Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 23 Aug 2014, 09:34
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How safe is running from hard drive?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 4 [52 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Author Message
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Sat 25 Jan 2014, 22:40    Post subject:  

Hi, NickAu.

Using your expression (I love it!), a "Linux script kiddie" could just as well write a
keylogger for Linux, for that matter, to know what you or I are doing at the moment,
and make some bucks selling the info to the NSA, its Canadian affiliate the CSEC,
Google Analytics, or some major advertiser, or whomever.

I doubt that that info would be of any interest, but still, it's theoretically possible! Wink

If you have confidentiality concerns, load your jpg in mtpaint for Linux and your
powerpoint in OpenOffice for Linux, and re-save them from the Linux program. in
other words use Linux programs whenever possible.

Better still, Linux has versions of anti-malware programs that you can use directly
from a Linux system on various Windows files (can't remember the precise names
at the moment, but they do exist). So use those on the files before you load the
files in your Linux system if you prefer to work that way.

Worthy of mention: nowadays all major Internet providers scan the files that transit
through them with an anti-virus.

Linux is generally 500 % more secure than W., but an evil-minded Linux user
could still try to do us harm through our computers.

We have to be careful with our fears, they can become paranoia in no time.

Let's use our rational mind here. Why would two Puppy forum contributors (e. g.
you and me) exchanging on a technical subject be of interest to anyone except
Puppy-ists?

The OpenBSD site says that they detected only two risks in their system in the
past 10 years. Maybe we should all migrate to OpenBSD?

Then again, OpenBSD has been reported to be the system used by CSIS (the
Canadian CIA), and funded by them in the early years. Is that myth or reality,
nobody knows... So maybe if you use OpenBSD, Canadian spies will be all over
your computer?

Are you getting my meaning? If you start on a "fear" slope like that, who knows
when and where you'll stop? Even the safest OS will appear to you as wanting
with regards to security.

In short, I don't think we should be overly concerned if we are honest citizens and
if we follow general practices of "safe computing" as outlined above in this thread.

Best regards. BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Sat 25 Jan 2014, 22:49    Post subject:  

Hi, NickAu.

Me again. Not that you'd need any of them, IMO, but here's a starting page for a
search on < Linux anti-virus > :

http://www.info.com/searchw?qkw=linux+anti-virus&qcat=web&q=&qhqn=&KW=

As I said, it's not that you need any anti-virus if your main system is a Linux system,
but if you're a professional designer or writer of some sort working on Linux, you
might still want to scan your clients' files as a courtesy to them, to re-assure them
that the files you send back to them are virus-free.

Besides, if you're a professional, you also want to have the reputation of being a
responsible Internet citizen to keep your clients.

BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
NickAu


Joined: 30 Dec 2013
Posts: 186
Location: Far North Coast NSW ɹǝpunuʍop

PostPosted: Sat 25 Jan 2014, 23:15    Post subject:  

Thank you for the reply.
And yes i get a lot of files from W.os users that may or may not be infected and occasionally forward them on. Thats why I asked.And I use wine.

Quote:
Worthy of mention: nowadays all major Internet providers scan the files that transit
through them with an anti-virus.


Can you say crypotlocker? ( comes as an email attachment) they may be able to do it but I doubt they are.

http://en.wikipedia.org/wiki/CryptoLocker

I see ClamAV in ppm cool. I know it from W.os too.
Sorry if im a pain in the a** but other than a few attempts at mint and unbuntu im a fish out of water on linux.

_________________
Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Sun 26 Jan 2014, 00:46    Post subject:  

Hello, NickAu.

Thinking about your keylogger possibility, I thought of reviving the link to my lsof pet.

Here's lsof: http://limelinx.com/fkh2m

It's sort of like ps but more complete. (The ps command lists all programs running in
the computer's memory.)

lsof lists all your open programs, Internet and printer ports, everything, with more info
than ps.

