Viruses in PUPPY Linux, YES, "Viruses in Linux"

For discussions about security.
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#21 Post by nooby »

Bruce wrote
For example, how many people pull the urls out of the proprietary flash plugin and block them?

How many people are told not to click on hyperlinks in the flash media?

How many people shut down suspicious pages and popup with Ctrl+F4 or Ctrl+W rather than click the mouse?

There is a lot the user can do to keep his browsing clean.
Makoto wrote
Some of those 'fake antivirus' popups/windows that installed malware on Windows were also designed to trap close attempts (the X button, Alt-F4, etc.) and install the malware anyway. The malware may not have as much of an impact for a Linux system, but it's still a good idea to know that they can, in fact, trap keystrokes like that, if they really want.
Under Puppy, if I get a suspicious window, it's easier just to choose to 'kill'
Despite the fact that I've been active here now daily since at least two years back I don't trust that I get what your two talk about so how can I protect myself of the advices are on a to me non-comprehensible level of abstract geek talk?

No offense but I sure want to do it right too but what was it I was supposed to do then.

I remember one time I used kill that destroyed that session and had to reboot to get it right again.

I get the impression that your two posts somewhat contradict each other? So how to I shut down that thing popping up?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#22 Post by Makoto »

I was mainly just saying that in my opinion, it's safer (no matter which OS I'm using) to kill a browser window with a suspicious page from the outside, rather than try to quit it using keypresses from "within" the browser window.

Originally, when the 'fake antivirus' popups began to appear, they frustrated a lot of people - until someone realized you could just click on the 'close' button at the top of the window, as you would any other program.
So, the malware writers corrected that oversight. Now, either the close button wouldn't work, or, just like clicking on the window, it would also install the malware. Often, they'd use javascript to spoof the Windows titlebar at the top for that.
But then, someone announced that you could just use Alt-F4 (etc.) to kill the window. The malware writers tried fixing that, too. Not every bit of malware out there does it, but you may encounter one that does trap whatever keys you try to use, and try to install its garbage, anyway.

Of course, some try to install merely when infected ad code is run, alone. So something could hit just by visiting a 'safe' page, too.

Can any of this run on, or affect Linux? I don't know. However, as with the trojan programs that used to spread through email like crazy, it can pile up on your hard drives, even if you don't have to worry about it running or spreading. On one of my non-Windows systems, earlier this decade, I had to run a simple anti-virus setup just to automatically clean out my email attachments folder, so the stupid trojans wouldn't eat up my HD space in no time. :roll:
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

Bruce B

#23 Post by Bruce B »

Makoto wrote:Some of those 'fake antivirus' popups/windows that installed malware on Windows were also designed to trap close attempts (the X button, Alt-F4, etc.) and install the malware anyway. The malware may not have as much of an impact for a Linux system, but it's still a good idea to know that they can, in fact, trap keystrokes like that, if they really want.
Under Puppy, if I get a suspicious window, it's easier just to choose to 'kill' the window, just to be safe. :) (IMHO, of course.)
Yes, thank you. Do not interact with the Browser, window or popups. Kill it with another tool.

I like a soft kill so as not to corrupt files the browser wants to write back. Htop is included with most newer Puppys. With htop we can kill it with a sig 15 for a soft kill.

~

Bruce B

#24 Post by Bruce B »

nooby wrote:I get the impression that your two posts [Bruce B, Makoto] somewhat contradict each other? So how to I shut down that thing popping up?
There was an apparent contradiction. My suggestion eliminates mouse events or any interaction with the suspicious window or dialog. Makoto's suggestion eliminates any events.

Makoto's suggesting is the safest of the two as it covers all bases.

~

Keep in mind that a cancel button can do exactly the same as in install button. Don't click either.

~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#25 Post by nooby »

I trust it is my ADHD. So much to read through.

sig15 is not something I shall do that info belongs to a kind of background info on what happens when one go

Menu > System > System status > Htop

or if one go Menu > System > System status > Pprocess viewer.

