Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Apr 2014, 21:47
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Viruses in PUPPY Linux, YES, "Viruses in Linux"
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 5 [70 Posts]   Goto page: 1, 2, 3, 4, 5 Next
Author Message
gcmartin

Joined: 14 Oct 2005
Posts: 3645
Location: Earth

PostPosted: Sun 19 Jun 2011, 12:18    Post subject:  Viruses in PUPPY Linux, YES, "Viruses in Linux"  

This thread is a discussion thread. It is NOT posted to annoy or distract in discussson.

Preface
As a past systems engineer, I have always considered it misleading in Linux to say "not vulnerable to viruses", yet, point to Windows and brand it "vulnerable to viruses" without ever articulating WHY???

Discussion
How many of us, have followed the line and never thought/asked why is one vulnerable and not the other? Most of my colleagues over the years, in the industry, have NOT asked this question and have blindly accepted this to be the case.

Here's some ideas:
If one can exploit a OS via a browser, would this apply if I attacked Linux filesystems instead of M$ filesystems?
If one can exploit a system by placing a keylogger in a running desktop, does it matter which OS I do that as long as I "look" to see which OS I going to monitor?
If a trojan is dropped on a system, and it is designed to operate on a particular OS, does it matter whether its M$ or if its Linux?

These are not just random examples (and, I can think of many more examples), but, moreover, all of these, by definition, fall under the umbrella of viruses?

If we take a practical view and define "exploiting an OS, to do something that devastates it or something that monitors-captures data unsuspectingly, as a virus", then we have a whole new viewpoint where all OSs are vulnerable in many of the same ways as long as I can have a transport mechanism to get it to its hosts for spreading.

OS/X as many of us know, is a derivative of Linux. Apple, most recently acknowledged this. Its a "virus", everyone.

So what makes us accept the fact that Linux does not have vulnerabilities while M$ (and now Apple) does??? (Dislike for M$ does NOT change the problem...."viruses"!

Looking at it from this perspective, do you have any ideas that can help us all (and is there something about Linux that insulates it from exploitation)? (Please, no one use the "root" user argument. Its an invalid argument that I'd rather NOT cover in this thread. There are lots of other threads which address the "root user" topic.)

Thanks in advance for ideas on this discussion topic. And be sure to Google "Apple OSX virus announcement 2011"

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
Moose On The Loose


Joined: 24 Feb 2011
Posts: 488

PostPosted: Sun 19 Jun 2011, 12:47    Post subject: Re: Viruses in PUPPY Linux, YES, "Viruses in Linux"  

gcmartin wrote:
This thread is a discussion thread. It is NOT posted to annoy or distract in discussson.
(..snip..)
Here's some ideas:
If one can exploit a OS via a browser, would this apply if I attacked Linux filesystems instead of M$ filesystems?


To make something that will run on a linux platform, you need to get over one extra hurdle. You need to set the permissions. This means that the exploit must do more than let you place a file somewhere.

Quote:

If one can exploit a system by placing a keylogger in a running desktop, does it matter which OS I do that as long as I "look" to see which OS I going to monitor?


If the key logger is a program you have to get it in place on the machine. A keylogger that used perhaps a bug in the browser would not survive a reboot. Since Linux systems are rarely rebooted, this would mean it would get to go for quite a while. Assuming no bug in the browser that allows the keylogger directly, this path is closed off.

Quote:

If a trojan is dropped on a system, and it is designed to operate on a particular OS, does it matter whether its M$ or if its Linux?


Because a Linux box have levels of permissions, a trojan that got in would have less access on a Linux that was not a "run as root" machine like puppy. Puppy is a lot less likely to gather a trojans because it doesn't constantly pop up messages asking you to allow things to happen. This makes the message of the attempt to put the trojan in stand out.

Quote:

These are not just random examples (and, I can think of many more examples), but, moreover, all of these, by definition, fall under the umbrella of viruses?

