Viruses? can I get them?
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
I'm saying that if somebody manages to "hack into your Puppy" such that they can run commands as root, and the drive is plugged in, then it would be trivial.
But they have to get into your Puppy first, which is not trivial. How do they do that?
If they write a trojan, and you run it as root, then the trojan can do anything root can do, including mounting drives.
If you install and enable an SSH server and they manager to figure out your password and you have Puppy and SSH configured to accept connections from wherever the person is coming from, he could log in and run anything he wants as root.
Otherwise, I don't know how the hacker would get into your Puppy in the first place. He'd have to find some vulnerability to exploit, and I don't know much about how to do that yet.
Best way to protect a harddrive is to unplug it from the motherboard (while the computer is powered down of course, otherwise you are more dangerous to it (and it to you) than any hacker!).
That isn't always practical though. Another method is to not run programs that can be exploited, or at least minimize the damage they could do. The biggest hole is the browser and its plugins. If the browser is run as 'spot' or another limited user, then if an exploit is exploited they still won't have root access (be sure to change your password from the default with the 'passwd' command though!).
Don't run servers that allow outside people to interact with your machine. I mentioned SSH already. Telnet, webservers, ftp servers, etc. also are candidates for attack. If servers must be run, try to deny all the web by default and then only allow specific machines access if possible (/etc/hosts.allow and /etc/hosts.deny are useful for this). Puppy is set up by default to block all non-local hosts. You should also learn something about the firewall. It can do interesting things like temporarily (or permanently) ban people who attempt to access your machine too frequently.
Be careful what programs you install. If possible it's good to look inside a package to see what exactly it does (they're basically just .tar.gz files, with a md5 checksum appended to the end, so you can extract them with tar -xf packagename.pet). You can't look at a binary file and see what it does unless you know machine code, but you can read through any scripts, and make sure important system files aren't being replaced. You'll also come out knowing more about the program you installed, in case it ever breaks.
Learn what your computer normally behaves like so that you notice any changes. (Temperature, CPU load, memory usage, disk activity, network activity, etc.) If you're seeing network activity but not actually doing anything with the network, find out why.
But they have to get into your Puppy first, which is not trivial. How do they do that?
If they write a trojan, and you run it as root, then the trojan can do anything root can do, including mounting drives.
If you install and enable an SSH server and they manager to figure out your password and you have Puppy and SSH configured to accept connections from wherever the person is coming from, he could log in and run anything he wants as root.
Otherwise, I don't know how the hacker would get into your Puppy in the first place. He'd have to find some vulnerability to exploit, and I don't know much about how to do that yet.
Best way to protect a harddrive is to unplug it from the motherboard (while the computer is powered down of course, otherwise you are more dangerous to it (and it to you) than any hacker!).
That isn't always practical though. Another method is to not run programs that can be exploited, or at least minimize the damage they could do. The biggest hole is the browser and its plugins. If the browser is run as 'spot' or another limited user, then if an exploit is exploited they still won't have root access (be sure to change your password from the default with the 'passwd' command though!).
Don't run servers that allow outside people to interact with your machine. I mentioned SSH already. Telnet, webservers, ftp servers, etc. also are candidates for attack. If servers must be run, try to deny all the web by default and then only allow specific machines access if possible (/etc/hosts.allow and /etc/hosts.deny are useful for this). Puppy is set up by default to block all non-local hosts. You should also learn something about the firewall. It can do interesting things like temporarily (or permanently) ban people who attempt to access your machine too frequently.
Be careful what programs you install. If possible it's good to look inside a package to see what exactly it does (they're basically just .tar.gz files, with a md5 checksum appended to the end, so you can extract them with tar -xf packagename.pet). You can't look at a binary file and see what it does unless you know machine code, but you can read through any scripts, and make sure important system files aren't being replaced. You'll also come out knowing more about the program you installed, in case it ever breaks.