Which am I supposed to use? I am not 100 sure but I think the I did the latter and that it did kill the process but also killed me being able to use the computer so had to reboot.

How one can use Htop to kill something that I have no idea how to do.

Anyway I try to reconstruct to see if it happens again.
So I post this above and then read it and then kill this tab with htop first and if that fails I do the Pprocess and then I read your kind description after this post.

Edit

Haha, I am a true Noob. I've looked and looked on that Htop so many times and not noticed the lowest text there.

It was super simple when one knew what to look for.

One highlight Firefox and then do F9 and then Enter.

And when one klick on browser again then I am right back here again being able to edit without having to log in even.

So that is odd. it did not really killed it then? Only suspended or something

Thanks Bruce you wrote that while I was composing this text. :)

Arrow I used the Mouse. Would that make a difference?
Last edited by nooby on Tue 21 Jun 2011, 15:13, edited 1 time in total.

Bruce B

#26 Post by Bruce B »

htop destructions

use arrow key to highlight application to kill
hit f9 key
then enter

~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#27 Post by nooby »

But how does one know which to mark.

Now when I look again and do the arrow scrolling then I have some 16FF and 2 Flashplayer or so instances of Firefox despite me only have one tab and only htop running.

I try to attach a pic showing the htop
I use Google Search on Puppy Forum
not an ideal solution though

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#28 Post by amigo »

"https://s3.amazonaws.com/fvd-suite/sites.txt"
The protocol (https) has nothing to do with the file type -in fact the '.txt' filename extension also has nothing to do with the file type. The 's' in https means secure. Sometimes you can use the same URL except for changing the protocol to simply 'hhtp'.

gcmartin

#29 Post by gcmartin »

Bruce B wrote:When I start Firefox from the CLI I get this error frequently. The site blocked in hosts.

The point is why is Firefox trying to make a secure connection to a text file?
@Bruce B.
I sure you are aware that "you" did something in FF to get /etc/hosts populated. Puppy doesn't come that way. And FF installation doesn't (usually) touch that file. But an extension does.

Hope this gives some insights to behavial changes we user do (with over 99% not knowing why or its impacts).

gcmartin

#30 Post by gcmartin »

nooby wrote:... One highlight Firefox and then do F9 and then ...
This is acceptable when one is using a single FF session. But, what happens when you have several tabs open in several Windows which constitutes your current work that you're involve. Then the "dreaded PopUP". In HTOP/TOP, you have a problem because you may have 5-9 FFs open ... which one is the PopUP? And, if you kill all of them, you lost all your work. Further, if you only kill the one, if you're lucky enough to figure out which is the PopUP, then you stand the chance that the viral/trojan activity has threaded its way into your other FF running sessions. Lastly, if you stopped all of them and restared, you may get the FF restart, which then will restart all/some of your prior internet connections which may now contain effects of the viral activity..

Confused, its what these things are designed for...twarting the smart user as well.

I call attention, not to show what happens, but rather, viral/trojan activity is not called this in the Linux community.

But, I too, use the steps that Bruce and Makoto outline. But, I have cause for concern of whether I can track the extent of what occurs.

I have alway used Live media in Puppy (and other OSs/distro too). It just allow me to control the extent to which the booting media is protected from inadvertant use, by me or from an errant application/virus/trojan.

But, I want us to consider how Puppy/Linux can be impacted versus the kind of hype that the security community throws at each of us. Understanding is very very key here.

This thread was started and specifically asks "Not to discuss 'ROOT' user here. The reason is, if we understand the methods by which Linux can acquire bad activity, then we can go to the Root User Discussion Threads and participate with a much better base understanding for what is "real" versus what is "hype". (But, please no root user discussion here on this thread).

Hope this helps.

