Viruses in PUPPY Linux, YES, "Viruses in Linux"
Thanks Bruce. What user name and password has Puppy?
When are one supposed to set up such for root?
We need a better word than Virus to refer to unwanted intrusion.
Unwanted Deceptive Code entering the computer regardless of how it did enter.
Could be the user who click a deceptive link.
When are one supposed to set up such for root?
We need a better word than Virus to refer to unwanted intrusion.
Unwanted Deceptive Code entering the computer regardless of how it did enter.
Could be the user who click a deceptive link.
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
Yes @Sky Aisling and Yes @Nooby. I think you're seeing what I getting at. Others are too.
Its not just that exploitation occurs; they do and will continue. But, in Linux, who delivered the notion that exploitations (viruses) "do not occur?" Further why did this notion occur. This is NOT a conspiracy, Its a paradigm.
We are saying (asking) the same?
When I report an anomaly that is observed within a subsystem/OS, it gets patched or fixed via an upgrade. Often times, we are told that it is a security mod.
But, often times the user community is exploited before the discovery is made. When in Linux, what are we to call it?
This is not a "yell in the wild". The awareness level is already being seen right here in Puppyland.
Its not just that exploitation occurs; they do and will continue. But, in Linux, who delivered the notion that exploitations (viruses) "do not occur?" Further why did this notion occur. This is NOT a conspiracy, Its a paradigm.
We are saying (asking) the same?
When I report an anomaly that is observed within a subsystem/OS, it gets patched or fixed via an upgrade. Often times, we are told that it is a security mod.
But, often times the user community is exploited before the discovery is made. When in Linux, what are we to call it?
This is not a "yell in the wild". The awareness level is already being seen right here in Puppyland.
I picture Flash running from his live DVD puppy with no hard drive.
So in his case, I guess it would be that the computers memory got a virus.
It would take a bit of extra work for a virus to be set up so as to save itself to a live DVD session!
I also got one of those popup warnings that my computer was infected and a quick scan was being done.
So I see a Windows XP desktop with a virus scanner running.
I was running Puppy and thought it was fun to watch.
But.....
My wifes PC running Windows XP had the same thing show up.
I walked over and powered down her computer, but the damage was done.
After rebooting, any application I tried to open brought up a popup window saying the application was infected and to buy their product to remove the virus.
I determined a startup program had been installed and booted Puppy from cd and removed that nasty program.
So in my case, I lucked out.
So in his case, I guess it would be that the computers memory got a virus.
It would take a bit of extra work for a virus to be set up so as to save itself to a live DVD session!
I also got one of those popup warnings that my computer was infected and a quick scan was being done.
So I see a Windows XP desktop with a virus scanner running.
I was running Puppy and thought it was fun to watch.
But.....
My wifes PC running Windows XP had the same thing show up.
I walked over and powered down her computer, but the damage was done.
After rebooting, any application I tried to open brought up a popup window saying the application was infected and to buy their product to remove the virus.
I determined a startup program had been installed and booted Puppy from cd and removed that nasty program.
So in my case, I lucked out.
Just now discovered that a 1GB Flash Drive I use to hold valuable/useful PET files and such...
Has LOST all of its former contents...
Which have been replaced by .REC and .REN filpairs...
Numbered from 0000, increasing by one digit steps all the way to 0127, when .REN ceases, and .REC continues all the way to 1342.
This drive was probably connected at the time of "the event" mentioned previously.
Has LOST all of its former contents...
Which have been replaced by .REC and .REN filpairs...
Numbered from 0000, increasing by one digit steps all the way to 0127, when .REN ceases, and .REC continues all the way to 1342.
This drive was probably connected at the time of "the event" mentioned previously.
- Attachments
-
- 00.jpg
- (23.21 KiB) Downloaded 781 times
The user name is arbitrary: rootnooby wrote:Thanks Bruce. What user name and password has Puppy?
When are one supposed to set up such for root?
You can set the root password using the passwd utility. Very easy
Code: Select all
[~] passwd
Changing password for root
New password:
Virus is too specific. How about badware or malware?nooby wrote:We need a better word than Virus to refer to unwanted intrusion.
~
I would want specifics to support the claim "But, often times the user community is exploited before the discovery is made."gcmartin wrote:But, often times the user community is exploited before the discovery is made. When in Linux, what are we to call it?
This is not a "yell in the wild". The awareness level is already being seen right here in Puppyland.
Even if true, it seems we'd have to be exploited before we could discover we were being exploited.
I think it is because we are not being exploited we don't have our guard up, which isn't wise from a security perspective.
~
- Sky Aisling
- Posts: 1368
- Joined: Sat 27 Jun 2009, 23:02
- Location: Port Townsend, WA. USA
1. Bruce B said to me:
"Would it be too much trouble explaining step by step what happened?"
See this post earlier in this thread.
