The time now is Mon 23 Apr 2018, 13:52
All times are UTC - 4 |
Page 1 of 7 [99 Posts] |
Goto page: 1, 2, 3, 4, 5, 6, 7 Next |
Author |
Message |
Gullible Jones
Joined: 13 Apr 2009 Posts: 6
|
Posted: Mon 03 Aug 2009, 18:53 Post subject:
What makes Linux safer than Windows? Subject description: Running as root: dangerous, or not? |
|
It's well known that Puppy Linux is single-user, running as root by default. There's nothing really novel about this, when you think about it; Windows XP Home runs as admin by default as well. (Yeah, it does have the System user which is more powerful than admin, but so what?)
However, one of the major benefits I've heard toted about Linux is that most distros do not use root as the default user, which means that, if for instance an infected website hacks your browser, it will have a harder time installing a rootkit or trojan since it can't freely modify or install system files.
On the other hand, you've got distros like Puppy and Slax that use root by default and are proud of it. Users of such distros generally claim that Linux is secure enough to use in such a fashion on home desktops - even when not using AppArmor or whatever.
(That would actually be a whole other matter, since under AppArmor or SELinux, processes spawned by root wouldn't necessarily have root privileges. But I digress.)
What I'm asking is, what about Linux makes it more secure than Windows even when running as root (if that is actually the case)?
- We know Linux isn't immune to buffer overflows, they happen all the time.
- The idea that simple lack of use makes it more secure is ridiculous, we all know how well "security through obscurity" worked Apple.
- Unlike Windows, Linux doesn't try to hide stuff from the administrator (by default anyway). That's nice, and it can help you find infections, but it doesn't prevent infections.
- Package management is cool and helps you keep your software up to date.. But it does jack against zero-day vulnerabilities. Plus, similar things (like Secunia PSI) exist for Windows.
- Well-written code is good. But not everything running on Linux is well programmed; for that matter, some applications just don't focus strongly on security. Even "secure" programs like Firefox are often riddled with vulnerabilities.
So what is it that you Puppy users know that I don't? What makes you confident that you're not likely to get hacked, even running as root? I'd really like to know...
|
Back to top
|
|
 |
gposil

Joined: 06 Apr 2009 Posts: 1305 Location: Stanthorpe (The Granite Belt), QLD, Australia
|
Posted: Mon 03 Aug 2009, 20:57 Post subject:
|
|
Apart from the obvious:
Quote: | Microsoft’s Chief Operating Officer Kevin Turner said today that finally Windows 7 will be more secure than Linux and OS-X. |
A few thoughts:
It's much easier to go in to a Linux system and simply shut down the entire windowing system, RPC daemons, and so on - you can get a Linux or BSD based system down to one or two open ports with a minimum of installed packages and still have a very useful system very easily. This probably has more to do with the UNIX heritage as a developer's OS; everything was built to be modular, not overly interconnected. This leads to a much more configurable system where you can simply remove things that are not relevant. I don't think its as easy to harden Windows servers in this way. (in fact it's not easy)
There is one very important reason why Linux and OpenBSD have the potential to be more secure than windows. That is the ability of the operating system to firewall itself from network attacks.
On Windows, incoming network packets have been exposed to significant parts of the operating system long before a windows firewall can reject the packet. On linux, using IPTables or on OpenBSD using PF you can isolate rogue packets much earlier in the process of the OS receiving a new network packet - reducing the exposure.
Linux, like all Open Source, is transparent. Everybody sees the code. There are far more eyes with good intentions looking at the code than those with bad intentions.
Why would you try to exploit a vulnerability (perceived or real) in Unix/Linux when the fix for the flaw spreads faster than a virus...
Just a few thoughts, there are many more....
Cheers
_________________
Dpup Home
|
Back to top
|
|
 |
gposil

Joined: 06 Apr 2009 Posts: 1305 Location: Stanthorpe (The Granite Belt), QLD, Australia
|
Posted: Mon 03 Aug 2009, 21:11 Post subject:
|
|
Had another couple of thoughts that get to the heart of the matter...
What makes Linux safer than Windows?
1.) The people who use it....
And I guess really the question is spurious, Windows is a homogeneous OS, Linux is not, it's a kernel and each user has the right to change it to suit his/her particular security needs, and as far as Puppy is concerned, with regard to root access...who cares if there are no ports open to exploit from outside...your choice
_________________
Dpup Home
|
Back to top
|
|
 |
8-bit