Learn what your computer normally behaves like so that you notice any changes. (Temperature, CPU load, memory usage, disk activity, network activity, etc.) If you're seeing network activity but not actually doing anything with the network, find out why.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Pizzasgood, I tried that "su spot seamonkey" and it works fine. I can even go and do things on the "about:config" page. The only thing is that my old profile is gone of course.
But I wonder, is there any reason at all for running Seamonkey as root? If not, why is seamonkey not invoked by default with a "su spot seamonkey"? It would seem to be a good security measure. Maybe rattle Barry's cage?
Of course there is the difficulty of moving the old profile over, which some would find a pain. I'm not sure how to do it. Maybe that can be automated too?
But I wonder, is there any reason at all for running Seamonkey as root? If not, why is seamonkey not invoked by default with a "su spot seamonkey"? It would seem to be a good security measure. Maybe rattle Barry's cage?
Of course there is the difficulty of moving the old profile over, which some would find a pain. I'm not sure how to do it. Maybe that can be automated too?
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
The seamonkey (and firefox if installed) profile is at ~/.mozilla, so you could try something like this (as root):
If it doesn't work, just delete /root/spot/.mozilla/ and try something different.
Probably one of the reasons we don't use seamonkey as spot by default is that too many people would complain about not being able to download files to other places.
Code: Select all
rm -r /root/spot/.mozilla
cp -a /root/.mozilla /root/spot/
sed -i 's|/root/|/root/spot/|g' $(grep -Rl '/root/' /root/spot/.mozilla)
chown -R spot:spot /root/spot/.mozilla
Probably one of the reasons we don't use seamonkey as spot by default is that too many people would complain about not being able to download files to other places.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
-
- Posts: 93
- Joined: Thu 23 Jul 2009, 14:36
.Flash wrote back in the beginning of this thread:
Still, malware is a possibility to keep in mind.
With windows I found myself having to constantly run 3 different malware detectors to keep xp clean (not one of them would catch everything), how would one deal with malware on puppy? Is it detected by one of the antivirus programs or ?
myst
Still, malware is a possibility to keep in mind.
With windows I found myself having to constantly run 3 different malware detectors to keep xp clean (not one of them would catch everything), how would one deal with malware on puppy? Is it detected by one of the antivirus programs or ?
myst
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
You could install an antivirus program like ClamAV or F-Prot.
Most people just don't worry about it, because it isn't an issue yet.
I could carry antivenom in my pocket every day, but there isn't much point - I have such a small chance of being bitten by a deadly snake where I live that it would be a waste of pocketspace. Somebody could introduce some snakes, but they would probably be run over by all the cars before they had a chance to harm me.
I would be more concerned about an enemy attempting to assassinate me by slipping a snake into my bed. As unlikely as that is, it's more likely than being bitten by a random snake released to attack any random person who passes by.
When it comes to Linux, I use Conky so that I can monitor my CPU use, network activity, temperature, etc., and I often look inside a package before installing it to find out what it does (mainly out of curiosity though, so I'll know more about how it works). I also keep any especially confidential information encrypted - not only does that help reduce the harm that could be done through malware, but it helps protect me in the event of theft.
Most people just don't worry about it, because it isn't an issue yet.
I could carry antivenom in my pocket every day, but there isn't much point - I have such a small chance of being bitten by a deadly snake where I live that it would be a waste of pocketspace. Somebody could introduce some snakes, but they would probably be run over by all the cars before they had a chance to harm me.
I would be more concerned about an enemy attempting to assassinate me by slipping a snake into my bed. As unlikely as that is, it's more likely than being bitten by a random snake released to attack any random person who passes by.
When it comes to Linux, I use Conky so that I can monitor my CPU use, network activity, temperature, etc., and I often look inside a package before installing it to find out what it does (mainly out of curiosity though, so I'll know more about how it works). I also keep any especially confidential information encrypted - not only does that help reduce the harm that could be done through malware, but it helps protect me in the event of theft.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Bear in mind that windows has the mechanism for malware to be installed and run built in (did you see flash install itself??)...It is such an easy target why bother trying to wriggle in the secure_by_default linux.