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#31 Post by Sylvander »

I'd be inclined to:
Ctrl+Alt+backspace
To drop ot a command prompt...
Then:
xwin
To come back into the desktop...
Then:
Restart Firefox...
And choose which of the windows/tabs to restart...
By un-ticking the window/tab with the problem.

Any reason this wouldn't work?

Bruce B

#32 Post by Bruce B »

Vulnerabilities don't exist anywhere and everywhere.

A vulnerability can only exist if it actually exists. Even at that, it has to be successfully exploited to be of consequence.

We still don't have to my knowledge a verified report on any Puppy users having been exploited.

~

Bruce B

#33 Post by Bruce B »

Sylvander wrote:I'd be inclined to:
Ctrl+Alt+backspace
To drop ot a command prompt...
Then:
xwin
To come back into the desktop...
Then:
Restart Firefox...
And choose which of the windows/tabs to restart...
By un-ticking the window/tab with the problem.

Any reason this wouldn't work?
It would kill the Browser and all X apps.

My question is how does it kill them? If it doesn't kill them nicely file corruption can occur with applications like Firefox

~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#34 Post by nooby »

Sylvander wrote:I'd be inclined to:
Ctrl+Alt+backspace
To drop ot a command prompt...
Then:
xwin
To come back into the desktop...
Then:
Restart Firefox...
And choose which of the windows/tabs to restart...
By un-ticking the window/tab with the problem.

Any reason this wouldn't work?
I have not tested more than one or two or three times but my poor memory tell me that FF remember all the tabs like you also indicate and how do I remember which of them that I was supposed to kill.

Okay one can do a workaround. To never have more than one tab open then one always know what to kill.

Fortunately it happen rather seldom that one have to kill a FF session.

But sometimes it lock up forever waiting for an ad that never loads and the FF is hanging and don't allow any other operation either it even refuse to get shut down using Ctrl+W

I had not heard of the Ctrl+F4 is that a FF thing or a OS or JWM thing?

I found this using google

For those of us Firefox users who love the tabs, Ctrl-F4 is an indispensable tool for ... It turns out, the solution is obvious to any average linux user, ...
forum.eeeuser.com/viewtopic.php?id=7256

Hope I remember this one next time something happens.

Does one still get the virus downloaded?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

#35 Post by Sky Aisling »

Thank you GCMartin for posting this thread. Thank you Nooby for keeping the 'newbie' voice alive in the discussion. Thanks to all for the thoughtful contributions.

Bruce B

#36 Post by Bruce B »

Firefox has open about 240 files. Of these files about 20 are open for updating and writing back.

I take the extra time to close it gently so it has a chance to finish writing the files which are intended to be written back. If it is in the middle of a write operation and it is forcibly killed, it will not finish writing. A partially written file is a corrupted file. What else could it be?

~

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#37 Post by nooby »

Bruce if one consider what you just wrote, what am I supposed to do?
What is it you do? I read your words again and again but have no idea.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#38 Post by James C »

I ran into this a while ago and posted on a different thread.
http://www.murga-linux.com/puppy/viewto ... 014#512014

Nothing bad happened, just entertaining to watch. :)

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#39 Post by Sylvander »

1. Perhaps I should have said...
That my pupsave on the internal HDD...
(a) Is treated as though it's a pupsave on a Flash Drive. [I use this method]
Then...
(b) I use this method so no changes made during the session are auto-saved back to the pupsave during the session.
[I can choose if/when to do it manually, by clicking the "Save" icon on the desktop]
Then...
(c) I use this method to be given the choice at shut-down/reboot "to save or not to save".

2. Hence I can drop to a command prompt with no nasty consequences.

Bruce B

#40 Post by Bruce B »

nooby wrote:Bruce if one consider what you just wrote, what am I supposed to do?
What is it you do? I read your words again and again but have no idea.
Have you ever read posts where Firefox crashes all the time? I don't have that problem.

I respect the software and what it is doing. I shut down gently, even if it takes extra work.

Do you want a how to?

~

Post Reply