Announcing the OBVIOUS: Puppy, Replacement - WinXP/Vista/7/8

News, happenings
Message
Author
User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#41 Post by mikeb »

As a former Windows user I had it drummed into me Update Update Update to stay secure.
And please do tell me...does this contant update, update, update actually prevent infections, trojans, pop ups, browser hijacks, email spammers etc etc etc.... it would appear not otherwise this thread and puppy itself would not exist.

My noahs ark pc's run windows 2000 almost daily.... SP4 is the only update as some software will refuse to work without it.... Windows update is disabled from install and its running firefox 3.6, flash 10.1 and thunderbird 2 for internet access. No antivirus to be seen.
On linux a similar picture is painted...indeed you use puppy which has no update mechanism for itself and I am typing this from something resembling 4.12.

There is a huge market of hyperthetical security bullshit with the constant paranoia driven need for updating everything constantly. Its like a bad religion really, cultivated from some poor design moves in a mainstream OS produced in the 90's.

Perhaps what is really needed is an update to the way we think about such things.

mike

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#42 Post by jpeps »

mikeb wrote:
There is a huge market of hyperthetical security bullshit with the constant paranoia driven need for updating everything constantly.
perhaps..but regarding security, it's clear that threats are becoming ever more sophisticated. I haven't faced any problems by keeping XP updated. Yesterday, my antivirus blocked a site I was researching regarding a medical procedure after allegedly finding a known trojan. I could load the same site on my Puppy and android. False positive? Who knows.

There's also paranoia regarding the evil forces behind updating.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#43 Post by mikeb »

There's also paranoia regarding the evil forces behind updating.
no need for that... the obsoleting of windows is done by adding dummy funtions to the kernel and then requiring them in updated SDKs giving the friendly 'this is not a win32 executable' message to anything built with them....its a well documented fact...no need to sabotage online updates as that would be very bad for the reputation if it was to be proved to be happening...there is a sense of trust that has to be maintained for continued business.

As for windows updates a brief glance once at what was on offer showed 99% were targetted at IE and active X related weaknesses...since I had either removed or disabled such they seem a little irrelevant. Netbios/samba/rpc...well routers have protect those now. Otherwise the accidental breaking of a system through an update seems the only real problem as the nature of doing so when dealing with systems that are in an unknown state means there is always a risk. Ever let puppy update an existing save file?... I have heard tales of the breakages and slowdowns from installing XP SP3 but I have it as pre merged in my disk so installs as part of a fresh install and it works really well.

Antivirus...hmm always seems a case of locking the gate after the horse has bolted... a new variation of a virus can progagate the internet in minutes which is far faster than any antivirus database can be updated. And then there are those old crusty ones that still seem to abound.

Actually a blacker picture I find is painted of the current situation...that other OS has cleaned up its act significantly. The only real weaknesses appears to be from my reseach is the human factor....someone downloads and installs software in spite of security warnings or the dodgy nature of the site it came from while running as admin or root.... a lack of common sense and general ignorance of whats out there is the thing that is sorely needed of an update.

The other option of course is the totally dumbed down systems that tablets are offering (and windows 8?)...fine for using the internet as a form of interactive television I suppose though for me lack the posibilities that the extremely sophisticated technology computers can offer.

mike

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#44 Post by greengeek »

NickAu wrote: I had it drummed into me Update Update Update to stay secure.
There is a cultural difference here - "update, update, update" can really be summarised as "trust someone else, trust someone else, trust someone else". But if you trust someone else are you really safe?? Many of the MS updates probably allowed NSA backdoors to be created or perpetuated. Many updates give greater powers to the originator of the webpage (eg Youtube) rather than giving control to the end user. Many updates allow a web designer to push adverts down via your PAID bandwidth (that's stealing as far as I can tell...)

What mikeb and others manage to do on older hardware shows that trusting the MS encouragement to update hardware and software is not necessarily a good thing.

Yes, PC security is an important topic, but the more info I read from Kaspersky etc, the more I have come to believe that a very high percentage of the issues facing PC users (especially MS users) are actually driven from a 'nation state' level rather than a 'criminal next door' level.

We can update windows till we are blue in the face - it is still no guarantee of safety.

Also - why would you use the latest version of Flash player that allowed the webpage to cover the video with advertising, if you could use an older version that dsplayed the vid with no advertising superimposed at all?

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#45 Post by mikeb »

Hmm more a case of constant updating simply being not as essential as its portrayed and yes some updates with regard to flash are for the benefit of the host sites not the user. I was quite amazed at the pile of advertising thrown at me while doing a quick flash 11 test....was like having a TV.., and of course the movie does not download to /tmp...and none of this has anything to do with security improvements.
(ps someone mentioned spoofing as an android or similar gives you the mp4 rather than flash...this sort of works on another flash based Tv site i tested recently)

As for education when there is a small toddling child around do you
a, purchase every gadget possible to wrap your home in cotton wool to prevent any possibility of accidents with such as sockets, cupboard doors and so on or...
b, teach said child as soon as they are aware of such items and feel the need to explore them the dangers within and that such should be left well alone.

One example from many years ago...i was at some wedding and there was a boy of around 4-5 years old present. There was a commotion and apparently he had bit through and broke a wine glass...fortunately he did not cut himself but it appeared to be the case that he had never been allowed to encounter glass drinking vessels so did not realise the dangers of such items since plastic can handle a good chomp.

Being prepared for danger or try to prevent avoid contact with it.... what is the best approach? Humans do have to face the big wide world at some point and computer usage has become a daily part of that world at least for some.

As it happens my crusty old outdated systems have been used regularly by 2 small boys since the age of 4 ... after several years they still seem to be intact (the computers and the boys :D ... not sure about me )

mike

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#46 Post by mikeb »

Boring addition.....

I was at a clients and they had 3 machines in their office.

All identical running windows 7 ...updated and with AV in the usual fashion.

Only one of the machines had any problem with viruses and similar intrusions and it was the one used by the woman who was well known for downloading various 'freebies' off the net when she was supposed to be doing her job....

mike

User avatar
NickAu
Posts: 183
Joined: Mon 30 Dec 2013, 04:32
Location: Far North Coast NSW ɹÇ￾punuÊ￾op

#47 Post by NickAu »

We can update windows till we are blue in the face - it is still no guarantee of safety.
Correct.
Most of the time its human error that infects a pc, Most of the guys here Know pc's.
But what about the avarage mum or dad who buy a pc for little Timmy they are bombarded with the update update message. Yes antivirus is reactive,ie they need to see a virus before they can treat it but thats not always the case. Malware writers are getting more smart by the day. And finding new ways of infecting a pc everyday. Eg Cryptolocker, It comes as an email attachment, or wrapped in an exe to a known prog and it encrypts all the mapped drives on your system then wants 300 bucks to unencrypt the drives,Guess what now Antivirus picks it up and stops it, Too bad if you did not update or even have an antivirus. Oh and it installs itself in the background the first thing you know about it is you get the ransom screen.

I look at Unbuntu and all the updates it needs, Installed unduntu 12 lts from the unbuntu site after install it needed 300 yes 300 level 3 updates mostly "To prevent a remote user running this or that script"

In a few days I would like to play a little game with the Moderators permission.

I will post a few windows log scanning tools with some instructions on how to use them. Then if you guys on windows run those tools and post the logs we will see just how clean and updated your systems are.
Who wants to play? I promise you the tools are harmless and used by malware removal experts daily.
[b]Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD[/b]

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#48 Post by mikeb »

It comes as an email attachment, or wrapped in an exe to a known prog a
requiring user intervention then?

Yes playing with tools sounds fun....always curious. I used to visit dodgy links inemails just to see what would happen.

Perhaps start a fresh thread and post the link here

mike

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#49 Post by jpeps »

re: updating. I frequently update my own software..at least the software that I use the most. When I find a feature that could be better automated, or a bug, I write it in. That really seems like the point of writing software to begin with...you can always keep improving it.

Developers of commercial apps have to continually respond to user requests. The best developers are very good at it, and give you personal responses for intelligent requests. We can see that in Puppy with JWM, gtkdialog, etc. That's not to say that everyone will be pleased with change, but change is the nature of software.

Security is an ongoing struggle, and developers are mandated to run safe programs to every extent possible. Sorry if this sounds overly naive to some folks. Given ongoing and rapidly changing demands with hardware, etc., I can't see much need for deliberately obsoleting otherwise useful and commercially viable software. Whether we need the latest devices, clothes, cars, etc., is another issue. I know people want them and hopefully provides for my retirement.