The mechanism can be removed from windows but we who do so are liars and are lying about having no infections for years whilst running no antivirus software
relax
mike
The mechanism can be removed from windows but we who do so are liars and are lying about having no infections for years whilst running no antivirus software
relax
mike
Chat users claim their is a virus
I have a weird problem on a Dell 530 duo core running Ubuntu and Puppy.
Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank. Ubuntu still works fine and I blew up windows a month ago and have been afraid to reinstall it as I have almost 60 gigs of files in Ubuntu .
The people in puppy chat claim there is a virus that does that and probably got there using Ubuntu. I wrote the name down but it is not here. Personally I think they are yanking my chain because Ubuntu is unaffected.
Avast makes anti-virus for Linux, it has never failed me in Windows. Its also free. I have not used it because I am concerned it will be too big a resource hit.
If you are that paranoid you could unplug all the hard drives save one that you use for downloads and run in ram off the cd. and then scan it with Avast.
Please tell me how to become a liar and disable that feature in Winders?
I guess if someone wanted to they could post an amazing new pet that installs a full blown MSWord suite in Puppy using only 25 megs and con people into installing the virus for them? :}
Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank. Ubuntu still works fine and I blew up windows a month ago and have been afraid to reinstall it as I have almost 60 gigs of files in Ubuntu .
The people in puppy chat claim there is a virus that does that and probably got there using Ubuntu. I wrote the name down but it is not here. Personally I think they are yanking my chain because Ubuntu is unaffected.
Avast makes anti-virus for Linux, it has never failed me in Windows. Its also free. I have not used it because I am concerned it will be too big a resource hit.
If you are that paranoid you could unplug all the hard drives save one that you use for downloads and run in ram off the cd. and then scan it with Avast.
Please tell me how to become a liar and disable that feature in Winders?
I guess if someone wanted to they could post an amazing new pet that installs a full blown MSWord suite in Puppy using only 25 megs and con people into installing the virus for them? :}
sounds like a corrupted pup_save/filesystem problem that's a little too commonPuppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank.
at the moment...nothing malicious just failing software....a fsck on the partition/pupsave might help sort it and there are some fixes for full installs floating around.
Do not take anything from that chatroom seriously.
As for windows look up nlite and xplite and how integrated internet explorer is the gateway to nasties
mike
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
Since you didn't specify whether you tried this, I had better ask just in case: Have you tried simply running startx?Puppy refuses to run x period. It worked for a awhile then all I get is a blank screen and when I reboot it says to use the xorg wizard but no matter what setting it is blank.
If that doesn't work, and if it doesn't provide any error messages (it probably wouldn't), there is an error log that it generates at /var/log/Xorg.0.log. You can read it from the commandline like this:
Code: Select all
less /var/log/Xorg.0.log
If you need to copy that file to another location on the drive so that you can access it from another OS to post it here, you can do that with the cp program. For example, if you wanted to copy it to /mnt/home/, you could do that like this:
Code: Select all
cp /var/log/Xorg.0.log /mnt/home/
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
I created Growl for the 'there must be devils and viruses brigade'
Never use it myself
http://www.murga-linux.com/puppy/viewto ... 821#371821
Here is more info to scare yourself with
http://en.wikipedia.org/wiki/Linux_malware
Scared yet? Use this BSD
http://www.openbsd.org/
Hope you find what you are looking for.
Puppy Linux - runs as root
and still recommended by Computer Crime Investigation Unit
http://puppylinux.org/wikka/BlackOps
Never use it myself
http://www.murga-linux.com/puppy/viewto ... 821#371821
Here is more info to scare yourself with
http://en.wikipedia.org/wiki/Linux_malware
Scared yet? Use this BSD
http://www.openbsd.org/
Hope you find what you are looking for.
