(old)Puppy Linux Discussion Forum

READ-ONLY Archive
https://oldforum.puppylinux.com/

[ALERT?] (probably) trojan keylogger reported

https://oldforum.puppylinux.com/viewtopic.php?t=48658

Page 1 of 1

[ALERT?] (probably) trojan keylogger reported

Posted: Sat 07 Nov 2009, 17:56
by MU
I think these are the first reliable indicators of infected Puppylinux installations.

http://www.murga-linux.com/puppy/viewto ... 515#358515

Update: that one seems to be a false alert, see Pizzasgoods explanation:
http://www.murga-linux.com/puppy/viewto ... 164#359164

In all other cases in the past, I think we had false alerts.


You can install the firewall from the menu, or by typing:
firewallinstallshell

If you choose "automatic installation", it is very easy.

Mark

Posted: Sat 07 Nov 2009, 18:35
by Pizzasgood
I don't know about the first one, but the second one seems to be a false positive. The scanner got confused by our use of busybox.

Posted: Sat 07 Nov 2009, 18:43
by MU
Thanks for the clarification, Jeremy :D

The first one looks strange. No idea at moment...

Mark

Posted: Sat 07 Nov 2009, 18:57
by Patriot
Hmmm .....

MU,

I concur with Pizzasgood ...

I've tested chkrootkit on my system and it gives the exact output as reported in the second link. I also have just rebuilt busybox 1.15.2 from source and chkrootkit gives the same output ... So, I agree it's a false alarm ...

From what I understand, rootkits may get installed if one unwittingly uses a package from unreliable download sources ...


Rgds

Posted: Mon 09 Nov 2009, 16:14
by PaulBx1
Since Puppy is supposed to be newbie-friendly, I've always wondered why the user has to invoke the firewall startup (and thus, has to KNOW to invoke it). Why not just have it running by default, even when booting pfix=ram?

Posted: Tue 10 Nov 2009, 04:10
by sikpuppy
PaulBx1 wrote:Since Puppy is supposed to be newbie-friendly, I've always wondered why the user has to invoke the firewall startup (and thus, has to KNOW to invoke it). Why not just have it running by default, even when booting pfix=ram?
It would be nice, but what would be the default settings? Just enough to run the software contained on the LIVE CD?

What happens when the user installs extra PETs that need firewall access? It means that a new set of rules would have to be supplied by the PET packager, or the user would have to set the rules themselves.

The network wizard would also have to modify the firewall, which in itself might not be problematic, but at this stage I fear that the firewall would block initial attempts to gain a connection.

BTW I think that it is a good idea to have the firewall on and locked down by default, I am just playing devil's advocate.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited