Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Sep 2014, 11:59
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Viruses? can I get them?
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 5 [66 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Author Message
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sun 30 Aug 2009, 18:05    Post subject:  

I'm saying that if somebody manages to "hack into your Puppy" such that they can run commands as root, and the drive is plugged in, then it would be trivial.

But they have to get into your Puppy first, which is not trivial. How do they do that?

If they write a trojan, and you run it as root, then the trojan can do anything root can do, including mounting drives.

If you install and enable an SSH server and they manager to figure out your password and you have Puppy and SSH configured to accept connections from wherever the person is coming from, he could log in and run anything he wants as root.


Otherwise, I don't know how the hacker would get into your Puppy in the first place. He'd have to find some vulnerability to exploit, and I don't know much about how to do that yet.


Best way to protect a harddrive is to unplug it from the motherboard (while the computer is powered down of course, otherwise you are more dangerous to it (and it to you) than any hacker!).

That isn't always practical though. Another method is to not run programs that can be exploited, or at least minimize the damage they could do. The biggest hole is the browser and its plugins. If the browser is run as 'spot' or another limited user, then if an exploit is exploited they still won't have root access (be sure to change your password from the default with the 'passwd' command though!).


Don't run servers that allow outside people to interact with your machine. I mentioned SSH already. Telnet, webservers, ftp servers, etc. also are candidates for attack. If servers must be run, try to deny all the web by default and then only allow specific machines access if possible (/etc/hosts.allow and /etc/hosts.deny are useful for this). Puppy is set up by default to block all non-local hosts. You should also learn something about the firewall. It can do interesting things like temporarily (or permanently) ban people who attempt to access your machine too frequently.


Be careful what programs you install. If possible it's good to look inside a package to see what exactly it does (they're basically just .tar.gz files, with a md5 checksum appended to the end, so you can extract them with tar -xf packagename.pet). You can't look at a binary file and see what it does unless you know machine code, but you can read through any scripts, and make sure important system files aren't being replaced. You'll also come out knowing more about the program you installed, in case it ever breaks.


Learn what your computer normally behaves like so that you notice any changes. (Temperature, CPU load, memory usage, disk activity, network activity, etc.) If you're seeing network activity but not actually doing anything with the network, find out why.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Sun 30 Aug 2009, 20:30    Post subject:  

Pizzasgood, I tried that "su spot seamonkey" and it works fine. I can even go and do things on the "about:config" page. The only thing is that my old profile is gone of course.

But I wonder, is there any reason at all for running Seamonkey as root? If not, why is seamonkey not invoked by default with a "su spot seamonkey"? It would seem to be a good security measure. Maybe rattle Barry's cage?

Of course there is the difficulty of moving the old profile over, which some would find a pain. I'm not sure how to do it. Maybe that can be automated too?
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sun 30 Aug 2009, 21:13    Post subject:  

The seamonkey (and firefox if installed) profile is at ~/.mozilla, so you could try something like this (as root):
Code:
rm -r /root/spot/.mozilla
cp -a /root/.mozilla /root/spot/
sed -i 's|/root/|/root/spot/|g' $(grep -Rl '/root/' /root/spot/.mozilla)
chown -R spot:spot /root/spot/.mozilla

If it doesn't work, just delete /root/spot/.mozilla/ and try something different.


Probably one of the reasons we don't use seamonkey as spot by default is that too many people would complain about not being able to download files to other places.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
mystmaiden

Joined: 23 Jul 2009
Posts: 93

PostPosted: Wed 02 Sep 2009, 15:45    Post subject:  

.Flash wrote back in the beginning of this thread:

Still, malware is a possibility to keep in mind.

With windows I found myself having to constantly run 3 different malware detectors to keep xp clean (not one of them would catch everything), how would one deal with malware on puppy? Is it detected by one of the antivirus programs or ?

myst
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Thu 03 Sep 2009, 13:40    Post subject:  

You could install an antivirus program like ClamAV or F-Prot.

Most people just don't worry about it, because it isn't an issue yet.

I could carry antivenom in my pocket every day, but there isn't much point - I have such a small chance of being bitten by a deadly snake where I live that it would be a waste of pocketspace. Somebody could introduce some snakes, but they would probably be run over by all the cars before they had a chance to harm me.

I would be more concerned about an enemy attempting to assassinate me by slipping a snake into my bed. As unlikely as that is, it's more likely than being bitten by a random snake released to attack any random person who passes by.


When it comes to Linux, I use Conky so that I can monitor my CPU use, network activity, temperature, etc., and I often look inside a package before installing it to find out what it does (mainly out of curiosity though, so I'll know more about how it works). I also keep any especially confidential information encrypted - not only does that help reduce the harm that could be done through malware, but it helps protect me in the event of theft.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Thu 03 Sep 2009, 16:25    Post subject:  

Bear in mind that windows has the mechanism for malware to be installed and run built in (did you see flash install itself??)...It is such an easy target why bother trying to wriggle in the secure_by_default linux.

