Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Dec 2014, 00:09
All times are UTC - 4
 Forum index » Off-Topic Area » Security
What makes Linux safer than Windows?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 4 of 7 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Author Message
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Thu 12 Nov 2009, 18:53    Post_subject:  

Quote:
If people want to install a live CD that is their lookout. I'm still intrigued enough by the possibility of a live-CD OS to be sad enough to want to use it that way.


Well I use it that way, too. But with persistent storage (pupsave). I don't deceive myself I'm getting a read-only installation by doing that.

Pizzasgood has a solution to ease the pain of going full read-only. IIRC not everything configured gets copied over in a remaster though.
Back to top
View user's profile Send_private_message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Fri 13 Nov 2009, 00:02    Post_subject:  

No, it doesn't. But the last time I used the remaster script it had a part where it paused and told you where the build tree was (somewhere in /tmp) to give you a chance to make manual changes that would not be discarded.

Nobody has to be limited by the remaster script. My Edit-SFS program has been around for three years now (and it just got a complete rewrite a month or so ago and is much nicer now). I think a couple other people have written similar tools over the years. And even without those, it's not all that hard to just run the commands to extract and rebuild a .sfs file by hand.


As for actually locating the changes to include in the remaster, I believe the network configuration is under /etc/network-wizard. But if you're just doing a personal remaster to be used on the same machine/network, you may as well just grab /etc in it's entirety. There's nothing in there that absolutely should not be included in that sort of remaster, unless you use wireless or dialup and don't want the key/password saved inside the CD as plaintext. This way you also get the keyboard, mouse, video, and timezone configurations too.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
mojo558


Joined: 01 Apr 2009
Posts: 11

PostPosted: Tue 22 Dec 2009, 23:23    Post_subject: linux (Puppy) Security
Sub_title: Puppy is FREE
 

I may be considered to be "paranoid" by making the statement I am about to make here but, I've never been considered to be the brightest penny in the roll either.
I know of a VERY reputable Web-zine which broke the news that MS was installing software (I.E. "updates') on users machines even though their machine's security settings didn't allow it. IT WAS TURNED OFF and still MS installed software.
The next day they had a fire in their building and it shut them down.
MS is a ... what ......$800 billion company ????
They need to protect their assets. e.i. Windows . Which is a work in progress and always will be. MS made their money by selling this product. If they don't keep selling it and Coming up with bigger and better (Win 2,3, 95, 98, 2000, Milineum, XP , 7 , ect......) they would eventually go broke. So, how do you up-sell a product to the public ???
The newer system works "Better" it is more "Secure" and user friendly.
What convinces them ??
Viruses, Malware, S P Y WA R E and here is the kicker.
You ready for this ??
MS has a "Security" department manned with code writers whose sole job is to break Windows.
They get paid to intentionally write bad code.
You cant possibly believe that there are actually enough common people knowledgeable enough to produce the MILLIONS of viruses, etc that irritate you enough that you cant wait till something "better" comes out. And they are really successful at it.
That's part of why Puppy and Other Linux distros are more secure,...they are FREE.
Back to top
View user's profile Send_private_message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 23 Dec 2009, 21:18    Post_subject:  

Quote:
You cant possibly believe that there are actually enough common people knowledgeable enough to produce the MILLIONS of viruses, etc that irritate you enough that you cant wait till something "better" comes out. And they are really successful at it.
I haven't done any malware writing (it's on my to-do list though (for educational purposes!)). But considering what I do know about programming in general, and considering how many people there are on this planet who have computer and internet access, it doesn't seem remarkable to me. Also, I'm willing to bet that there really aren't that many viruses. Probably a lot of them are just rehashes of eachother, so that the total number could be knocked down by an order of magnitude or two.

I don't think the people who work at MS intentionally write insecure code, so much as that they intentionally don't write much secure code. Because writing and testing secure code takes time, and time is money. So they write code that is merely good enough, release it, and then patch it as needed later.

Therefor, I do agree with this statement anyway:
Quote:
That's part of why Puppy and Other Linux distros are more secure,...they are FREE.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
xman


Joined: 24 Sep 2009
Posts: 145

PostPosted: Thu 25 Mar 2010, 12:07    Post_subject:  

Answer isn't browser?

Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?

