What makes Linux safer than Windows?

For discussions about security.
Message
Author
Gullible Jones
Posts: 6
Joined: Mon 13 Apr 2009, 22:36

What makes Linux safer than Windows?

#1 Post by Gullible Jones »

It's well known that Puppy Linux is single-user, running as root by default. There's nothing really novel about this, when you think about it; Windows XP Home runs as admin by default as well. (Yeah, it does have the System user which is more powerful than admin, but so what?)

However, one of the major benefits I've heard toted about Linux is that most distros do not use root as the default user, which means that, if for instance an infected website hacks your browser, it will have a harder time installing a rootkit or trojan since it can't freely modify or install system files.

On the other hand, you've got distros like Puppy and Slax that use root by default and are proud of it. Users of such distros generally claim that Linux is secure enough to use in such a fashion on home desktops - even when not using AppArmor or whatever.

(That would actually be a whole other matter, since under AppArmor or SELinux, processes spawned by root wouldn't necessarily have root privileges. But I digress.)

What I'm asking is, what about Linux makes it more secure than Windows even when running as root (if that is actually the case)?

- We know Linux isn't immune to buffer overflows, they happen all the time.
- The idea that simple lack of use makes it more secure is ridiculous, we all know how well "security through obscurity" worked Apple.
- Unlike Windows, Linux doesn't try to hide stuff from the administrator (by default anyway). That's nice, and it can help you find infections, but it doesn't prevent infections.
- Package management is cool and helps you keep your software up to date.. But it does jack against zero-day vulnerabilities. Plus, similar things (like Secunia PSI) exist for Windows.
- Well-written code is good. But not everything running on Linux is well programmed; for that matter, some applications just don't focus strongly on security. Even "secure" programs like Firefox are often riddled with vulnerabilities.

So what is it that you Puppy users know that I don't? What makes you confident that you're not likely to get hacked, even running as root? I'd really like to know...

User avatar
gposil
Posts: 1300
Joined: Mon 06 Apr 2009, 10:00
Location: Stanthorpe (The Granite Belt), QLD, Australia
Contact:

#2 Post by gposil »

Apart from the obvious:
Microsoft’s Chief Operating Officer Kevin Turner said today that finally Windows 7 will be more secure than Linux and OS-X.
A few thoughts:

It's much easier to go in to a Linux system and simply shut down the entire windowing system, RPC daemons, and so on - you can get a Linux or BSD based system down to one or two open ports with a minimum of installed packages and still have a very useful system very easily. This probably has more to do with the UNIX heritage as a developer's OS; everything was built to be modular, not overly interconnected. This leads to a much more configurable system where you can simply remove things that are not relevant. I don't think its as easy to harden Windows servers in this way. (in fact it's not easy)

There is one very important reason why Linux and OpenBSD have the potential to be more secure than windows. That is the ability of the operating system to firewall itself from network attacks.

On Windows, incoming network packets have been exposed to significant parts of the operating system long before a windows firewall can reject the packet. On linux, using IPTables or on OpenBSD using PF you can isolate rogue packets much earlier in the process of the OS receiving a new network packet - reducing the exposure.

Linux, like all Open Source, is transparent. Everybody sees the code. There are far more eyes with good intentions looking at the code than those with bad intentions.

Why would you try to exploit a vulnerability (perceived or real) in Unix/Linux when the fix for the flaw spreads faster than a virus... :)

Just a few thoughts, there are many more....

Cheers
[img]http://gposil.netne.net/images/tlp80.gif[/img] [url=http://www.dpup.org][b]Dpup Home[/b][/url]

User avatar
gposil
Posts: 1300
Joined: Mon 06 Apr 2009, 10:00
Location: Stanthorpe (The Granite Belt), QLD, Australia
Contact:

#3 Post by gposil »

Had another couple of thoughts that get to the heart of the matter...

What makes Linux safer than Windows?

1.) The people who use it....

And I guess really the question is spurious, Windows is a homogeneous OS, Linux is not, it's a kernel and each user has the right to change it to suit his/her particular security needs, and as far as Puppy is concerned, with regard to root access...who cares if there are no ports open to exploit from outside...your choice
[img]http://gposil.netne.net/images/tlp80.gif[/img] [url=http://www.dpup.org][b]Dpup Home[/b][/url]

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#4 Post by 8-bit »

Try this. Do a Web search for Gibson Research Corporation and from their page select Shields UP.
It will run a test to try to access the ports on your PC as well as file sharing and ping.
It will work with Linux (Puppy) as well as Windows.
I tried it with Puppy and the report said all ports were slealth (good), it could not access file sharing, and also could not find a port to connect remotely. It was able to ping my PC and have it answer, And also get a reverse IP address.
Given that info, I was impressed as compared to running Windows and doing the same test.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#5 Post by Lobster »

Tin hatted penguins

These are the individuals so paranoid they wear tin hats to stop 'the government' controlling their brains.

They sniff out potential exploits even when they are not there.
Meanwhile Microsoft has documented agreements with the NSA to offer backdoors into Windows. It is part of their policy to have exploits.

