Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 20 Jun 2018, 08:01
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Oh Yes You Can!!!
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
sszindian


Joined: 24 Apr 2010
Posts: 750
Location: Pennsylvania U.S.

PostPosted: Sun 06 May 2018, 22:43    Post subject:  Oh Yes You Can!!!  

Contact...'Virus'...

While viewing a movie 'Ice Station Zebra' at 'putlocker.com' (one of the few places left where you can view movies for FREE without even singing up)... about a third of the way into the movie a blank-screen popped up and was 'panning' (you know, the little circle going around in the center of the screen). After about 6 or so seconds nothing was loading, I figured it was looking for a commercial to throw my way... I clicked on the window close button and was right back in Ice Station Zebra like nothing happened.

Again about half-way through the movie this exact same thing happened again... again I closed the blank window and continued watching the movie.

Third time it happened about 3/4 of the way through the movie but this time the popup window wasn't blank... A fancy screen and a voice informed me that a virus was detected telling me not to shut the computer down or it would be permanently damaged but rather contact MICROSOFT immediately to fix the issue... (It appears they could not detect this was a LINUX program.)

At this point I did a COLD HARD SHUTDOWN using the computer power button.

I restarted the computer hitting the F2 key at startup and did a 'puppy pfix=fsck'

TWO SECTIONS ON THE HDD WERE REPAIRED BY PUPPY UPupBB using puppy pfix=fsck (showed on the screen... but quickly... you gotta be watching close) Once loaded I tried my browser right off (Latest Palemoon) and that 'blank-screen' popped up again... I was able to close it but the browser was jazzed-up so I again did a COLD HARD SHUTDOWN.

I loaded in another puppy... (Vivid 6.5 with the 401 kernel by Exton and did a F2 at the splash-screen and again loaded with the command 'puppy pfix=fsck' This Vivid always seemed to do a nice through check of the HDD with this command and then the Vivid savefile if it detected something out of place there. It was the HDD I was interested in.

It booted fine and without any browser problem (I use the latest Palemoon here also). Then a normal shutdown.

Rebooted UPupBB again and it appears the virus is no longer present, everything runs just fine including Palemoon.

I'm not sure every step I did above was necessary but I did it anyway for my own satisfaction!

Makes me wonder if the PAY-FOR-MOVIES aren't maybe trying to put the FREE-FOR-MOVIES out of business???

and...

If this was a LINUX directed Virus instead of a MICROSOFT directed Virus... I surely would have bought the farm... and on the last note... yes, your Puppy can get infected for sure and possibly, if I didn't use the pfix=fsck command my UPupBB would be useless forever.

>>>---Indian------>

_________________
Cloud Computing For Every Puppy (a .pet)
http://murga-linux.com/puppy/viewtopic.php?t=69192
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 168

PostPosted: Mon 07 May 2018, 00:20    Post subject: Re: Oh Yes You Can!!!  

sszindian wrote:

Makes me wonder if the PAY-FOR-MOVIES aren't maybe trying to put the FREE-FOR-MOVIES out of business???


i rather think you are visiting a site with software that is trying to put your computer out of business.

while my opinion of the film industry is exceedingly low, i do not think they are a party to this. (if you were computing in 2005, you might consider the music industry, but they probably werent behind this either)

Quote:
and...

If this was a LINUX directed Virus


no, i think more likely you may have found an exploit for your browser or plugins. if its clean now (?) we may never know what happened.
Back to top
View user's profile Send private message Visit poster's website 
Burn_IT


Joined: 12 Aug 2006
Posts: 3106
Location: Tamworth UK

PostPosted: Mon 07 May 2018, 08:52    Post subject:  

This is where many Linux users need to rethink their thoughts about virus scanners.
The vast majority of viruses nowadays attack browsers not the underlying OS and are spread by people who do not have Antivirus software - whatever OS they are using.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 168

PostPosted: Mon 07 May 2018, 09:15    Post subject:  

Burn_IT wrote:
This is where many Linux users need to rethink their thoughts about virus scanners.


or stop using browser configurations that are wide open and going to too many sketchy websites expecting that they are untouchable.

i seriously wonder how a virus scanner would have helped *in this particular instance*. its not like windows users arent getting spanked with or without them-- or that most gnu/linux users are doing well enough without.

none of which to say that scanners are useless or arent ever necessary. there arent a lot of great choices for this platform (and how many would run fine on puppy?) and that seems to be ok.

i worry less about the browser, and more about stuff thats too deep for your virus scanner to go anyway-- stuff some old scanner running in ring 0 cant touch. not terribly relevant now, but certainly thoughts for the future.
Back to top
View user's profile Send private message Visit poster's website 
drunkjedi


Joined: 24 May 2015
Posts: 897

PostPosted: Mon 07 May 2018, 09:39    Post subject:  

Running browser as spot with ublock or noscript plugins and updated host file for ad blocking, all drives unmounted (disconnected??), running without savefile, these things should help....

