What makes Linux safer than Windows?

[maddox]

Puppy is as safe as your router's setup (statefull packet inspection enabled) or your puppy firewall setup.

This seems new :
check-out strange noises when you you surf (clicks, pops, wizz sounds or frequent buffering on video streams as compared to before) while listening to radio or video.
This seems to be some sort of intrusion attempt, or a new statefull packet inspection by the internet provider ?

[Colonel Schell]

Being new to this, I may be stupid now, but I feel that I need to ask something in order to test one of my assumptions about Puppy.

I was under the impression that Puppy, when installed as a Frugal install, resided on the HD but was still run in RAM, i.e. was called to unzip on the fly from the HD into RAM, much as it does when running the LiveCD. We all know that the difference in running Puppy from other live CD's such as Knoppix is that de-compressing on the fly feature: you're not actually running off the CD; you're running from a Puppy image in RAM.

If this is true, what are its implications for security? If it's not true, please shoot down my false assumption.

[PaulBx1]

The system files are really read-only.

So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!

Uh, I must be laboring under a misapprehension.

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something?

As to discounting the lack of linux viruses out there "merely" because linux (or BSD) is not as popular; well, it's worked pretty well so far! Better than any anti-virus software. It is an advantage now. When linux hits 30% market share, then you can bring this one up.

[Flash]

The system files are really read-only.
So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!

Uh, I must be laboring under a misapprehension.

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something? ...

I think so. As I've said many times in many ways, everything saved on a multisession disk is fragmented into sessions. You can tell Puppy at boot to not incorporate the last n sessions when it builds Puppy in RAM with unionfs or aufs.

[drongo]

@PaulBx1,

Perhaps I wasn't clear. If you haven't mounted any partitions you'll have nowhere to save the pupsave file. So if you boot a live-CD as puppy pfix=ram and you have no pupsave, there is nothing writable on the CD to change. Files in ram can be changed but they will disappear after a reboot. Still the caveat about password stealing trojans applies. Whether Puppy is that useful in this mode is a bit moot. You can't work on any files and then store the results of your work.

But I don't use Puppy as my primary OS and I only have a pupsave file on one of my machines at the moment.

If you accept those limitations (no mounted persistent storage) it's as safe as houses. If you're not running Internet Explorer with ActiveX enabled you're fairly safe even on a Windows machine. I use Firefox with Noscript and Flashblock enabled, this has been fairly secure so far.

The only viruses I have picked up in last year have been boot-sector viruses from USB sticks which have all been caught by my anti-virus. None of these would have harmed Puppy as they are usually targetted at Windows systems.

No need to be complacent though, aren't most botnets composed of thousands of Windows boxes controlled from rootkitted Linux servers?

With Puppy the only thing you have to worry about is hardpad.

[RandSec]

I have been using multisession Puppy 4.12 from DVD, on and off, for about 7 months now. I have a machine with no hard drive and Puppy works great there. My motive is security. After installing Firefox and the various security add-ons, the browsing experience is much like under Windows. But the usual random malware attack probably is going to address the largest group, which is running Windows, not Linux.

Many modern attacks go through the browser instead of the OS. Sometimes this is actual weakness, but normally it is just getting the user to click something, whereupon the malware gets its way. Beyond using Adblock Plus, NoScript, WOT, RequestPolicy and BetterPrivacy add-ons, only so much can be done automatically.

To survive on a machine past reboot, malware must change files used during boot. The potential advantage of the multisession DVD is that malware would have to change the DVD. Naturally, malware can change files in memory, and then those files might be written to the boot DVD at the end of session, but only if the user allowed it, which can be made fairly unusual. Even if malware is saved, the system can be recovered by voiding the last n sessions. And worst case, replacement is just another DVD. We do not lose the entire contents of a massive hard drive when there is no hard drive. But if a hard drive is present, even if unmounted, it probably is at risk.

If we download files, they could have format hacks that subvert the reader or player or viewer, but we can hardly blame Puppy for application faults. If we download programs, they could be Trojans, which is an argument for using an up-to-date antivirus solution in Linux. But even undetected, the Trojans *probably* will target Windows, and so not function on Linux. When something strange happens we do not want to write that session to DVD.

The multisession DVD stuff is great when it works, and I wish it would work better. Sadly, I have never been able to continue to a second DVD automatically; the write always fails. Recently I had some sort of end-of-session update write error coasterize a half-full DVD. That was an unexpected loss of substantial updating and customization, and so actually might have been worse than malware. That caused me to question further use of the multisession mode.

I have tried Puppy on a flash drive, but it did not function as I had hoped. What I want is to put everything into RAM, and then be able to *remove* the flash, just like the DVD can be removed after a boot. But what I got was a warning not to remove mounted drives, including the flash. And, of course, the flash could not be unmounted. This is a problem because I cannot save something to flash to move it to another machine with everything running.

The idea of encrypting a boot flash makes a lot of sense. But it kind of makes me wonder why the general file updates to the DVD are not also encrypted.

