ... http://en.wikipedia.org/wiki/NoScript then you whitelist the sites you permit to use things like JavaScript and Adobe Flashplayer which can be security weaknesses.

adding WOT is worth considering ... http://en.wikipedia.org/wiki/WOT_Services , it red-lights links to dodgy websites you may accidentally click on.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4231
Location: Gatineau (Qc), Canada

PostPosted: Sat 25 Jan 2014, 16:32    Post subject:  

Hello, again, Oh Carolina.

The simplest way to cancel world-access to your folders is:

Open the ROX-Filer. Go to the very top by clicking the up arrow next to the house
icon as many times as needed. (That's where all the main folders are listed. A hint
is that ROX-Filer won't go any higher.)

Right-click on, say, the /root folder. A secondary menu pops up.

Click "properties". The sub-menu closes and a little panel pops up. At the bottom of
that, you will see 3 lines: owner, group and world.

Untick the boxes on the "world" line. They should all be empty now. ROX may ask
"Do you want to change the ownership to all files in sub-folders?" (I don't remember
the exact wording.) I would suggest answering yes.

That's it.

Now this will make your /root folder un-changeable even from yourself if you are
trying to do so from another Linux or Puppy. Remember: even from yourself if you
try to access it from any other Linux. To change anything in this /root folder now,
you now have to be in this particular Puppy: this is exactly what we want, don't we?

The procedure is similar for all other folders.

A note, here:
Do not try to protect your "/" folder in this way through console or by highlighting all
the folders in that level of the ROX-Filer. It will freeze your Puppy. I don't really
know why, but it does.

Now, depending on the size of the folder it may take up to a minute, even two,
to complete the procedure.

~~~~~~~~~~~~~~~

http://winhelp2002.mvps.org/hosts.htm is an excellent source for the hosts
file. The programmer there is always updating the file.

An easy way is to open the "text" version in your folder and save it directly in your
/etc folder as a text file. Now this file will be named "HOSTS", in capitals.

Next step is to open a console and type
Code:
cd /etc


Make sure you are there by typing
Code:
pwd


Now back-up the original hosts (the default Puppy one) by typing
Code:
mv hosts hosts.bkp


Now "assimilate" the new HOSTS file in the Puppy by typing
Code:
mv HOSTS hosts


Now type
Code:
defaulttexteditor hosts hosts.bkp &

Both files appear in your editor.

Now in the hosts.bkp file (the original Puppy one), you will see a line such as
Quote:
127.0.0.1 localhost puppypc54321


Copy the "puppypc-number" part.

Now go to the new hosts file in your editor.You will see a similar line just
underneath the initial comments.
Quote:
127.0.0.1 localhost

Paste the puppypc-number part just after the "localhost". Make sure there is a
space between the two (between "localhost" and "puppypc-number").

(Don't copy the above number, it's given as an example. It's a dummy number, your
Puppy has its own.)

That's it. Close your editor.

AFAIK, this is required to speed-up the ROX-Filer. ROX will look there instead of
trying to connect to its home site, rox.sourceforge.net.

You don't need to activate anything. The hosts file is recognized automatically by
any and all browsers as soon as you put it in place in /etc.
~~~~~~~~~

Phew, I need a coffee! Smile Next lesson tomorrow!
I hope this helps. BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
mikeb


Joined: 23 Nov 2006
Posts: 8230

PostPosted: Sat 25 Jan 2014, 17:36    Post subject:  

That's no problem.

I happen to run windows without antivirus, zone alarm, firewall or updates by disabling or removing the parts mentioned and have had not one virus in 10 years which sort of confirms why linux enjoys this higher level of security....but I am an odd bod. Very Happy

ok I will skip off into thee sunset

mike
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 703

PostPosted: Sat 25 Jan 2014, 19:26    Post subject:  

It's still possible for malware to be injected into the browser , even on a Linux computer. Like a hidden addon to the browser which functions as a keylogger , to or redirect your browser (browser hijack).

The NoScript addon is very effective at preventing that sort of thing.
Back to top
View user's profile Send private message 
NickAu


Joined: 30 Dec 2013
Posts: 186
Location: Far North Coast NSW ɹǝpunuʍop

PostPosted: Sat 25 Jan 2014, 19:35    Post subject:  

I have a stupid question.

After having read how stuff written for W.os cant run on linux because of this and that and the other . Dose that include wine? The reason I ask is because if i download a W,os .exe and double click it the exe runs as if it was in W.os native enviroment. Eg when i installed MS office all i did was insert the dvd with office on it, I just clicked the exe and ms office ran the same set up as it would in W.os.