You run it in console. To know which Internet ports are open at any given moment,
type
Code:
lsof -i


Typing < lsof > on its own will give you a list about a mile long...

More info here: http://murga-linux.com/puppy/viewtopic.php?p=710409#710409
on a "security" thread similar to this one.

The opera browser typically opens 4 ports for itself, firefox as many as 8 ports. If you
have a keylogger, it will show an as additional URL. (Never happened to me, though.)

Feeling like a fish out of water, eh? Reminds me of my early days with Puppy, every-
thing seemed so strange, 5 years ago now. But please stick with us a while, you'll see
that Puppy is not that difficult; once you get accustomed to it, some things will even
appear simpler in Puppy than in W. Also, the bunch here is very friendly and helpful;
and that's a real bonus.

BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Sun 26 Jan 2014, 01:03    Post subject:  

Hello again, NickAu.

Just read your info on cryptolocker. Ouch. At the bottom of the article, it says that the
thieves pocketed 27 million US dollars in +/- six months doing this? Re-ouch.

However, as wikipedia says, it's targeting only Windows computers.

Nevertheless, it would be good practice to backup all your important files on a separate
Linux partition, and then unmount that partition for the day. Re-open that partition only
as necessary, to do the next back-up. That way, you keep your files -- and your clients
-- safe.

If you don't have a large hard drive you can divide into partitions, a thumb drive
especially for this purpose will do fine. When finished with your back-up, unmount and
remove the thumb drive. I imagine you already know this.

If the partition is closed, not connected or even not there, no one can access it, even
by accident.

BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
Barkin


Joined: 12 Aug 2011
Posts: 690

PostPosted: Sun 26 Jan 2014, 02:31    Post subject:  

mikeb wrote:

Quote:

It's still possible for malware to be injected into the browser , even on a Linux computer. Like a hidden addon to the browser which functions as a keylogger , to or redirect your browser (browser hijack).

do you have some examples ..eg addons to avoid for example? sites that do this... what approval messages to be wary off before adding an addon?


You don't have to deliberately add a malicious addon, just by visiting a webpage it can be added, (unless you have JavaScript disabled, e.g. by NoScript addon ) ...

exploit-db.com wrote:
There are not mechanism to restrict the privileges and execution scope of add-ons.
JavaScript functions can hook into the browser interface every time Firefox loads. They can collect keystrokes from Firefox browser interface. The JavaScript XMLHttpRequest object can be used to exchange data with a server in background.
http://www.exploit-db.com/wp-content/themes/exploit/docs/24541.pdf

https://www.google.com/search?q=Malicious+Firefox+Add-Ons+Keylogger
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8181

PostPosted: Sun 26 Jan 2014, 08:22    Post subject:  

Quote:
But then some script kiddie came up the the idea of hiding the exe in a jpg or powerpoint presentation

Actually microsoft added the mechanisms for the script kiddie to exploit...it was a selling point for business lan users to have their office documents make pots of tea and play jingles...wonderful...but expose that to the internet you have a large nightmare.... If Microsoft had not been so criminally neglegent with the software they inflicted on the public starting in the mid nineties the world wide paranoia of seeing the internet as a 'dangerous place' we see would most likely not exist.

Quote:

You don't have to deliberately add a malicious addon, just by visiting a webpage it can be added, (unless you have JavaScript disabled, e.g. by NoScript addon ) ...

javascript doing such naughties while being on a malicious site...ok... but being used to install an addon to continue it afterwards without user intervention?

related is
Quote:
Using your expression (I love it!), a "Linux script kiddie" could just as well write a
keylogger for Linux,

certainly...but how would he get this installed and running on linux without user intervention? Bear in mind we are using a system designed and used for public servers.

The posibilities are awkward and convoluted on linux.... A burglar is checking out a street deciding which house to go for... one house has only a front door with a secure multi point lock, the windows are high and non opening and the walls are smooth. The other has a side door thats using a yale lock. The lights are on and its easy to see no ones in. The windows are in poor shape and use those stays that you can easily work loose. Several strong drainpipes exist next to the windows.
Which house does he choose?
Its not security by obscurity, its security by difficulty.