What is the Champion saying?
http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/

Pwn2Own 2010 first day: Safari, IE8 and Firefox all fall but Chrome stands still.
Back to top
View user's profile Send_private_message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Thu 25 Mar 2010, 14:36    Post_subject:  

Pizzasgood wrote:
I don't think the people who work at MS intentionally write insecure code, so much as that they intentionally don't write much secure code. Because writing and testing secure code takes time, and time is money. So they write code that is merely good enough, release it, and then patch it as needed later.

They're fussier about writing secure code now. But when you have millions of lines of legacy code, there will be plenty of written-in-the-past code to patch for the foreseeable future.

A lot of the security issues are understandable oversights, like buffer overflow exploits. It never occurred to the programmers who who wrote the affected code that anyone might deliberately try to overflow a buffer with bad intent. Back then, such exploits weren't even gleams in bad guy's eyes.

They're fussier these days, because while it takes more time to do it right to begin with, it costs more to fix it later.
______
Dennis

Edited_time_total
Back to top
View user's profile Send_private_message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Thu 25 Mar 2010, 14:51    Post_subject: Re: linux (Puppy) Security
Sub_title: Puppy is FREE
 

mojo558 wrote:

MS has a "Security" department manned with code writers whose sole job is to break Windows.
They get paid to intentionally write bad code.
You cant possibly believe that there are actually enough common people knowledgeable enough to produce the MILLIONS of viruses, etc that irritate you enough that you cant wait till something "better" comes out. And they are really successful at it.
That's part of why Puppy and Other Linux distros are more secure,...they are FREE.

Yes, I can believe there are enough people to write all those viruses and malware. Most of it is knock-off copies of earlier viruses, with minor changes. Some of it is done by "script kiddies" who can't write a line of real code, using hex editors to make changes in the binaries.

The amount of genuinely new code in the wild is a small fraction of the total, and with hundreds of millions of PCs running Windows around the world. hundreds of thousands of virus writers isn't beyond the realm of possibility.

Microsoft makes it's main living selling Windows and Office, but you have to remember who Microsoft thinks the customer is. They are a B2B company, and their idea of the customer is likely the corporate CIO who can sign off on a site license for thousands of copies of Windows. He's going to be fussy about what he buys. (Witness the slower than hoped for uptake of Vista, as most corporations waited for Win7.)

They aren't going to deliberately write insecure code, and upgrading to make things more secure isn't their pitch. Note that they issue regular security patches, free of charge, on "patch Tuesday", and you are encouraged to turn on Automatic Update to get them. Making those patches and distributing them costs money. I assure you MS would be just as happy if it wasn't necessary. they'd rather spend the money on new stuff that might spur sales and increase revenue, instead of fixing old stuff that won't add a dime to their bottom line.

My complaint isn't that Windows is insecure. When you have a system as big and complex as Windows, it's almost inevitable. It's that Microsoft didn't recognize the gravity of the situation, push for more secure code to begin with, and start issuing automatic security updates about 5 years earlier than they did.
______
Dennis
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 25 Mar 2010, 15:42    Post_subject:  

Apologize for not reading all postings in this thread.

Even if M$ are totally innocent I still care about security in linux.

I know too little to protect myself enough.

Puppy at least has a firewall that I can activate in set up while neither Elive nor Antix had such and the one in ubuntu and Mint I totally failed to understand if it was active or not.

Puppy has promised me that it is active when I set it up.
I am at their mercy.

To be root seems to not the best thing to be. and there do exist a puppy that allow one to create users and passwords.

Maybe next puppy should be set up so one can chose if one want to be root or more protected.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2673
Location: USA

PostPosted: Thu 25 Mar 2010, 16:05    Post_subject:  

nooby wrote:
Apologize for not reading all postings in this thread.

Even if M$ are totally innocent I still care about security in linux.

I know too little to protect myself enough.


Fortunately, most of the problems come from the OS "helping" the user by automagically installing software. For example:

http://www.messagingnews.com/story/koobface-worm-infections-rising

These sorts of bogus links are amusing from a Linux standpoint (and generally, even a Win98 standpoint) -- the dumb OS asks "what do you want to do with this executable?"... Then you can answer: "I'll tell you what to do with that F$*!@&ing virus infected executable..." Wink

I sometimes save those to disk, so I can scan them to see what kind of virus they're trying to push.

Quote:
To be root seems to not the best thing to be. and there do exist a puppy that allow one to create users and passwords.


Although the core of the system is read only. So such a virus would have to install itself in your /usr/local/bin/ or some such.

That is effectively how you would infect a user on a multi-user system (except it would place the virus in your home directory, as it would not have write privilege to place it in /usr/local/bin/).