If we take a practical view and define "exploiting an OS, to do something that devastates it or something that monitors-captures data unsuspectingly, as a virus", then we have a whole new viewpoint where all OSs are vulnerable in many of the same ways as long as I can have a transport mechanism to get it to its hosts for spreading.


There is no such thing as no risk. I am at risk right now of being run over by a lumber truck. I am in the computer room of my house but a lumber truck could crash the wall and get me. If I wondered aimlessly around a construction site, I my risk would be higher. We need to keep the risks in perspective.

Quote:

OS/X as many of us know, is a derivative of Linux. Apple, most recently acknowledged this. Its a "virus", everyone.


No, OS/X is not a derivative of Linux. Apple started with BSD. The "as many of us know" is a bit of an odd thing given that it was just before a mistake like that.
Back to top
View user's profile Send private message 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Sun 19 Jun 2011, 12:52    Post subject:
Subject description: Viruses in Linux
 

When the COMPUTER is under so to say "DBUS" system, can i find a virus or not - i don't know.
I have a case when i had to split one simple not very long installation script onto several parts due to loosing of opportunity to execute the whole not complicated text.
Actions of user bring some stuff. Rolling Eyes

_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.

Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11052
Location: The Peoples Republic of California

PostPosted: Sun 19 Jun 2011, 13:09    Post subject: Re: Viruses in PUPPY Linux, YES, "Viruses in Linux"  

gcmartin wrote:
OS/X as many of us know, is a derivative of Linux. Apple, most recently acknowledged this. Its a "virus", everyone.


It is not a derivate of Linux. Linux is GPL licensed

~~~

Rick James - Super Freak (3:22)

~~~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
dejan555


Joined: 30 Nov 2008
Posts: 2608
Location: Montenegro

PostPosted: Sun 19 Jun 2011, 13:18    Post subject: Re: Viruses in PUPPY Linux, YES, "Viruses in Linux"  

Uh, I'm sure there are bunch of discussions around the web on same topic, and since I don't know how specific virus types function on each system maybe I'm not quite right person to discuss but:

Saying that there are no absolutely viruses for linux is wrong, but compared to quantity of viruses written for other OS it's clear that there's a HUGE difference

Quote:
The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.


Quote taken from
http://en.wikipedia.org/wiki/Linux_malware

Compared to number of viruses for windows I think you can state that Windows as OS is more vulnerable then linux and that it's usually target OS for viruses.

Also we know that bugs were reported in kernel itself that could be used to exploit linux system. Luckily one more advantage of linux is that it's constantly progressing and making patches quickly as bugs are noticed.

Also, other differences that you should bear in mind are that
1) Linux doesn't hide running processes, it's harder to automatically launch some malware on linux startup and then not make it visible in task managers and such. Linux doesn't have registry.
2) Linux user rights management are generally better then in Windows

gcmartin wrote:

Here's some ideas:
If one can exploit a OS via a browser, would this apply if I attacked Linux filesystems instead of M$ filesystems?


I'm not really sure about this as I don't know if tools and executables created for these attacks have to be written/compiled for specific platform but if not then yeah there are probably numbers of exploits that could harm linux systems via browsers.

gcmartin wrote:

If one can exploit a system by placing a keylogger in a running desktop, does it matter which OS I do that as long as I "look" to see which OS I going to monitor?


Well software keyloggers would have to be compiled for platform that they need to run on so yes I guess it does make diference.

gcmartin wrote:

If a trojan is dropped on a system, and it is designed to operate on a particular OS, does it matter whether its M$ or if its Linux?


Yes, same as above, .exe can't run on linux. (Well, I guess yes in wine, but even if it ran in wine it wouldn't damage the actual linux filesystem)

Also, the differences I mentioned and binaries running on platforms also differ not only between windows and linux but also between linux distros - I will use puppy here as example

Puppy Linux, differently from all distros I know use /root/Startup for automatic apps running on startup, other distros and other desktop enviroments maybe use $HOME/.kde/Autostart or something else, where malware binary that would usually be placed in other distros won't work on puppy.