Joined: 03 Apr 2007 Posts: 3425 Location: Oregon
|
Posted: Mon 03 Aug 2009, 23:35 Post subject:
|
|
Try this. Do a Web search for Gibson Research Corporation and from their page select Shields UP.
It will run a test to try to access the ports on your PC as well as file sharing and ping.
It will work with Linux (Puppy) as well as Windows.
I tried it with Puppy and the report said all ports were slealth (good), it could not access file sharing, and also could not find a port to connect remotely. It was able to ping my PC and have it answer, And also get a reverse IP address.
Given that info, I was impressed as compared to running Windows and doing the same test.
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Tue 04 Aug 2009, 01:19 Post subject:
|
|
Tin hatted penguins
These are the individuals so paranoid they wear tin hats to stop 'the government' controlling their brains.
They sniff out potential exploits even when they are not there.
Meanwhile Microsoft has documented agreements with the NSA to offer backdoors into Windows. It is part of their policy to have exploits.
The only exploit for Puppy that I am aware of is that of rogue javascript that can redirect to spammers sites.
I also use gmail (with its excellent spam reduction) whose servers are open to potential abuse
Cloud computing is being supported by the intelligence community because it is transparent to them. Which means it is also transparent to criminals and corporate spammers.
My last memories of Windows involve a security nightmare, where the very viral like virus protection schemes were being compromised by crackers. In other words they were using the protection schemes updates to run keyloggers and other nasties.
I run from DVD so runnable programs secure from interference. Then I run the Puppy firewall. Job done.
_________________ YinYana AI Buddhism
|
Back to top
|
|
 |
drongo

Joined: 10 Dec 2005 Posts: 378 Location: UK
|
Posted: Tue 04 Aug 2009, 06:44 Post subject:
Live-CDs and Root Subject description: Maybe not so secure now |
|
Originally Puppy was a live-CD only. By definition you can't alter stuff on a live-CD - so running as root was never a problem with early Puppies. The situation is now more complex.
You can have a frugal install or a full install. I would guess both of these are potentially vulnerable when running as root.
You can have a multi-session DVD. I would guess this is potentially vulnerable as well.
You can save a session on closedown. Information stored in there is potentially vulnerable.
If you mount USB sticks or hard-drive partitions information on them could be modified.
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable! Doesn't really matter whether you run as root or not. I guess you might be able to pick up some password stealing trojan during your browsing but it would disappear next time you rebooted (of course your passwords could be all over the web by then.)
Since many scripts in Puppy assume you are root changing Puppy to a system with multiple users may not be that easy. It's not as if people haven't tried!
|
Back to top
|
|
 |
jamesbond
Joined: 26 Feb 2007 Posts: 3146 Location: The Blue Marble
|
Posted: Tue 04 Aug 2009, 08:05 Post subject:
|
|
While we are on this topic .... please look at this http://www.stoned-vienna.com/
Now that proof-of-concept virus is only Windows only (though it can infect anything from XP to Windows 7 - a duration which spans 8 years).
Please read the technical process of how it infects Windows - and someone please tell me that Linux is not vulnerable.
_________________ Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
|
Back to top
|
|
 |
gposil

Joined: 06 Apr 2009 Posts: 1305 Location: Stanthorpe (The Granite Belt), QLD, Australia
|
Posted: Tue 04 Aug 2009, 08:33 Post subject:
|
|
Well...full stand-alone hd installations of Unix/Linux don't use mbr and a linux volume does not even need to be active to be booted, so in the strictest terms this bootkit has no relevance to us. Obviously a read only kernel implementation like Puppy would be even further removed from the scenario.
_________________
Dpup Home
|
Back to top
|
|
 |
kirk
Joined: 11 Nov 2005 Posts: 1518 Location: florida
|
Posted: Wed 05 Aug 2009, 00:12 Post subject:
|
|
Quote: | The idea that simple lack of use makes it more secure is ridiculous. |
Not at all. If I'm the only one using an operating system, it would for that very reason, be quite immune from viruses.
Quote: | What I'm asking is, what about Linux makes it more secure than Windows even when running as root (if that is actually the case)? |
Well, there is not a Linux operating system, there's a thousand, I won't speak about all Linux OSs, but for puppy:
*There's no activeX type apps running in the web browser. Ok that goes for all Linux Oss.
*Puppy is intended to be ran with a virtual file system. The system files are really read-only. Running as a non-privileged user protects these files (again which are read-only) and not the users files.
* There's countless viruses for Windows, I'm still looking for one that will infect Puppy, If you can point me to a web site please do, because It's so ridiculously easy to fix/reinstall puppy and I'd like to see how that would work.
* There's countless trojans for Windows. Sure someone could post a pet package with a trojan, but I haven't read about any. All operating systems are vulnerable to trojans, because they tend to be installed by users. If you're installing software and you need to su or sudo to root, or enter the admin password, that's what you do, because you've already decided that the vendor is trust worthy.
Puppy does of course have multiple users. If you install a web server it usually runs as user nobody. In Puppy non-root users can't su to root even if they know the password. You can run the browser as another user if you want.
|
Back to top
|
|
 |
ttuuxxx