So, while running as root may not be ideal, it's not as bad as it looks, with this particular implementation.

Of course, your concern is a good reason to create multiple pupsave files. One for general browsing, one for more secure uses (email, etc), and/or perhaps a pupsave that is used only for online banking and such.

And for the latter use, if you were really paranoid, you could create a fully functional pupsave, then make a backup copy, and every few days copy that master-backup over the top of the secure banking pupsave (to erase any changes which might have been inserted into the system) -- or perhaps even after every use.
Back to top
View user's profile Send_private_message 
jamesbond

Joined: 26 Feb 2007
Posts: 2232
Location: The Blue Marble

PostPosted: Thu 25 Mar 2010, 20:59    Post_subject:  

nooby wrote:

To be root seems to not the best thing to be.


Read this: Fear Not Root, and tell us what you think. Many people regurgitate "running as root is bad", but they seldom back it up with the reasons to the point that it almost becomes a myth.

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send_private_message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Thu 25 Mar 2010, 22:35    Post_subject:  

nooby wrote:
Even if M$ are totally innocent I still care about security in linux.

I know too little to protect myself enough.

Puppy at least has a firewall that I can activate in set up while neither Elive nor Antix had such and the one in ubuntu and Mint I totally failed to understand if it was active or not.

Puppy has promised me that it is active when I set it up.
I am at their mercy.

The first question you need to ask is what are you protecting yourself from.

On Windows. the answer is viruses and malware. On Linux, those aren't a concern as they don't really exist for the platform. They are specific to Windows, as they hook into Windows code to do their work.

Quote:
To be root seems to not the best thing to be. and there do exist a puppy that allow one to create users and passwords.

And I wish that were standard in Puppy.

One of the changes Windows made as of Vista was to make the default user profile a "Power user" profile as a security measure. Previous versions of Windows through XP assumed the logged in user was administrator with full powers to modify the machine. A lot of viruses and malware require that access to do their dirty work, and bounce off if the user doesn't have it.

Vista's switch to defaulting to Power User caused much wailing and gnashing of teeth, but it's arguably what Windows should have done all along.

Puppy is like MS-DOS and older versions of Windows. It assumes the user running it is the administrator.

Viruses and malware aren't really problems in *nix, but casual root access can be. Historically, Unix systems were mullti-user, with more than one user logged on and working at a time, and I've spent time over the years locking down systems so users couldn't casually get get root access and possibly shoot somebody else in the foot. Normal users get the equivalent of power user profiles, can only install software and make changes in their own home directory and directories below it, and can't affect the rest of the system.

The whole point of a firewall is to prevent unauthorized access and control traffic between your system and others. Like other distros, Puppy uses iptables to implement a firewall. Do a search on iptables to get a better idea of what it does and how it does it.

Your real question is "Can someone from outside get unauthorized access to my Puppy system?" The general answer is "Probably not. First, they'd have to be aware it existed. Then, they'd have to have a way to get in. And last, they'd need a reason to try."

I don't worry about it on my Puppy box. At home, it's behind a hardware firewall as well as the software firewall Puppy makes, and it's one of many thousands of systems in my area. And if someone does manage to get into it, there's nothing of value for them to get at.

People trying to break into systems will be motivated by bragging rights or material gain. In either case, there's nothing of interest on my system. They won't get bragging rights breaking into a dinky single user Linux system, and they won't get access to anything that might get them money, like access to the userids and passwords to my bank and credit card accounts. I don't do that stuff from the Puppy machine.

Quote:
Maybe next puppy should be set up so one can chose if one want to be root or more protected.

I'd be delighted if proper multi-user support got put back into Puppy. You don't have to be root to do the vast majority of things you normally do on Linux. You only need to be root to install software (and not always then) or make other changes that affect the whole system.

Puppy gets away with "All root, all the time", because it's an explicitly single-user system, and the person who installed and configured it is almost certainly that user. If you shoot yourself in the foot doing the wrong thing as root, hey, it's your foot. No one else suffers collateral damage.

In a different setting, like a corporate desktop where more than one person might use the machine, Puppy is the last Linux distro you would install. You need a distro with honest to God multi-user support, where each user can have their own ID, and the ID can be customized for what that user will do with the machine.

On current flavors on *nix, even the administrator doesn't run as root. They log in as a normal user, and if they need admin powers to do something, they use su or sudo to acquire them, and return to a normal ID when they are done. Solaris systems won't let you log on as root unless you are at the system console. From anywhere else, you must use a normal ID and then su to become root.