Binary compiled on other distro might not work in puppy due to different library versions and other stuff, not only between other distro and puppy, but also between puppy versions -> newer programs won't run on older puppy versions and vice versa.

Also, I'll use puppy again as example:
I use dpup485 version of puppy - puplet or wooflet or whatever you want to call it.
I remastered it to create customized version for personal use.
When I boot it I use it without savefile - I already have programs and settings that I need in my remastered sfs that is read only.
So I boot it and shutdown without saving sessions - any changes to system or potential malware that would run on startup would be gone on next boot.

There are probably bad points to be made too but when you consider the stuff I mentioned I believe that you CAN state that my system is less likely to catch a virus then windows one.

_________________


Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Sun 19 Jun 2011, 14:13    Post subject:  

Moose OTL wrote that

Quote:
Since Linux systems are rarely rebooted,


That is only true to particular users. All of us that sleep in same room as the computer power off each night and power on each morning. And many power off when doing something else like taking a walk to buy food whatever.

I trust that the only reason that Puppy are a bit less often often targeted is that them go for where the money is.

Apple machines are usually very expensive machines so the criminals reason that Apple owners are wealthy enough to be a good catch.

Puppy users using old machines them found in the dumpster not so practical to get money from them? Smile

If you run CD or DVD that seems more safe than using frugal on NTFS does it not?

So I am happy you started this thread.

The only thing I worry about now is that those that really got virus don't bother to report on it in the forum. I hope people would report but maybe them would feel embarrassed and a lot of "know it all" would blame them for not being as savvy as the know it all are. "Why did you not set it up like I do?" Well good you tell that now when it is too late.


I come to think of seaside and his SFS-Exec and to use that one and not have any savefile? That way the virus would go away when one power down. and not be there next morning. That would make an attack a one day wonder and each time one do Banking one use a one time boot and then shut down and that would make it safer?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11052
Location: The Peoples Republic of California

PostPosted: Sun 19 Jun 2011, 14:57    Post subject:  

I don't have any malware past or present. From a practical perspective, there is nothing I can do. I don't know what to protect the computer from in the future. If something happens, I'll do as good a postmortem as possible and communicate the details and fix.

~~~
Randy Newman - I Love LA (3:52)
~~~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3263
Location: West Lothian, Scotland, UK

PostPosted: Sun 19 Jun 2011, 15:16    Post subject:  

1. Had something happen recently that may have been malicious.
The FIRST TIME anything suspect has happened in a Puppy OS.
Clicked on a link given in the Puppy forum, to stream a video from the web.
Working within Lupu-525.
Part way through the video strange things began to happen.
Is this due to an exploitable vulnerability with Adobe Flash Player? Since then I've installed the latest update.
-----------------------------------------------------------------------
(a) Optical Drive drawer opened and closed.
Then the filesystem on the live Puppy CD was automounted.
A ROX window then opened and displayed the files on the CD.
(b) I unmounted the Puppy filesystem, closed the ROX window, opened the optical drive drawer, removed the CD.
(c) Multiple attempts were made to access the Puppy files on the now non-accessible Puppy CD.
(d) I closed the session without saving the session.
(e) Discovered that in order to eliminate this nasty, it was necessary to restore a recent backup copy of the lupusave file.
Does that mean it had managed to save itself to the lupusave file that was in use at the time of the original event?
-----------------------------------------------------------------------
(f) I'm rather impressed that my working arrangement of Lupu-525 allowed me to deal effectively with this.
No sign of any problems since then.
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11052
Location: The Peoples Republic of California

PostPosted: Sun 19 Jun 2011, 15:24    Post subject:  

If anyone is interested, this is exactly how Lupu 5.20 identifies itself when running the version of Firefox indicated below.