"Would it be too much trouble explaining step by step what happened?"
See this post earlier in this thread.
Thank youSylvander wrote:1. Bruce B said to me:
"Would it be too much trouble explaining step by step what happened?"
See this post earlier in this thread.
I think I meant what happened to the USB files. It looked to me like maybe you ran a file system repair utility in hopes of fixing it.
Also, in the off chance you kept the old pupsave file I could try and do a postmortem on it if you want.
The Flash plugin is proprietary. It has never been safe. We can't know all Adobe withholds from us or its weaknesses. Such is the nature of closed source software.
It is risky to use the Flash plugin. I take the risk as I think most people do.
I also decided to run Firefox as user spot and I'm very pleased doing it that way.
Bruce
~
@8-bit
1. "Do you remember the section and the post that gave the video link that gave you the problem."
See this post giving the reply to that same question [by rjbrewer] in my thread on the subject.
@Bruce B
2. "I think I meant what happened to the USB files."
I've no idea, the first time [a few days after the "event"] I mounted the partition on the Flash Drive, all my files were gone, with a load of other files in their place.
3. "maybe you ran a file system repair utility in hopes of fixing it."
I did nothing to the Flash Drive...
I wonder if some Puppy [or Win2000Pro?] did the deed automatically?
I've been working on Legacy OS 2, which wouldn't boot at first, then I tried using a "Smart Boot Manager" [SBM] floppy, and afterward both CD-R & CD-RW would boot OK.
Normally I have no trouble by leaving the Flash Drive connected.
4. "in the off chance you kept the old pupsave file I could try and do a postmortem on it if you want"
I deleted the [infected?] lupusave file, and restored a recent backup lupusave.
1. "Do you remember the section and the post that gave the video link that gave you the problem."
See this post giving the reply to that same question [by rjbrewer] in my thread on the subject.
@Bruce B
2. "I think I meant what happened to the USB files."
I've no idea, the first time [a few days after the "event"] I mounted the partition on the Flash Drive, all my files were gone, with a load of other files in their place.
3. "maybe you ran a file system repair utility in hopes of fixing it."
I did nothing to the Flash Drive...
I wonder if some Puppy [or Win2000Pro?] did the deed automatically?
I've been working on Legacy OS 2, which wouldn't boot at first, then I tried using a "Smart Boot Manager" [SBM] floppy, and afterward both CD-R & CD-RW would boot OK.
Normally I have no trouble by leaving the Flash Drive connected.
4. "in the off chance you kept the old pupsave file I could try and do a postmortem on it if you want"
I deleted the [infected?] lupusave file, and restored a recent backup lupusave.
Sylvander,
It appears to my critical and skeptical eye that you really got hit by something nefarious.
Flash plugin has known exploits. The general rule is - it is exploited by specially crafted flash files.
Also, worth considering is, even so called reputable companies put bad flash files in your browser. This happens when they outsource work to people in far away places and the company doesn't have direct control over their own flash media.
My rule is try not to interact with the media, but this isn't always easily done. Let alone a cure all.
Thanks for your replies.
Bruce
~
It appears to my critical and skeptical eye that you really got hit by something nefarious.
Flash plugin has known exploits. The general rule is - it is exploited by specially crafted flash files.
Also, worth considering is, even so called reputable companies put bad flash files in your browser. This happens when they outsource work to people in far away places and the company doesn't have direct control over their own flash media.
My rule is try not to interact with the media, but this isn't always easily done. Let alone a cure all.
Thanks for your replies.
Bruce
~
- Sky Aisling
- Posts: 1368
- Joined: Sat 27 Jun 2009, 23:02
- Location: Port Townsend, WA. USA
Reacting to Media?
Bruce wrote:
What do you mean, not to interact with the media? What do you mean by the word *media*?My rule is try not to interact with the media...
Re: Reacting to Media?
In the context - the media is flash objects. A movie you watch as an example. Maybe an advertisement.Sky Aisling wrote:Bruce wrote:
What do you mean, not to interact with the media? What do you mean by the word *media*?My rule is try not to interact with the media...
Some videos encourage you to click on a hyperlink embedded in the video. I don't click on those things. This is an example of what I mean by not interacting.
~
- RetroTechGuy
- Posts: 2947
- Joined: Tue 15 Dec 2009, 17:20
- Location: USA
Root has a default password set (as you will see if you open one of the TTYs available, behind your GUI, and try to log in on the that text console...)nooby wrote:Thanks Bruce. What user name and password has Puppy?
When are one supposed to set up such for root?
Type: <cntl><alt>F1-4 to access those TTYs... F1 is the window, upon which X is launched. F2 and F3 are available console windows. F4 brings you back to the GUI interface.
The default password is "woofwoof". The command "passwd" will let you change it. (this doesn't change that you are already running as root, and automagically logged in, so anything you do has permissions).