Does it take a few extra steps to do administrative stuff? Yes. Is this bad? No. It should be harder to make changes that can affect or even put down the whole system.

I've been an administrator responsible for multiple systems, logged into several at any given time. I took pains to do things like customize my prompts and use different color schemes in telnet session to make obvious just what box I was on in a session and whether I was on as root. It would have been way too easy to shoot everyone in the foot by typing the wrong commands into they wrong system.

I run as root in Puppy because I have to, and I wish I didn't. I'm used to being able to create IDs customized for various purposes and being able to use them to do specific things.

I've never quite understood the rationale behind making Puppy root only and removing the normal multi-user infrastructure, unless it was a matter of "It's easier to install and maintain the system if you don't have to worry about permissions problems". Perhaps, but you should worry about permissions, and there are at least a few applications out there that complain or refuse to run if you are root because of potential security problems.
______
Dennis
Back to top
View user's profile Send_private_message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Thu 25 Mar 2010, 23:07    Post_subject:  

jamesbond wrote:
nooby wrote:

To be root seems to not the best thing to be.


Read this: Fear Not Root, and tell us what you think. Many people regurgitate "running as root is bad", but they seldom back it up with the reasons to the point that it almost becomes a myth.

It's not a myth.

There's a critical distinction that gets overlooked. Linux is designed to be a work-alike for Unix. Unix and Linux are both inherently multi-user systems, that implicitly assume more than one person will be logged on and working on the system at any particular time. Puppy gets away with it's approach because it's explicitly a single-user system, and assumes the user running it is the one who installed and maintains it. If they make a mistake, they are the only one affected.

I started out on AT&T Unix System V back in the 80's. I've been the administrator of Unix systems where upwards of 300 users might be on the system at once. Can you imagine the chaos that might result if they were all running as root?

Most of the users I supported were non-technical. They didn't know how the system operated, and didn't want to. They accessed the system to perform work. The vast majority of them never saw a command line, and wouldn't know what to do if they did. I set them up with custom IDs. When they logged in, they were put directly into the program they needed to use. When they exited the program, they were logged off the system. They were quite happy with this. It made their lives easier, and reduced what they needed to know about the system to be able to do their jobs.

I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)

I prefer the extra step to become administrator as a safety measure. It forces me to remember that I am performing administrative tasks, and to make sure I understand what I am attempting to do. This is a simple safety measure that cuts down on the likelihood I'll make a mistake I'll then have to recover from.

I have seen a tech manage to wipe an entire machine at a customer site by making the wrong move as root. Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work. But he made the error he did because of bad habits he'd accumulated as an administrator on a small Xenix system, where he always ran as root to avoid pesky permissions problems.

You don't have to fear root, but you do have to respect it, and showing respect by not running as root when you don't have to is a good idea.
______
Dennis
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Thu 25 Mar 2010, 23:25    Post_subject:  

Quote:
Read this: Fear Not Root, and tell us what you think.


I thought reading this was preferable to running around like a headless penguin
exclaiming, 'Beware the root'. Rolling Eyes
Dennis makes many similar points about the difference between Linux on a corporate network and individual Puppy and Linux desktop computers.

A reminder of the simple Puppy Growl security program:
http://murga-linux.com/puppy/viewtopic.php?p=335216#335216

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
jamesbond

Joined: 26 Feb 2007
Posts: 2232
Location: The Blue Marble

PostPosted: Fri 26 Mar 2010, 00:30    Post_subject:  

Thank you Dennis.

Your posts are very clear, helpful, refreshing and educational. You give the context, and also the reasons in which running as root is a bad idea - this is in contrast to others who just say "because it's the best practice".
Hopefully wIth your posts and the Fear Not Root link, people running single-user desktop linux can then see whether or not these reasons apply them, and what additional security gains they get by running as non-root (and thus, whether root-vs-non-root is worthy of a heated debate).

cheers!

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send_private_message 
jamesbond

Joined: 26 Feb 2007
Posts: 2232
Location: The Blue Marble

PostPosted: Fri 26 Mar 2010, 00:48    Post_subject:  

Lobster wrote:
Quote:
Read this: Fear Not Root, and tell us what you think.


I thought reading this was preferable to running around like a headless penguin exclaiming, 'Beware the root'. Rolling Eyes

Lob I can't stop laughing reading your post Very Happy

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 4 of 7 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1463s ][ Queries: 12 (0.0117s) ][ GZIP on ]