Remote sites cannot know you are running Puppy

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Sun 19 Jun 2011, 16:55    Post subject:  

Sylvander that was a scary thing that happen. I have no CD drive so I will not notice it that way then if it happen on my computer.
_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3263
Location: West Lothian, Scotland, UK

PostPosted: Sun 19 Jun 2011, 17:01    Post subject:  

One of the advantages of running from a live optical disk rather than an internal HDD for example, is that the contents of the optical disk cannot be altered [so I believe].

Dread to think what would have happened if I was running a "full" install [on an internal HDD].
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 3645
Location: Earth

PostPosted: Sun 19 Jun 2011, 19:29    Post subject: Correction:  

I stand corrected on the basis of OSX. Sorry for the misrepresentation. OSX is "UNIX-like" (not Linux) might have been a better statement.

See BSD here.

Not to confuse....sorry.

And, very good accurate information is being shared here. I opened this thread not just because of the Apple announcement, but because I had friend who was testing a PUP version report something similar to @Sylvander. At first, I commented to him, "nah"; but after the announcement, its got me wondering a little deeper about what can occur and if has viral behavior .... is it a virus?

We may be on the virge of creating a definition for things that behave like "viruses" in the Puppy Linux community.

Great information is pouring in from this community.

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Mon 20 Jun 2011, 02:35    Post subject:  

gcmartin it would be handy to get a bit more details. Which pup version and during what operation did it happen?

Was he surfing and had he Flash player activated and looking at youtube or something. Using a Tabloid newspaper and some ad that flashed and then the peculiar behavior did happen?

We need to collect details so we see different part of the patterns.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 20 Jun 2011, 05:52    Post subject:  

Quote:
1. Had something happen recently that may have been malicious.
The FIRST TIME anything suspect has happened in a Puppy OS.
Clicked on a link given in the Puppy forum, to stream a video from the web.
Working within Lupu-525.
Part way through the video strange things began to happen.
Is this due to an exploitable vulnerability with Adobe Flash Player? Since then I've installed the latest update.


At first I thought this must be a Flash hijack
Flash contains a programming capacity and it is being targeted by the black hats as it enables them to provide services such as web jacks (moving you to a site they want seen or displaying a site they wish you to believe is real perhaps for data-mining)
http://www.spywarevoid.com/how-to-recognize-a-rogue-website

These are known attacks that will operate from a rogue or compromised site
across operating systems. I have seen such behaviour on my Puppy machine. It may have been Flash, it may have been javascript.

However it sounds like Puppy Lucid was trying to do something on your system, possibly run a media player? It would be great if you could tell us the web site or repeat the behaviour. Smile

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Mon 20 Jun 2011, 09:34    Post subject:  

Sylvander when you write this
Quote:
Clicked on a link given in the Puppy forum, to stream a video from the web.



Could it be this thread?

http://murga-linux.com/puppy/viewtopic.php?t=68118
Watching French TV online in FF stopped working (Lucid 525)

that is what I remember now had a link to something that behaved a bit odd. Bert could not see it but I could but only after some hoops and tricks so maybe that is the link that goes wrong and me found the orginal program and the link maybe go to something else?

Was it some other link. Would be nice to know which link so somebody having a good knowledge could look if it is still there?



I come to think of the French program about politics and critics?
I don't remember but I was active in that thread.

How far back in time did this happen? Should be able to find it again using the link in my Signature. Those who have knowledge in the forum may look through the java code and see it if try to do things that should not be there?
the guy needed help to test if we could see it.
no it was not user name oui but maybe he also wrote in that thread.

but you maybe talk about something else way back in time?

_________________
I use Google Search on Puppy Forum
not an ideal solution though

Last edited by nooby on Sat 25 Jun 2011, 03:03; edited 1 time in total
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 5 [70 Posts]   Goto page: 1, 2, 3, 4, 5 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1017s ][ Queries: 12 (0.0046s) ][ GZIP on ]