The only exploit for Puppy that I am aware of is that of rogue javascript that can redirect to spammers sites.

I also use gmail (with its excellent spam reduction) whose servers are open to potential abuse

Cloud computing is being supported by the intelligence community because it is transparent to them. Which means it is also transparent to criminals and corporate spammers.

My last memories of Windows involve a security nightmare, where the very viral like virus protection schemes were being compromised by crackers. In other words they were using the protection schemes updates to run keyloggers and other nasties.

I run from DVD so runnable programs secure from interference. Then I run the Puppy firewall. Job done. 8)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

Live-CDs and Root

#6 Post by drongo »

Originally Puppy was a live-CD only. By definition you can't alter stuff on a live-CD - so running as root was never a problem with early Puppies. The situation is now more complex.
You can have a frugal install or a full install. I would guess both of these are potentially vulnerable when running as root.
You can have a multi-session DVD. I would guess this is potentially vulnerable as well.
You can save a session on closedown. Information stored in there is potentially vulnerable.
If you mount USB sticks or hard-drive partitions information on them could be modified.

So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable! Doesn't really matter whether you run as root or not. I guess you might be able to pick up some password stealing trojan during your browsing but it would disappear next time you rebooted (of course your passwords could be all over the web by then.)

Since many scripts in Puppy assume you are root changing Puppy to a system with multiple users may not be that easy. It's not as if people haven't tried!

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#7 Post by jamesbond »

While we are on this topic .... please look at this http://www.stoned-vienna.com/
Now that proof-of-concept virus is only Windows only (though it can infect anything from XP to Windows 7 - a duration which spans 8 years).
Please read the technical process of how it infects Windows - and someone please tell me that Linux is not vulnerable. :shock:
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
gposil
Posts: 1300
Joined: Mon 06 Apr 2009, 10:00
Location: Stanthorpe (The Granite Belt), QLD, Australia
Contact:

#8 Post by gposil »

Well...full stand-alone hd installations of Unix/Linux don't use mbr and a linux volume does not even need to be active to be booted, so in the strictest terms this bootkit has no relevance to us. Obviously a read only kernel implementation like Puppy would be even further removed from the scenario.
[img]http://gposil.netne.net/images/tlp80.gif[/img] [url=http://www.dpup.org][b]Dpup Home[/b][/url]

kirk
Posts: 1553
Joined: Fri 11 Nov 2005, 19:04
Location: florida

#9 Post by kirk »

The idea that simple lack of use makes it more secure is ridiculous.
Not at all. If I'm the only one using an operating system, it would for that very reason, be quite immune from viruses.

What I'm asking is, what about Linux makes it more secure than Windows even when running as root (if that is actually the case)?
Well, there is not a Linux operating system, there's a thousand, I won't speak about all Linux OSs, but for puppy:

*There's no activeX type apps running in the web browser. Ok that goes for all Linux Oss.

*Puppy is intended to be ran with a virtual file system. The system files are really read-only. Running as a non-privileged user protects these files (again which are read-only) and not the users files.

* There's countless viruses for Windows, I'm still looking for one that will infect Puppy, If you can point me to a web site please do, because It's so ridiculously easy to fix/reinstall puppy and I'd like to see how that would work.

* There's countless trojans for Windows. Sure someone could post a pet package with a trojan, but I haven't read about any. All operating systems are vulnerable to trojans, because they tend to be installed by users. If you're installing software and you need to su or sudo to root, or enter the admin password, that's what you do, because you've already decided that the vendor is trust worthy.

Puppy does of course have multiple users. If you install a web server it usually runs as user nobody. In Puppy non-root users can't su to root even if they know the password. You can run the browser as another user if you want.

User avatar
ttuuxxx
Posts: 11171
Joined: Sat 05 May 2007, 10:00
Location: Ontario Canada,Sydney Australia
Contact:

#10 Post by ttuuxxx »

Simple go here on your windows machine and then go here with puppy :)
https://www.securitymetrics.com/portscan.adp
and do a port scan.
ttuuxxx
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Re: Live-CDs and Root

#11 Post by Flash »

drongo wrote:Originally Puppy was a live-CD only. By definition you can't alter stuff on a live-CD - so running as root was never a problem with early Puppies.
Multisession Puppy is basically a live CD or DVD, with the settings and changes to the base OS saved in sessions on the CD or DVD. Barry has provided a boot option for multisession Puppy to ignore the last n sessions, for instance where malware may have been saved, at boot. After booting, Puppy can mount the DVD and the blacklisted sessions can be safely inspected for malware. Since nothing can be erased from a multisession DVD, malware has no way to erase its tracks or even do any damage. AFAIK, no other way of running Puppy offers this forensic capability.

User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

Honeypot puppy?

#12 Post by drongo »

Flash,

I think I knew that but the implications for forensic analysis had never sunk in before. Would a honeypot puppy be of use to anybody?

I had always thought that the best use for multisession would be an audit trail. If you were writing a book or doing some complex coding you could always roll back to a previous version.

So are you still the only person using multi-session?