Scripts in jpegs on wine..good point...depends how closely wine is imitating windows. One to test perhaps.

Its always curious to get emails from people who obviously have that malware thats comes via email and that sends out spam to everyone in their address book ...we got that in 2002 when we first had a PC....so the same malware is still floating around doing its thing....many people still use outlook express. Its all too easy...why tackle the hard stuff when the vast majority have a choice of simple methods to proliferate your crap, pseudo 'protected' by programs that can be circumvented by a name or byte order change.

hyperthetical possibilities abound... real threats carry on and are sold to the public daily.

I suppose I want linux users to relax and enjoy what they have.

Mike.
Back to top
View user's profile Send private message 
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sun 26 Jan 2014, 08:52    Post subject:  

Hi Musher0,

Thanks for the post.
I tried to follow the method you said to end "World Access" but the results of the file path are as shown in the attachments.I was a bit confused,maybe not computer savvy enough for this (don't want to make a mess of anything) .

My main concern is that I would not want the computer running Puppy Carolina to put the security of the Windows computers that share peripherals and an internet connection at added risk. .No financial or private matters would be processed on the Carolina machine.The Carolina is more a computing corner hobby /internet thing. Any suggestions or advice most welcome.

Hope you have had a good night and have woken to better weather than we have here in U.K.

BFN

Oh Carolina.
Screenshot-6.png
 Description   
 Filesize   62.96 KB
 Viewed   153 Time(s)

Screenshot-6.png

Screenshot.png
Description 
png

 Download 
Filename  Screenshot.png 
Filesize  198.77 KB 
Downloaded  90 Time(s) 
Screenshot-1.png
 Description   
 Filesize   46.89 KB
 Viewed   154 Time(s)

Screenshot-1.png

Screenshot-2.png
 Description   
 Filesize   39.62 KB
 Viewed   146 Time(s)

Screenshot-2.png

Screenshot-3.png
 Description   
 Filesize   48.99 KB
 Viewed   154 Time(s)

Screenshot-3.png

Screenshot-5.png
 Description   
 Filesize   66.79 KB
 Viewed   151 Time(s)

Screenshot-5.png

Screenshot-4.png
 Description   
 Filesize   57.2 KB
 Viewed   153 Time(s)

Screenshot-4.png

Back to top
View user's profile Send private message 
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sun 26 Jan 2014, 09:06    Post subject: How safe is running from hard drive?
Subject description: Thanks Mike
 

Hi Mike,

Yes I agree that the Microsoft and Apple folk have a lot to answer for .
It's not long ago that we were being assured that the Apple devices were bullet proof and un- targeted..If the only reason Linus is "safer"is that its not a big enough target ,what happens when it gets huge?
Of course if the world wasn't driven by capitalism/consumerism and greed we would have no villains to trouble us.

BFN
Oh Carolina Very Happy
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Sun 26 Jan 2014, 09:29    Post subject:  

Hi, Oh Carolina.

Thanks for your kind words.

I'm not familiar with the Carolina Puppy. I stayed away from it because it uses the
xfce window manager, which I find clumsy to use and thus I don't like it too much.
(This is only a personal opinion, of course.)

In any case, my little lesson will only be useful to you if you work it from the
ROX-Filer. Is there a ROX-Filer on Carolina? You may want to type < rox > in a
console to see if anything shows up. If the ROX-Filer is launched, then from there,
you can modify the "world" settings as indicated above.

The Puppy is in a corner, eh? Wink In my day, that's where the boss had his/her office... Smile

As to the safety of Windows computers that may be linked to the PuppyLinux one:
there is no danger at all -- as should be clear by now from the posts on this thread.

