Puppy Linux Discussion Forum

[Gullible Jones]

It's well known that Puppy Linux is single-user, running as root by default. There's nothing really novel about this, when you think about it; Windows XP Home runs as admin by default as well. (Yeah, it does have the System user which is more powerful than admin, but so what?)

However, one of the major benefits I've heard toted about Linux is that most distros do not use root as the default user, which means that, if for instance an infected website hacks your browser, it will have a harder time installing a rootkit or trojan since it can't freely modify or install system files.

On the other hand, you've got distros like Puppy and Slax that use root by default and are proud of it. Users of such distros generally claim that Linux is secure enough to use in such a fashion on home desktops - even when not using AppArmor or whatever.

(That would actually be a whole other matter, since under AppArmor or SELinux, processes spawned by root wouldn't necessarily have root privileges. But I digress.)

What I'm asking is, what about Linux makes it more secure than Windows even when running as root (if that is actually the case)?

- We know Linux isn't immune to buffer overflows, they happen all the time.
- The idea that simple lack of use makes it more secure is ridiculous, we all know how well "security through obscurity" worked Apple.
- Unlike Windows, Linux doesn't try to hide stuff from the administrator (by default anyway). That's nice, and it can help you find infections, but it doesn't prevent infections.
- Package management is cool and helps you keep your software up to date.. But it does jack against zero-day vulnerabilities. Plus, similar things (like Secunia PSI) exist for Windows.
- Well-written code is good. But not everything running on Linux is well programmed; for that matter, some applications just don't focus strongly on security. Even "secure" programs like Firefox are often riddled with vulnerabilities.

So what is it that you Puppy users know that I don't? What makes you confident that you're not likely to get hacked, even running as root? I'd really like to know...

[gposil]

Apart from the obvious:

[gposil]

Had another couple of thoughts that get to the heart of the matter...

What makes Linux safer than Windows?

1.) The people who use it....

And I guess really the question is spurious, Windows is a homogeneous OS, Linux is not, it's a kernel and each user has the right to change it to suit his/her particular security needs, and as far as Puppy is concerned, with regard to root access...who cares if there are no ports open to exploit from outside...your choice

[8-bit]

Try this. Do a Web search for Gibson Research Corporation and from their page select Shields UP.
It will run a test to try to access the ports on your PC as well as file sharing and ping.
It will work with Linux (Puppy) as well as Windows.
I tried it with Puppy and the report said all ports were slealth (good), it could not access file sharing, and also could not find a port to connect remotely. It was able to ping my PC and have it answer, And also get a reverse IP address.
Given that info, I was impressed as compared to running Windows and doing the same test.

[Lobster]

Tin hatted penguins

These are the individuals so paranoid they wear tin hats to stop 'the government' controlling their brains.

They sniff out potential exploits even when they are not there.
Meanwhile Microsoft has documented agreements with the NSA to offer backdoors into Windows. It is part of their policy to have exploits.

The only exploit for Puppy that I am aware of is that of rogue javascript that can redirect to spammers sites.

I also use gmail (with its excellent spam reduction) whose servers are open to potential abuse

Cloud computing is being supported by the intelligence community because it is transparent to them. Which means it is also transparent to criminals and corporate spammers.

My last memories of Windows involve a security nightmare, where the very viral like virus protection schemes were being compromised by crackers. In other words they were using the protection schemes updates to run keyloggers and other nasties.

I run from DVD so runnable programs secure from interference. Then I run the Puppy firewall. Job done.

[drongo]

Originally Puppy was a live-CD only. By definition you can't alter stuff on a live-CD - so running as root was never a problem with early Puppies. The situation is now more complex.
You can have a frugal install or a full install. I would guess both of these are potentially vulnerable when running as root.
You can have a multi-session DVD. I would guess this is potentially vulnerable as well.
You can save a session on closedown. Information stored in there is potentially vulnerable.
If you mount USB sticks or hard-drive partitions information on them could be modified.

So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable! Doesn't really matter whether you run as root or not. I guess you might be able to pick up some password stealing trojan during your browsing but it would disappear next time you rebooted (of course your passwords could be all over the web by then.)

Since many scripts in Puppy assume you are root changing Puppy to a system with multiple users may not be that easy. It's not as if people haven't tried!

[jamesbond]

While we are on this topic .... please look at this http://www.stoned-vienna.com/
Now that proof-of-concept virus is only Windows only (though it can infect anything from XP to Windows 7 - a duration which spans 8 years).
Please read the technical process of how it infects Windows - and someone please tell me that Linux is not vulnerable.

[gposil]

Well...full stand-alone hd installations of Unix/Linux don't use mbr and a linux volume does not even need to be active to be booted, so in the strictest terms this bootkit has no relevance to us. Obviously a read only kernel implementation like Puppy would be even further removed from the scenario.

[kirk]

[ttuuxxx]

Simple go here on your windows machine and then go here with puppy
https://www.securitymetrics.com/portscan.adp
and do a port scan.
ttuuxxx

[Flash]

[drongo]

Flash,

I think I knew that but the implications for forensic analysis had never sunk in before. Would a honeypot puppy be of use to anybody?

I had always thought that the best use for multisession would be an audit trail. If you were writing a book or doing some complex coding you could always roll back to a previous version.

So are you still the only person using multi-session?

[Flash]

I have no idea how many other people use multisession. I can't believe I'm the only one.

I've heard of malware that encrypts everything on your hard disk, leaves a note about where you can buy the encryption key, then deletes itself. Since everything in multisession Puppy happens in RAM, the executable itself might not necessarily have been saved on the DVD to be played with. In any case, it could not encrypt anything that had already been saved to the multisession DVD, so you'd only lose what was in RAM.

I've also heard of a program that supposedly puts kiddie porn on your hard disk drive, somewhere you can't find it, then threatens to call the cops on you if you don't pay a ransom. I don't know if it can really do that. The ransom note could be only a bluff to gouge the gullible. Still, since multisession runs entirely in RAM, all you'd have to do to erase anything like that would be to turn off the computer without saving anything.

AFAIK, these programs only infect Windows at the moment, but there is nothing to keep the a**hole* who write them from trying to port them to Linux. If they do, multisession Puppy would be a tough nut for them to crack.

[linuxcbon]

[droope]

Hi.

Avast provides free antivirus protection for Linux.

http://www.avast.com/eng/avast-for-linux-workstation.html

Never tried it. Avast on windows does a pretty good job.

Cheers!
Droope