:D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#13 Post by Flash »

I have no idea how many other people use multisession. I can't believe I'm the only one.

I've heard of malware that encrypts everything on your hard disk, leaves a note about where you can buy the encryption key, then deletes itself. Since everything in multisession Puppy happens in RAM, the executable itself might not necessarily have been saved on the DVD to be played with. In any case, it could not encrypt anything that had already been saved to the multisession DVD, so you'd only lose what was in RAM.

I've also heard of a program that supposedly puts kiddie porn on your hard disk drive, somewhere you can't find it, then threatens to call the cops on you if you don't pay a ransom. I don't know if it can really do that. The ransom note could be only a bluff to gouge the gullible. Still, since multisession runs entirely in RAM, all you'd have to do to erase anything like that would be to turn off the computer without saving anything.

AFAIK, these programs only infect Windows at the moment, but there is nothing to keep the a**hole* who write them from trying to port them to Linux. If they do, multisession Puppy would be a tough nut for them to crack.

linuxcbon
Posts: 1312
Joined: Thu 09 Aug 2007, 22:54

#14 Post by linuxcbon »

an infected website hacks your browser, it will have a harder time installing a rootkit or trojan :
very unlikely
with firefox because secure
and with linux because few trojans or rootkits exist for it.

User avatar
droope
Posts: 801
Joined: Fri 01 Aug 2008, 00:17
Location: Uruguay, Mercedes

#15 Post by droope »

Hi.

Avast provides free antivirus protection for Linux.

http://www.avast.com/eng/avast-for-linu ... ation.html

Never tried it. Avast on windows does a pretty good job.

Cheers!
Droope
What seems hard is actually easy, while what looks like impossible is in fact hard.

“Hard things take time to do. Impossible things take a little longer.â€￾ –Percy Cerutty

[url=http://droope.wordpress.com/]Mi blog[/url] (Spanish)

maddox
Posts: 454
Joined: Fri 28 Sep 2007, 20:37
Location: sometimes in France

#16 Post by maddox »

Puppy is as safe as your router's setup (statefull packet inspection enabled) or your puppy firewall setup.

This seems new :
check-out strange noises when you you surf (clicks, pops, wizz sounds or frequent buffering on video streams as compared to before) while listening to radio or video.
This seems to be some sort of intrusion attempt, or a new statefull packet inspection by the internet provider ?

User avatar
Colonel Schell
Posts: 50
Joined: Mon 06 Jul 2009, 22:11
Location: Columbus, Ohio

#17 Post by Colonel Schell »

Being new to this, I may be stupid now, but I feel that I need to ask something in order to test one of my assumptions about Puppy.

I was under the impression that Puppy, when installed as a Frugal install, resided on the HD but was still run in RAM, i.e. was called to unzip on the fly from the HD into RAM, much as it does when running the LiveCD. We all know that the difference in running Puppy from other live CD's such as Knoppix is that de-compressing on the fly feature: you're not actually running off the CD; you're running from a Puppy image in RAM.

If this is true, what are its implications for security? If it's not true, please shoot down my false assumption.

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#18 Post by PaulBx1 »

The system files are really read-only.
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!
Uh, I must be laboring under a misapprehension. :)

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something?

As to discounting the lack of linux viruses out there "merely" because linux (or BSD) is not as popular; well, it's worked pretty well so far! Better than any anti-virus software. It is an advantage now. When linux hits 30% market share, then you can bring this one up.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#19 Post by Flash »

PaulBx1 wrote:
The system files are really read-only.
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!
Uh, I must be laboring under a misapprehension. :)

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something? ...
I think so. As I've said many times in many ways, everything saved on a multisession disk is fragmented into sessions. You can tell Puppy at boot to not incorporate the last n sessions when it builds Puppy in RAM with unionfs or aufs.

User avatar
drongo
Posts: 374
Joined: Sat 10 Dec 2005, 23:35
Location: UK

Safe but not useful

#20 Post by drongo »

@PaulBx1,

Perhaps I wasn't clear. If you haven't mounted any partitions you'll have nowhere to save the pupsave file. So if you boot a live-CD as puppy pfix=ram and you have no pupsave, there is nothing writable on the CD to change. Files in ram can be changed but they will disappear after a reboot. Still the caveat about password stealing trojans applies. Whether Puppy is that useful in this mode is a bit moot. You can't work on any files and then store the results of your work.

But I don't use Puppy as my primary OS and I only have a pupsave file on one of my machines at the moment.

If you accept those limitations (no mounted persistent storage) it's as safe as houses. If you're not running Internet Explorer with ActiveX enabled you're fairly safe even on a Windows machine. I use Firefox with Noscript and Flashblock enabled, this has been fairly secure so far.

The only viruses I have picked up in last year have been boot-sector viruses from USB sticks which have all been caught by my anti-virus. None of these would have harmed Puppy as they are usually targetted at Windows systems.

No need to be complacent though, aren't most botnets composed of thousands of Windows boxes controlled from rootkitted Linux servers?

With Puppy the only thing you have to worry about is hardpad.

Post Reply