Puppy Linux - runs as root
and still recommended by Computer Crime Investigation Unit
http://puppylinux.org/wikka/BlackOps
- gposil
- Posts: 1300
- Joined: Mon 06 Apr 2009, 10:00
- Location: Stanthorpe (The Granite Belt), QLD, Australia
- Contact:
Lobster,
Dpup484beta2 which will be out later today includes an all new "Sandboxed SafeBrowser", which runs as a non-root user and on closing destroys it's own cache, history...etc
Just thought those security conscious people would be interested.
Cheers
Dpup484beta2 which will be out later today includes an all new "Sandboxed SafeBrowser", which runs as a non-root user and on closing destroys it's own cache, history...etc
Just thought those security conscious people would be interested.
Cheers
[img]http://gposil.netne.net/images/tlp80.gif[/img] [url=http://www.dpup.org][b]Dpup Home[/b][/url]
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
GuyJust thought those security conscious people would be interested
Mind viruses are the real enemy
For example the Dpup Beta 2 is uploaded to about 60MB at present
BUT
some people will download (gosh may even do it myself for that noob sensation]
check the md5sum
convince themselves their security is breached or some hacker is intercepting or . . .
[pause for breath]
is the worm in your head bigger than the threat
Answers in a crypted message to the usual drop zone
...not only trojans, but rootkits as well...
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
http://www.murga-linux.com/puppy/viewtopic.php?t=48548
@mikeb
Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
ah those things....they use javascript and then make a page look like windows explorer or similar, or as you mentions the you are infected tripe...if only they knew . I'm not sure how the javascript settings in preferences would affect these happenings..the ones designed to limit what javascript can do.Your first impression was correct. The problem happens with Puppy Seamonkey, there is a recent report of Ubuntu (Firefox) getting the rogue AV popups, and even Macs seeing the problem. Since these popups and page redirects come from advertising, a good temporary fix for Mozilla browsers is to stop the ads with Adblock.
mike
Pop-unders
I have seen those kind of "scare-windows" a few times whilst using Puppy. They are quite amusing - especially the ones that refer to directories which you don't even have on your Windows partition - which isn't even mounted!
You sometimes see a pop-under window which only appears after you close or minimise the browser but this is just a scary window, it doesn't mean they are scanning or installing anything on Puppy Linux. Some of them are quite persistent - the only way I can get rid of these is to kill the process.
As far as I know, though, all quite harmless if you are using Puppy. I know this might be alarming for would-be Windows refugees but is it possible the pop-under is generated by a site you visited before Puppy Linux? If the Puppy forum is the last site you visit before closing the browser that's when you'd see the pop-under.
I usually visit the Forum with adblock enabled either on Seamonkey in Puppy or on Firefox in XP. Is it possible that's why nobody else has reported this? If it comes from an ad I'd never see it.
The last thing we should be doing is allowing these rogues to scare people away from Puppy.
You sometimes see a pop-under window which only appears after you close or minimise the browser but this is just a scary window, it doesn't mean they are scanning or installing anything on Puppy Linux. Some of them are quite persistent - the only way I can get rid of these is to kill the process.
As far as I know, though, all quite harmless if you are using Puppy. I know this might be alarming for would-be Windows refugees but is it possible the pop-under is generated by a site you visited before Puppy Linux? If the Puppy forum is the last site you visit before closing the browser that's when you'd see the pop-under.
I usually visit the Forum with adblock enabled either on Seamonkey in Puppy or on Firefox in XP. Is it possible that's why nobody else has reported this? If it comes from an ad I'd never see it.
The last thing we should be doing is allowing these rogues to scare people away from Puppy.
word to the wise: When I was getting those popups on Puppy Forum, I actually had one trojan and three rootkits in operation on my Windows computer, which I occasionally used to visit the forums. The rootkits prevented my security software from detecting them, as well as preventing Windows security patches and updates from AVG.