Joined: 05 May 2007 Posts: 11193 Location: Ontario Canada,Sydney Australia
|
Posted: Wed 05 Aug 2009, 02:01 Post subject:
|
|
Simple go here on your windows machine and then go here with puppy
https://www.securitymetrics.com/portscan.adp
and do a port scan.
ttuuxxx
_________________ http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games 
|
Back to top
|
|
 |
Flash
Official Dog Handler

Joined: 04 May 2005 Posts: 12821 Location: Arizona USA
|
Posted: Wed 05 Aug 2009, 11:12 Post subject:
Re: Live-CDs and Root Subject description: Maybe not so secure now |
|
drongo wrote: | Originally Puppy was a live-CD only. By definition you can't alter stuff on a live-CD - so running as root was never a problem with early Puppies. |
Multisession Puppy is basically a live CD or DVD, with the settings and changes to the base OS saved in sessions on the CD or DVD. Barry has provided a boot option for multisession Puppy to ignore the last n sessions, for instance where malware may have been saved, at boot. After booting, Puppy can mount the DVD and the blacklisted sessions can be safely inspected for malware. Since nothing can be erased from a multisession DVD, malware has no way to erase its tracks or even do any damage. AFAIK, no other way of running Puppy offers this forensic capability.
|
Back to top
|
|
 |
drongo

Joined: 10 Dec 2005 Posts: 378 Location: UK
|
Posted: Wed 05 Aug 2009, 13:14 Post subject:
Honeypot puppy? Subject description: New use for multisession |
|
Flash,
I think I knew that but the implications for forensic analysis had never sunk in before. Would a honeypot puppy be of use to anybody?
I had always thought that the best use for multisession would be an audit trail. If you were writing a book or doing some complex coding you could always roll back to a previous version.
So are you still the only person using multi-session?
|
Back to top
|
|
 |
Flash
Official Dog Handler

Joined: 04 May 2005 Posts: 12821 Location: Arizona USA
|
Posted: Wed 05 Aug 2009, 16:34 Post subject:
|
|
I have no idea how many other people use multisession. I can't believe I'm the only one.
I've heard of malware that encrypts everything on your hard disk, leaves a note about where you can buy the encryption key, then deletes itself. Since everything in multisession Puppy happens in RAM, the executable itself might not necessarily have been saved on the DVD to be played with. In any case, it could not encrypt anything that had already been saved to the multisession DVD, so you'd only lose what was in RAM.
I've also heard of a program that supposedly puts kiddie porn on your hard disk drive, somewhere you can't find it, then threatens to call the cops on you if you don't pay a ransom. I don't know if it can really do that. The ransom note could be only a bluff to gouge the gullible. Still, since multisession runs entirely in RAM, all you'd have to do to erase anything like that would be to turn off the computer without saving anything.
AFAIK, these programs only infect Windows at the moment, but there is nothing to keep the a**hole* who write them from trying to port them to Linux. If they do, multisession Puppy would be a tough nut for them to crack.
|
Back to top
|
|
 |
linuxcbon
Joined: 09 Aug 2007 Posts: 1165
|
Posted: Wed 05 Aug 2009, 17:40 Post subject:
|
|
Quote: | an infected website hacks your browser, it will have a harder time installing a rootkit or trojan : |
very unlikely
with firefox because secure
and with linux because few trojans or rootkits exist for it.
|
Back to top
|
|
 |
droope

Joined: 31 Jul 2008 Posts: 811 Location: Uruguay, Mercedes
|
Posted: Wed 05 Aug 2009, 20:01 Post subject:
|
|
Hi.
Avast provides free antivirus protection for Linux.
http://www.avast.com/eng/avast-for-linux-workstation.html
Never tried it. Avast on windows does a pretty good job.
Cheers!
Droope
_________________ What seems hard is actually easy, while what looks like impossible is in fact hard.
“Hard things take time to do. Impossible things take a little longer.” –Percy Cerutty
Mi blog (Spanish)
|
Back to top
|
|
 |
|
Page 1 of 7 [99 Posts] |
Goto page: 1, 2, 3, 4, 5, 6, 7 Next |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|