Perhaps someone who knows Puppy far better than I do can suggest something for multisession problems or to improve flash boot. Thanks!

[Flash]

I have been using multisession Puppy 4.12 from DVD, on and off, for about 7 months now. I have a machine with no hard drive and Puppy works great there. ...

... Sadly, I have never been able to continue to a second DVD automatically; the write always fails.

Barry comes out with a new version of Puppy so often that I never come close to filling up a multisession DVD before I switch to a new version of Puppy. The way I switch to a new version of Puppy may solve your problem. You don't even have to be upgrading to a different version of Puppy for this to work. What I do is, with Burniso2cd, burn a Puppy iso to a DVD then shut down with the newly burned DVD still in the drive. Puppy asks if I want to save. I say yes. Puppy burns the first session, which contains everything from all the sessions of the old DVD. This has the effect of "defragmenting" the old multisession DVD by condensing all the sessions from it into the first session on the newly burned DVD.

Note that if something goes wrong you haven't lost anything from the old DVD. Just boot the old DVD and try again.

... Recently I had some sort of end-of-session update write error coasterize a half-full DVD. That was an unexpected loss of substantial updating and customization, and so actually might have been worse than malware. That caused me to question further use of the multisession mode. ...

You can make a backup of your multisession DVD by periodically doing what I just described. Burniso2cd will burn a Puppy iso to a DVD+RW without having to blank the disk first. I alternate two DVD+RW disks.

[drongo]

So there's two of you?

[levian]

Never tried it. Avast on windows does a pretty good job.

agreed. my office pc is using the free edition avast since the very beginning n it is doing well so far too. hehe.

[drongo]

Err, how do you know? You can tell when your anti-virus catches a nasty and you can tell when you have a false positive. How do you know when it has missed something?

Tin-foil hats all round.

[Colonel Schell]

It's not paranoia if there's really someone out to get you.

[Lobster]

It's not paranoia if there's really someone out to get you.

Assume they already got you.
Now what?

[disciple]

They're not out there to get me. They're out there to get people running Windows

[Colonel Schell]

It's not paranoia if there's really someone out to get you.

Assume they already got you.
Now what?

I may not sleep tonight.

Thanks.

[alienjeff]

Rough translation:

Panel 1: "Why are you bringing up the root-vs-user issue?"

Panel 2: "Because I'm too lazy to use the search feature on Murga's forum to locate and read pre-existing threads on the topic."

[droope]

Err, how do you know? You can tell when your anti-virus catches a nasty and you can tell when you have a false positive. How do you know when it has missed something?

Tin-foil hats all round.

I do my calculations this way:

No bad news = Good news.

[Bruce B]

The system files are really read-only.

So, if you use Puppy as a live-CD, don't mount partitions or USB sticks, don't install it to hard-drive and don't use multi-session you're pretty much invulnerable!

Uh, I must be laboring under a misapprehension. :)

I thought any file was writable, with the new file (in the pupsave) superceding the one on CDROM, via unionfs or aufs. Thus, the only way Puppy can be invulnerable is if you never use the pupsave, and boot "pfix=ram". Or am I missing something?

As to discounting the lack of linux viruses out there "merely" because linux (or BSD) is not as popular; well, it's worked pretty well so far! Better than any anti-virus software. It is an advantage now. When linux hits 30% market share, then you can bring this one up.

Comments on Subjects Discussed

An unmounted partition can be copied bit for bit. It can be erased, formatted and ??

If I were concerned about viruses (malware), I wouldn't use a virus scanner. The reason being is I don't think the signature databases contain much if any Linux signatures.

I would, if I were very concerned, maintain my own md5sum database of files. With the checks looking for changes, new files and deleted files. The report used to alert me to things I might want to look into.

With Linux, files can be set so even root can't modify or delete them. Some of the key files used in traditional root kits can be set immutable and this would make it more difficult to install a traditional root kit.

[Lobster]

Using something like this for penetration testing (sounds a bit erotic to me)
http://www.pentoo.ch/
should keep the tin hats happy for a while . . .

Let us know of any vulnerabilities
one or two of us might even care . . .

[Bruce B]

Using something like this for penetration testing (sounds a bit erotic to me)
http://www.pentoo.ch/

Judging by the scope of things, you might be close. I did read this much at the site.

• Q: My card is not supported, will you crack my girlfirend account password for me ?
  
  Probably not, unless you send pics of her first.

Take a little - give a little. Send pix of the eX - they wouldn't care.

[Lobster]

So what is it that you Puppy users know that I don't? What makes you confident that you're not likely to get hacked, even running as root? I'd really like to know...

Most of us experienced Windows (security nightmare)
Other distros, so secure you can not even open your own CD drive - bah - humbug.
Then carefree Puppy usage
Carefree I like.

We have special tin hatted penguins to do our worrying.
They have been programmed this way (probably by the government)

Would a honeypot puppy be of use to anybody?

Maybe to our so secret everyone knows about it
black ops Puppy users
http://puppylinux.org/wikka/BlackOps