I also installed.
Paltalk(a chat client)
Telstra mobile 3g broad band setup exe.
and have run several progs coded in VB.NET that also seem to run fine in linux ( Wine)without any install needed.

_________________
Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8230

PostPosted: Sat 25 Jan 2014, 19:56    Post subject:  

not a stupid question.

The damage might be limited to the wine folder and doing things like getting IE running on it are not a good idea. WineHQ suggest it should not be run as root anyway. Its not an emulator... the windows functions are ported to elf so its in effect direct code.

As it happens i had a game or 2 that managed to damage the MBR under certain conditions (c:mounted...game on it but not always) Not had it happen recently but I used to have to rewrite the mbr to restore booting.

Quote:

It's still possible for malware to be injected into the browser , even on a Linux computer. Like a hidden addon to the browser which functions as a keylogger , to or redirect your browser (browser hijack).

do you have some examples ..eg addons to avoid for example? sites that do this... what approval messages to be wary off before adding an addon?

Linux is not immune to user added crap but it does lack the auto behind your back stuff...common sense still applies.
It also, at least the distros i have tried, does not do the really, really stupid thing of running executables on optical and flash media automatically.

Interesting the comment of file structure immunity...after removing IE and stuff i did deliberately try some known dodgy sites and emails and the result was usually binary running at 100% trying desparately to use parts of the system that no longer existed..... stop and delete stuff but not infecting on mass...the target is usually the same gateways that let malware in as of course those same mechanisms allow its reproduction on other systems.

Also media is just media...on linux there is no attempt to run scripts in images and video/audio files...another standard windows favourite especially through outlook express.

mike
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4231
Location: Gatineau (Qc), Canada

PostPosted: Sat 25 Jan 2014, 21:13    Post subject:  

Hi, mikeb.

You wrote:
Quote:
> Interesting the comment of file structure immunity...


It's sort of obvious, to me, anyway. Let's say that you have a W. malware with
Code:
del C:\*.*

Well, C:\ doesn't exist on Linux, and neither does the command "del".

So the W. hacker who wanted to delete your entire C:\ drive is clearly out of luck
on a Linux system! Razz

BFN.

musher0

~~~~~~~~~
@NickAu:

I'm not using wine programs as much as I used to, so take the following with a
grain of salt. Perhaps ask a more expert opinion?

In any case, I believe that it's theoretically possible for some W. malware to affect
the wine programs and structure (in particular, the pseudo-C:\ drive created by wine).
For the rest, "C:\" doesn't mean anything in Linux, and neither does "del".

Assuming that it's possible for a malware to infect or delete the "drive_c" structure
in wine, it would be logical for the malware to stop when there is no more W.-like
structure or programs to delete.

Also, let's always remember that a "full 'yesterday' back-up" works wonders to
restore any OS. So, what are we waiting for, people? Back-up every day if possible.

Every Puppy user should have the iso for his/her Puppy version, so that takes care
of that. Then, all that's left to back-up is your pupsave file which is easy enough to
copy to another location.

I never work on a fuill install by principle, but for a full install, maybe have a second
partition on which you "tar.gz"-ize the Linux system on the first partition? Or transfer
the "targized" files on a DVD. That'll work, too. Everybody including me feels a lot
less paranoid and a lot more secure with a good recent back-up.

BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
NickAu


Joined: 30 Dec 2013
Posts: 186
Location: Far North Coast NSW ɹǝpunuʍop

PostPosted: Sat 25 Jan 2014, 21:29    Post subject:  

My specific concearn W.os exe with a key logger.
In W.os a key logger is usually hidden in another prog,And runs in the background. At first yes you had to click the exe. But then some script kiddie came up the the idea of hiding the exe in a jpg or powerpoint presentation etc and by clicking say the jpg to see the picture you also ran the keylogger in the background.

Anybody who is familiar with yahoo chat and the anti yahoo websites will be familiar with yahoo tools coded in vb6 VB.NET that were full of key loggers and trojans. Yahoo ids were worth big bucks and there were brute force cracking tools ( still are) that were used with proxy's to crack Id's.

I don't use any of that stuff anyway so I am safe there.

But wonder if I dl an infected Powerpoint or JPG could it still execute in the background in wine with out me knowing.

Self testing a known safe prog ( made in VB.NET) I notice explorer.exe and wine in the processes on my conky So I guess If I am not running wine and I see it in the process list something is wrong . Memo to self remove Wine as I dont need it.

_________________
Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 4 [52 Posts]   Goto page: 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1168s ][ Queries: 12 (0.0120s) ][ GZIP on ]