User avatar
NickAu
Posts: 183
Joined: Mon 30 Dec 2013, 04:32
Location: Far North Coast NSW ɹÇ￾punuÊ￾op

#50 Post by NickAu »

mikeb wrote:
It comes as an email attachment, or wrapped in an exe to a known prog a
requiring user intervention then?

Yes playing with tools sounds fun....always curious. I used to visit dodgy links inemails just to see what would happen.

Perhaps start a fresh thread and post the link here

mike
In most cases mike you are right. In most cases. But there are things that need no user intervention to infect a Windows Pc, Anybody remember the Blaster worm or Sasser, When Windows Xp was first released the firewall was turned off by default and people would go on the net to get antivirus and firewall they were infected within minutes. Windows Defender( yes) and its updates were Instrumental in stopping this. Tell me how unimportant updates are now. So was the use of a firewall. To this day Defender still looks for those things.

Is Malware Infection Likely?

Nobody knows how many computers are infected with malware, but informed estimates range from 40% to almost 90% of computers running Windows operating systems. Infection rates are lower for MacOS and Linux systems, but this is not necessarily because Windows is an easier target. Indeed, recent versions of Windows are much improved in security. Rather, more malware authors target Windows machines because an effective attack will give them control of more computers.
The risk that any given computer is infected with malware is therefore quite high unless skilled computer security specialists are putting a substantial amount of effort into securing the system. With time, any machine on which security updates are not installed promptly is virtually guaranteed to become infected. It is however overwhelmingly likely that the malware in question will be working on obtaining credit card numbers, obtaining eBay account passwords, obtaining online banking passwords, sending spam, or launching denial of service attacks, rather than spying on specific individuals or organizations.


Source
https://ssd.eff.org/tech/malware

Self-Deleting Batch File Method

The Catch22 Self-deleting Executables article discusses the self-deleting batch file method. The article states the method "works because MS-DOS batch files are able to delete themselves." All an executable has to do if it wants to delete itself is to create a batch file with code to delete its executable." Next the executable needs to spawn off the batch file using CreateProcess, and then should exit immediately". The batch script will proceed to delete the executable then itself. On a system this action removes valuable information about the infection vector.
Source
http://journeyintoir.blogspot.com.au/20 ... -file.html

Just some Light reading for you guys.
Malware removal on Windows is a Hi skill thing, as I said you need to really know what you are doing in removing malware in Windows without damaging the OS.

To train in malware removal,just as a start there are over 1000 pages of information you need to read and be tested on. Then there is the study, the reading of logs, and practice files, On avarage it will be up to 12 months before you are allowed to actually lay hands on a real infected pc.And then its under supervision only.
[b]Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD[/b]

gcmartin

Developers are probably weighing what to do approachin April

#51 Post by gcmartin »

As a "... Replacement - WinXP/Vista/7/8", what would you recommend for as the subsystems that a replacement should have?

My opening vote would be
SAMBA!!! (MANY of us use a NAS or a central PC which has media. To get media to that central box (or any other box) we must share it. There is no harm in LAN sharing and this has been around for 30 years. Excepting for 01Micko, everyone else who build 32bit PUPs seem to think we all exist in a singular PC world and selfish enough to never share. Maybe its time to recognize that content we create on any single PC can/should be easily shared by the content creator without having to jump thru hoops. Windows and Macs have done this, OOTB, for decades; thus, they do NOT have to install anything to share on a LAN...NOTHING!

Puppy ONLY started doing it so save in ISO size in an era when dial-up was the only way for transfers to occur. SAMBA4+ is, now, much smaller than it was a decade ago, and much more stable. Maybe the developers can add the 10-12MB to the ISO so that the community members do NOT have to constantly give up because they cant figure out how to install LAN sharing from the REPOs. This lead for them to try to figure other alternative which usually means that things need to be install on all the Windows and Macs they have in order to access content that a PUP shares using other technology. Maybe its time for PUPs to have in built-in too. 30 years and only 1 Puppy developer who ventured (or had "balls" enough) to build an XP placement with his PhatSlacko in 2013! 1 man.)

Question
What things would you like to see in any PUP you select for an XP replacement?