The only risk would be of retransmitting a Windows document file that is already
infected, but that can't harm the Puppy itself. And as I mentioned, there are some
Linux versions of anti-viruses that you can use to scan and clean Windows files
from a Linux system -- out of courtesy to your fellow workers.

Conversely, looking at the possibility from the PuppyLinux end, the two OS's are
incompatible, so PuppyLinux cannot infect a Windows computer or be a nuisance
to shared peripherals. There are no known viruses for Linux systems yet, it's not
enough fun for a hacker. (Let's hope it'll stay that way.)

However, I've heard that samba (the sharing program / protocol) can be wrongly
configured, but that's not a security risk per se! Smile

Speaking of samba, I've never used it, I'm a free-lancer and work solo, mostly,
so I never had any need for it. Maybe some other Puppy-ist can answer you in
more detail about it.

Good luck and best regards.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Sun 26 Jan 2014, 09:49    Post subject:  

@mikeb:

You wrote:
>
Quote:
related is Quote:
Using your expression (I love it!), a "Linux script kiddie" could just as well write a
keylogger for Linux,

certainly...but how would he get this installed and running on linux without user intervention?
Bear in mind we are using a system designed and used for public servers.


You're right. The hacker would need proper permission to install his nasty code on
the Linux computer, and that's impossible from the outside. I had forgotten about that.

BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
anikin

Joined: 10 May 2012
Posts: 457

PostPosted: Sun 26 Jan 2014, 10:32    Post subject:  

Hi musher0,

This world-access tip is the best, I've seen on Linux security. A quick question - what's the underlying command, that performs it? I'd like to apply the trick to an external, unsquashed main sfs. Any ideas?

Thank you in advance.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8181

PostPosted: Sun 26 Jan 2014, 10:36    Post subject:  

Quote:
If the only reason Linus is "safer" is that its not a big enough target ,what happens when it gets huge?


Quote:
Its not security by obscurity, its security by difficulty.

Secure from the ground up. I made Windows secure...for linux I didn't have to do anything. Bear in mind a major percentage of websites are running Linux so not as obscure as you might think and thats a tough enviroment when it comes to security.

Apple use a Unix like system like Linux is...not aware they had major security problems with it...though mocrosoft now have a share of the business now?

Samba...not a fan..never used it though I did get an infection via netbios ports after 2 minutes of a fresh 2000 install online working direct to the net on a usb modem. There is a hack to fix that, though router firewalls effectively protect you .

I use NFS for windows file sharing.

I do wonder if Microsoft are very stupid or clever...the security holes introduced in the late nineties were soon detected and the situation even came to court over the browser integration in 1999. Why is the same system/software still included?. Perhaps selling an operating systems that stuffs itself after a year or 2 is good bisiness, or businessmen make lousy software engineers....we may never know.

mike
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8181

PostPosted: Sun 26 Jan 2014, 10:39    Post subject:  

Quote:
This world-access tip is the best, I've seen on Linux security. A quick question - what's the underlying command, that performs it? I'd like to apply the trick to an external, unsquashed main sfs. Any ideas?

If you feel the urge slax modules use 400 permissions... read only by system only.
chmod 0400 /path/to/file.sfs
or perhaps 0444 would be sufficient.
mike
Back to top
View user's profile Send private message 
Oh Carolina

Joined: 25 Jan 2014
Posts: 11
Location: England

PostPosted: Sun 26 Jan 2014, 12:46    Post subject: Area » Security How safe is running from hard drive?
Subject description: My Thanks to all
 

Hi Guys (and Girls if any),

Have learned something from this thread and thank all contributors.

Will go and try out my newly resurrected ( by Puppy Carolina )machine and hopefully find out more about the world of Linux.

Just one more thought:-Would Puppy Carolina be happy to share my 160 Gig hard drive with another member of the Linux family??

Thanks again for everyone's help

BFN

Oh Carolina. Very Happy
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 4 [52 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1183s ][ Queries: 12 (0.0086s) ][ GZIP on ]