The mechanism can be removed from windows but we who do so are liars and are lying about having no infections for years whilst running no antivirus software Very Happy

relax

mike
Back to top
View user's profile Send private message 
Frank Cox

Joined: 01 Nov 2009
Posts: 381

PostPosted: Sat 02 Jan 2010, 22:35    Post subject: Chat users claim their is a virus
Subject description: Affects the bios
 

I have a weird problem on a Dell 530 duo core running Ubuntu and Puppy.
Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank. Ubuntu still works fine and I blew up windows a month ago and have been afraid to reinstall it as I have almost 60 gigs of files in Ubuntu .

The people in puppy chat claim there is a virus that does that and probably got there using Ubuntu. I wrote the name down but it is not here. Personally I think they are yanking my chain because Ubuntu is unaffected.

Avast makes anti-virus for Linux, it has never failed me in Windows. Its also free. I have not used it because I am concerned it will be too big a resource hit.

If you are that paranoid you could unplug all the hard drives save one that you use for downloads and run in ram off the cd. and then scan it with Avast.

Please tell me how to become a liar and disable that feature in Winders? Very Happy

I guess if someone wanted to they could post an amazing new pet that installs a full blown MSWord suite in Puppy using only 25 megs and con people into installing the virus for them? :}
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Sat 02 Jan 2010, 23:02    Post subject:  

Quote:
Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank.

sounds like a corrupted pup_save/filesystem problem that's a little too common
at the moment...nothing malicious just failing software....a fsck on the partition/pupsave might help sort it and there are some fixes for full installs floating around.
Do not take anything from that chatroom seriously.

As for windows look up nlite and xplite and how integrated internet explorer is the gateway to nasties

mike
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sat 02 Jan 2010, 23:16    Post subject:  

Quote:
Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank.
Since you didn't specify whether you tried this, I had better ask just in case: Have you tried simply running startx?

If that doesn't work, and if it doesn't provide any error messages (it probably wouldn't), there is an error log that it generates at /var/log/Xorg.0.log. You can read it from the commandline like this:
Code:
less /var/log/Xorg.0.log

Like it says at the top, lines that have warnings will be prefixed with (WW) and lines with errors will have (EE). In particular, at the very bottom it might have a hint about why it didn't start. Of course, try to look through the whole thing too... (You navigate inside of less with the arrow keys. You can also use the spacebar to page down and the 'b' key to page up. You can exit with the 'q' key.)

If you need to copy that file to another location on the drive so that you can access it from another OS to post it here, you can do that with the cp program. For example, if you wanted to copy it to /mnt/home/, you could do that like this:
Code:
cp /var/log/Xorg.0.log /mnt/home/

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sun 03 Jan 2010, 00:24    Post subject:  

I created Growl for the 'there must be devils and viruses brigade'
Never use it myself
http://www.murga-linux.com/puppy/viewtopic.php?p=371821#371821

Here is more info to scare yourself with
http://en.wikipedia.org/wiki/Linux_malware Rolling Eyes

Scared yet? Use this BSD
http://www.openbsd.org/

Hope you find what you are looking for. Smile

Puppy Linux - runs as root
and still recommended by Computer Crime Investigation Unit

http://puppylinux.org/wikka/BlackOps

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
gposil


Joined: 06 Apr 2009
Posts: 1305
Location: Stanthorpe (The Granite Belt), QLD, Australia

PostPosted: Sun 03 Jan 2010, 00:46    Post subject:  

Lobster,

Dpup484beta2 which will be out later today includes an all new "Sandboxed SafeBrowser", which runs as a non-root user and on closing destroys it's own cache, history...etc

Just thought those security conscious people would be interested.

Cheers

_________________
Dpup Home
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sun 03 Jan 2010, 01:38    Post subject:  

Quote:
Just thought those security conscious people would be interested


Guy
Mind viruses are the real enemy

For example the Dpup Beta 2 is uploaded to about 60MB at present
BUT
some people will download (gosh may even do it myself for that noob sensation]
check the md5sum
convince themselves their security is breached or some hacker is intercepting or . . .
[pause for breath]

is the worm in your head bigger than the threat
Answers in a crypted message to the usual drop zone Smile

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
nubc


Joined: 23 Jan 2007
Posts: 1051
Location: USA

PostPosted: Sun 03 Jan 2010, 15:59    Post subject:  

Lately, I have acquired trojans from advertising popups, and the immediate remedy is to use the Adblock feature built into Puppy 4.3.1 (Seamonkey 1.1.1Cool to get rid of the advertising, and now getting no new viruses. This is why I desperately need Adblock 0.5 for Seamonkey 1.1.8.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Sun 03 Jan 2010, 21:19    Post subject:  

Quote:
Lately, I have acquired trojans from advertising popups

would you care to elaborate?

mike
Back to top
View user's profile Send private message 
nubc


Joined: 23 Jan 2007
Posts: 1051
Location: USA

PostPosted: Mon 04 Jan 2010, 02:06    Post subject:  

...not only trojans, but rootkits as well...
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 3 of 5 [66 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1056s ][ Queries: 12 (0.0139s) ][ GZIP on ]