User avatar
NickAu
Posts: 183
Joined: Mon 30 Dec 2013, 04:32
Location: Far North Coast NSW ɹÇ￾punuÊ￾op

#52 Post by NickAu »

gcmartin Is correct in my humble opinion If Linux Any Type ever wants a fair bigger share of the market they will have to keep up with what people want.
I do not want to have to type a whole bunch of stuff to update my browser I just wanna point n click. or Having to update PPM to get the latest browser. I just wanna click Help/About update and go make a coffee.
And how the f### do I find missing kmod spi-api or what ever what ever( missing on my pc) why wasnt it included in the distro. See what I mean. Its like installing stuff in windows and then finding you need this .dll or.ocx. Normaly the software has it in the exe or its a part of windows.

Like somebody once said. " I would love a new car, But, I don't want to have to build it first." I just want to buy it and drive it. Don't care how it works.
While I understand Frugal installs and why people do it. As a Windows ( who's has pc that did not come from Noahs ark)user I do not care I just wanna Install it to HDD and have it run out of the box. I do not want to bother with bios and save files and mounting Just hit the ON button and away I go.

Windows7 and WIFI ( in most cases)
Boot up windows and a little box in the bottom right hand corner pops up telling you what WIFI networks are in range, Click on yours in that list enter the password and you are connected. (sns on puppy is easy) I dont want to mess around with frizbee or what ever for hours. I just want to get online now.
What things would you like to see in any PUP you select for an XP replacement?
I have Puppy precise 5.7.1 Fatty by csipesz and found it has just about everything a new user would need. It was easy to install and connect to the net with WIFI( After figuring out SNS). A Windows XP user would find it suits them well straight out of the box. Nice work csipesz Thank you
http://murga-linux.com/puppy/viewtopic.php?t=91425

Please note I am not disrespecting Linux or the dev's I am just saying it as I see it from a strictly I use Windows and know nothing about Linux side.
[b]Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD[/b]

gcmartin

#53 Post by gcmartin »

Puppy System Updates
Over the last 2 years, I have seen 2 developers take some steps in approaching a method to provides fixes to their distros. LightHouse64, when @TaZoC was healty enough to do so, and Barry on couple occasions. What each did was to build-in a facility such that when there was an upgrade, the distro would alert the user to its availability via a desktop pop-up.

I think this facility "may" be in WOOF-CE already. But, I'm sure there are some issues because the developers would have exercised this by now. Further, there is a feeling among some of the membership that providing such a subsystem would invade their system upsetting them. So, maybe the only way for updates-fixes to become aware is thru ONLY the forum unless there is some Puppy development consensus on an appropriate method of doing so. In this case, maybe it should be left to the developer to design his distro in a manner as he envisions to give the user the best possible experience in the life of a given version of their distro. But, there must be a better way than to have to search Puppyland's forum for some system fixes and the problem associated with individual attempt at installation of something found in a post. If he never follows the distro's thread, he would be unaware of fixes to something he knows is broken in the distro.

Just another idea for a "... Replacement - WinXP/Vista/7/8"

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#54 Post by jpeps »

gcmartin wrote:
I think this facility "may" be in WOOF-CE already. But, I'm sure there are some issues because the developers would have exercised this by now.
You mean issues like dependencies? :) Ideally, software is safest when it's freshly compiled to the user's setup. You can't just randomly update whatever. A minimal linux distro is one of those instances where you want to minimize updating individual components. The browser is static and should be updated (IMHO) for security reasons.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#55 Post by mikeb »

Anybody remember the Blaster worm or Sasser,
yes... 2 minutes after installing windows 2000 and connecting to the net this bit me.
I actually fixed it by
http://www.keyfocus.net/kfsensor/help/A ... dm_RPC.php
which hacks rpcss to prevent its access to the net..solved. Since I always disabled netbios during setup those gateways were never open.
Now I have a router the hack is no longer needed. In other words nothing from Microsoft or any other 'security' company solved that one.

Perhaps if those who sit behing a wall of software trying to prevent intrusions realised what in their system is allowing the instrusions in the first place the situation might be a little different. Millions are ditching XP without ever knowing why they had a problem in the first place.
Security is an ongoing struggle, and developers are mandated to run safe programs to every extent possible.
Unfortunately this principle was not applied when Microsoft integrated a web browser with the sole aim of putting Netscape and others out of business. As part of that move they introduced active X controls, Dcom..or whatever name they tried to hide it under , the zone system and so one which caused a good decade of rampant computer chaos by making internet linked systems vunerable to anything and everything causing a massive boom in 'preventative' measures. All I did was remove those bundled software items causing the problem and replaced with decent 'secure' software usually from open source.