Couple of years ago a friend of mine had problems with ransomware, he was just browsing.
All his files were encrypted to .mp3.
I made a thread on forum too back then.

Although it was on Windows, but if someone really took interest he could do it in Linux too.
I now take regular backups of photos, that's only thing important for me.
I have edited basesfs of fatdog as per my need and run without savefile.
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3106
Location: Tamworth UK

PostPosted: Mon 07 May 2018, 11:27    Post subject:  

Quote:
its not like windows users arent getting spanked with or without them-- or that most gnu/linux users are doing well enough without.
Well that is because of the numbers involved.
Anyone wanting to influence the most people is going to target the highest user base.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 168

PostPosted: Mon 07 May 2018, 13:24    Post subject:  

Burn_IT wrote:
Anyone wanting to influence the most people is going to target the highest user base.


i dont doubt that-- my point was more along the lines of partial than complete refutation:

* the percentage of non-windows users has certainly increased

* the percentage of spanked users that are windows users has probably stayed closer to the same

* that probably says something that should be fairly obvious about windows

* the "its just because weve got all the marketshare" retort will never go away

but its partly true-- its just not the whole truth.

as for whether people can take better care of security, thats always true.

i would still like to know which av would have guaranteed that the op did not have the experience they did, but i figure no one really knows that. im not 100% convinced this was even a malware event, but it would certainly put me on my toes and its worth considering as a possibility.
Back to top
View user's profile Send private message Visit poster's website 
Burn_IT


Joined: 12 Aug 2006
Posts: 3106
Location: Tamworth UK

PostPosted: Mon 07 May 2018, 13:41    Post subject:  

Mostly because of mobile phone usage and Android.
I would like to bet that the percentage of desktop use has not changed much - though Windows 10 has not inured many commercial/serious users with it's emphasis on media presentation.

I for one refuse to use Windows 10, preferring to stick with Win 7 until security patches are stopped. At which point I will either not be around, not care about PCs, or technology will have moved on.

Though I do tend to use Puppy when viewing media or browsing the web - when I have finished work and think to reboot.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
Moat


Joined: 16 Jul 2013
Posts: 842
Location: Mid-mitten, USA

PostPosted: Mon 07 May 2018, 13:54    Post subject:  

I recall reading numerous articles and charts detailing the fact that anti-virus products are in reality only 80-90% effective - so in essence, bumping into 10 virii while browsing will leave the host infected, regardless.

It is (almost) all about the browser. I setup Firefox to run it's cache entirely in RAM and auto empty it upon closing the program... POOF! - nasties gone. uBlock and a Javascript toolbar toggle button addon - mostly surfing with Javascript disabled except on trusted websites - and I've been on the web with Windows daily for many years without any anti-virus installed/running (resource-sucking virii in themselves, IMO) - never had any issue/infection whatsoever.

When installing any questionable Windows programs downloaded from the web, I upload and scan them at VirusTotal - which scans the files using 60+ different virus engines, usefully minimizing the risk.

Running Puppy or Dogs (w/savefile) without saving the session is icing on the cake - damn near bulletproof! Cool

Bob
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 3106
Location: Tamworth UK

PostPosted: Mon 07 May 2018, 14:09    Post subject:  

Well you can run that 80 or 90% greater risk if you like, but just make sure you don't spread viri like Typhoid Mary did
Your machine would not be welcome to connect to my network.

_________________
"Just think of it as leaving early to avoid the rush" - T Pratchett
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 168

PostPosted: Mon 07 May 2018, 14:23    Post subject:  

Burn_IT wrote:
Well you can run that 80 or 90% greater risk if you like


youre better at math than that. we both know that the risks relevant to non-windows do not go down 80-90% when you install av.

seriously, IN THEORY you are 100% correct. in practice, what youre saying is closer to 80% FUD.

i would guess that if you sold elephant whistles, they would be 99% effective because of the amount of real work that needs to be done.

which as you would surely point out means that not having one raises the risk of elephant attacks by 99%! if we are going to sell av to people who really do get along fine without it, can we at least give them HONEST assessments of the benefits? that would be a huge selling point.

or would it be a better use of time to talk about how the risk of wolf attacks actually increases when everyone has gotten tired of the likes of zdnet beating the world down with fud about their lack of preparation, including 10 articles per year about the wolf that could leap out "real soon now?"

small risks + big fud -> even worse security when everyone starts thinking its all fud instead of just 80%.

the industry is as much to blame as consumers for this one. i wouldnt trust security to an industry that constantly exaggerates and condescends to its customers, why would anybody?

but its cool, lets just keep blaming the consumer for getting cynical amidst the torrents of bs. its all their fault-- like Lysol™ says, "GERMS ARE EVERYWHERE!™"

*downloads linux and carefully wipes down the usb connector with hand-sanitiser*

im quite sure this will help!
Back to top
View user's profile Send private message Visit poster's website 
rufwoof

Joined: 24 Feb 2014
Posts: 2367

PostPosted: Mon 07 May 2018, 14:38    Post subject:  

drunkjedi wrote:
Running browser as spot with ublock or noscript plugins and updated host file for ad blocking, all drives unmounted (disconnected??), running without savefile, these things should help....

Couple of years ago a friend of mine had problems with ransomware, he was just browsing.
All his files were encrypted to .mp3.
I made a thread on forum too back then.

Although it was on Windows, but if someone really took interest he could do it in Linux too.
I now take regular backups of photos, that's only thing important for me.
I have edited basesfs of fatdog as per my need and run without savefile.

Spoofing your user agent (useragent extension/addon) is another must IMO. Announcing a older browser version together with the flaws announced by Mozilla against that version is a easy entry (and some of those flaws include 'Critical' i.e. can run code simply by visiting a dubious web site or displaying a (sometimes invisible) advert amongst another web page content).

On my slacko 5.3.3 thin its all self contained, sfs's inside the initrd, no mounted drives and the browser run as fido from /home/fido and with capsh/permissions restrictions.
Code:
chmod o-wrx /root >/dev/null 2>&1
chmod o-wrx /usr/sbin >/dev/null 2>&1
chmod o-wrx /sbin >/dev/null 2>&1
chmod o-wrx /bin/busybox >/dev/null 2>&1
chmod o-wrx /bin/chattr.e2fsprogs >/dev/null 2>&1
chmod o-wrx /bin/dd >/dev/null 2>&1
chmod o-wrx /bin/kmod >/dev/null 2>&1
chmod o-wrx /bin/login >/dev/null 2>&1
chmod o-wrx /bin/mount >/dev/null 2>&1
chmod o-wrx /bin/mount-FULL >/dev/null 2>&1
chmod o-wrx /bin/pupkill >/dev/null 2>&1
chmod o-wrx /bin/umount >/dev/null 2>&1
chmod o-wrx /bin/umount-FULL >/dev/null 2>&1
chmod o-wrx /bin/chmod >/dev/null 2>&1

# Firefox
capsh --drop=cap_fowner,cap_kill,cap_sys_tty_config,cap_setfcap,cap_chown,
cap_sys_admin,cap_sys_chroot,cap_net_admin,cap_net_bind_service,
cap_sys_boot,cap_sys_module,cap_sys_resource,cap_setpcap,cap_setgid,
cap_setuid,cap_sys_rawio,cap_mknod,cap_net_raw,cap_audit_control,
cap_mac_override,cap_mac_admin,cap_syslog,cap_fsetid --keep=1 --user=fido --uid=1001 -- -c /bin/firefox --

Even then my policy has always been to assume my PC is open, no different to a public library PC and take precautions accordingly i.e. disconnected backups of data. For online banking I use a more secure choice (OpenBSD).
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 168

PostPosted: Mon 07 May 2018, 14:44    Post subject:  

[quote="rufwoof"]For online banking I use a more secure choice (OpenBSD).[/quote]

this is refreshing to read. i dont even use bsd, though ive tried it and i never make fun of it. well-- except rarely, in terms of usability.
Back to top
View user's profile Send private message Visit poster's website 
tallboy


Joined: 21 Sep 2010
Posts: 978
Location: Oslo, Norway

PostPosted: Mon 07 May 2018, 14:59    Post subject:  

putlocker.com?
shot.png
 Description   
 Filesize   16.83 KB
 Viewed   132 Time(s)

shot.png


_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send private message 
Moat


Joined: 16 Jul 2013
Posts: 842
Location: Mid-mitten, USA

PostPosted: Mon 07 May 2018, 15:27    Post subject:  

Burn_IT wrote:
... but just make sure you don't spread viri like Typhoid Mary did


I do keep a close eye on network activity (Rainmeter network graph widget on the desktop), and peek at any unusual activity using something like TCPView. But my point is, in years of running like that... zip. Zero. Nada. No Typhoid Mary goings on here (yeah, I know... knock on wood!).

Admittedly, I have spent quite a bit of time studying and then disabling a wealth of Windows' largely unnecessary background services/processes - many of which are known vulnerabilities/vectors (like the Remote Desktop stuff, for example).

Initially for me, it was out of the sheer frustration with the AV's intolerable performance degradation and massive regular virus database updates that made me question - was it worth having a "safe", AV-protected system that ran like an infected, cr@p-slow OS, directly due to that AV protection... or would the performance improvements of running without AV protection trump the potential dangers? And after all these years, I say the latter, without a doubt (for me). Using nothing more than a modicum of safe browsing, app installation practices and OS setup.

XP or Win7 flies in comparison (and I tried multiple AV's - all the same) - and another Acer Aspire One single-core netbook (Win7 Starter) is literally unusable with AV installed - yet surprisingly responsive without (so much so that I hacked it to enable the full Aero desktop effects, and still runs great).

All been kind of an experiment, with the certain knowledge I may very well be PWN'd some day. But so far, so good. Very, very good.

Just my experience.

Bob
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1256s ][ Queries: 14 (0.0320s) ][ GZIP on ]