Ok they have cleaned things up now apparently but it is a little sad that a rank amateur like me with at the time little computer experience could harden windows 98, 2000 and XP to the extent of not having one infection over this time period when all the 'professionals' seemed to offer were often at best placebos.

Agreed the situation will be changing now as older systems get thrown out and real hacking begins as apposed to using the systems that MS provided to stuff up yer machine. In that sense I am probably heading into security by obscurity by sitting in a time bubble.

My resistance to updates more centers around to me the bloated growth of some applications....I updated firefox with every release since 0.6...I stopped at 3.6...at some point I will have to make a change forced by the grewsome nature of the devolving internet :D


Well this thread grew and SAMBA appeared...the descendant of netBIOS does not fill me with awe.... ever heard of NFS ...you can even use on windows. Theres always sshfs too...quite a neat fast option.
If the thread is about replacing windows then using windows centric methods seems a little out of place.

OK where are these security tools to play with...please do scrutinise...


Mike

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#56 Post by jpeps »

True, getting rid of automatic "features" in the browser can make it far safer. Turning off JavaScript, running a NoScript pluggin, etc, etc, also help. Most people, however, won't tolerate the extra burden of configuration. They just want everything to work.

No argument regarding browser wars and tactics to prioritize software. Efforts to mandate use of IE didn't appear to work out very well. :) Ultimately, the best business model is to give people what they want, which is quality at a low cost.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#57 Post by greengeek »

If the thread is about replacing windows then using windows centric methods seems a little out of place.
There might be a relatively simple way to make Puppy more familiar to Windows refugees - would it be possible to write a script that brings up an xdialog saying "Please wait while the system installs 74 security updates. Do not shut down your PC during this process". The script wouldn't need to install anything meaningful - just delay the shutdown by 12 minutes or so.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#58 Post by jpeps »

greengeek wrote: just delay the shutdown by 12 minutes or so.
Or a different question: How many are willing to add a few seconds to their boot time with fsck?

User avatar
NickAu
Posts: 183
Joined: Mon 30 Dec 2013, 04:32
Location: Far North Coast NSW ɹÇ￾punuÊ￾op

#59 Post by NickAu »

Please wait while the system installs 74 security updates
As a Windows user this is normal. Those that use Unbuntu or 1 of its off shoots Mint or Zorin will be familiar with this also.
You can set Windows to do updates at any time you want . Even set the PC to sleep and wake up to do what ever tasks then sleep again its what I do.

Oh yes.
Try installing Unbuntu and then see the updates for it. There are over 300 level 3 updates.
Get the new iso from Unbuntu site. And try it. Almost make Windows seem secure LOL I SAID almost.

My question.

If puppy is the son of who is the son of.... and they all use the same kernel wouldn't puppy be just as vulnerable as the rest of the distros that use the same kernel? eg kernel xx.x has a flaw in this or that . And that flaw may allow this or that to happen remotley.

This kinda thing.
http://www.linuxsecurity.com/content/view/161078/


PS
I actually manually Updated my flash player, By downloading it from adobe unzipping it and copying the lib to my usr/lib/mozila/plugins folder.I was so proud of myself LOL.

I have Windows 7 on a laptop I need it to run my diabetes control software.
For the last 2 years I have only used Internet Explorer and Microsoft Security essentials behind the Windows firewall. And I have not been infected by anything. This may be due to 1 or all or none of the reasons I give.

1 My Windows OS is kept fully updated. So Is Microsoft Security Essentials.

2 My surfing habits.

3 I never download attachments. All my friends and family know this and do not bother sending me anything as they know i will just delete it.

4 I never run any software from untrusted sources. If I need to examine a file that I am unsure about I sand box it. Or. Put my pc into a frozen state.

5 I made a few minor adjustments to my browser.

6 I hardly ever go online with the Windows 7 pc unless its in deep freeze, This excludes doing updates.

And yes I have java and flash on it.
Last edited by NickAu on Wed 12 Mar 2014, 03:12, edited 1 time in total.
[b]Precise Puppy 5.7.1 Retro Fatty Edition. Hp Compaq 2510p 2x Intel(R) Core(TM) 2 Duo Cpu U7700@ 1.33 ghz,2 gig ram Booting from 8 gig micro USB + 32 gig SD card instead of HDD[/b]

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#60 Post by jpeps »

NickAu wrote:
And yes I have java and flash on it.
It's the java pluggin that's a problem. You can use a flash blocker so it's there only when you need it.

Post Reply