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
Thanks RetroTechGuy ,
now that you remind me then I do recognize the password woofwoof.
and that one get automatically logged in.
Very embarrassingly but I got lost trying to get this part
When I came from the Country and arrived at our Big City then I saw a TTY at the Tele Museum and then later I even sat at one in the Royal HighSchool HAM RadioClub and wow them are impressive.
TeleTYping?
One guy told us about that he was tele something into his Kindle using Puppy so that maybe is something similar then? One use the computer OS and Console as a tele type terminal and send commands to the other computer over some TTY protocol?
now that you remind me then I do recognize the password woofwoof.
and that one get automatically logged in.
Very embarrassingly but I got lost trying to get this part
Not your fault I am incredibly dense at times. I've used Puppy daily now since a year or so and have remotely heard the word TTY being mention but never had any motivation to know what it refers to.if you open one of the TTYs available, behind your GUI, and try to log in on the that text console...)
When I came from the Country and arrived at our Big City then I saw a TTY at the Tele Museum and then later I even sat at one in the Royal HighSchool HAM RadioClub and wow them are impressive.
TeleTYping?
One guy told us about that he was tele something into his Kindle using Puppy so that maybe is something similar then? One use the computer OS and Console as a tele type terminal and send commands to the other computer over some TTY protocol?
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
- RetroTechGuy
- Posts: 2947
- Joined: Tue 15 Dec 2009, 17:20
- Location: USA
Well, in Linux, it's among your "devices": tty0, tty1, tty2...nooby wrote:Thanks RetroTechGuy ,
now that you remind me then I do recognize the password woofwoof.
and that one get automatically logged in.
Very embarrassingly but I got lost trying to get this part
Not your fault I am incredibly dense at times. I've used Puppy daily now since a year or so and have remotely heard the word TTY being mention but never had any motivation to know what it refers to.if you open one of the TTYs available, behind your GUI, and try to log in on the that text console...)
They are basic (nongraphical) console windows. Your first tty window has X running from it, and you have 2 more that are "unused" (and you can switch to those, log in, run "top" or "ps xua" to identify troublesome processes, and kill them from the command line).
When you crash out of X, you end up on a command-line console window -- and from there, can type "poweroff" to completely shut down. Or from this window, you can restart X via "xinit" (and I believe that a couple other commands are synonymous).
Basically,...Yup...When I came from the Country and arrived at our Big City then I saw a TTY at the Tele Museum and then later I even sat at one in the Royal HighSchool HAM RadioClub and wow them are impressive.
TeleTYping?
http://www.linusakesson.net/programming/tty/index.php
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
- The Fly Roper
- Posts: 4
- Joined: Thu 21 Apr 2011, 02:59
Hi everyone. Longtime reader. Love puppy madly.
So here's my thought, which, in spite of the fact that these threads come up at least once a month, isn't brought up enough.
So puppy runs as root. Let's think about the worst case scenario for root user being compromised in puppy, which is (in its current design) a single-user, home system.
You go to a site that attaches malware to puppy. It's a morphing virus that's difficult to track, since the code changes every time it propagates. It attaches to the kernel, which is on most systems the most desirable target.
Puppy user turns off computer. Kernel disappears. Poof.
Puppy user turns on computer. Kernel is brand new, in perfect state from boot disc. So are most of the system files, since they also live on the boot disc.
Puppy lives in a sandbox. Now although, since, while running as root, an attacker could theoretically open any disc drive attached to the device, they might be able to open some drives. Still, turn it off and turn it on, and you've just outwitted the attacker.
A static configuration, such as the one on the puppy disc, solves SO MANY security problems. On a system where all your system files are permanently on the hard drive, running as root means you would either 1) have to find the attacked, modified file, or 2) reinstall the whole system from the ground up and hope the attacker wasn't lurking in your data drives (which I sure hope you put on separate partitions!)
Now, none of these attacks are easy, or particularly likely, ESPECIALLY if you're browsing sensibly. I proposed attacking the kernel because it's one of the few things every subspecies of linux has in common. But let's presume, for the sake of argument, that somebody actually did compromise system files. Now, if you're running a save file, they've attached to a file that you're saving there.
OMG!!!!1!!!1111 You've lost, at most, 1.25 Gigs of stuff! And you almost certainly will know what is important on your save file. Just pull the stuff you care about off of it, create a new save file, and 'shred -u' the last one. Boom, virus gone, completely new OS, and you've lost, what, half an hour?
Now, I'm not saying this is a suitable system for fully automated servers. That's a completely different story. But for a single user system, from a recoverability perspective Puppy is hard to beat. Add the speed and usability that are both priorities of the excellent dev team and you've got a real winner of a system.
So here's my thought, which, in spite of the fact that these threads come up at least once a month, isn't brought up enough.
So puppy runs as root. Let's think about the worst case scenario for root user being compromised in puppy, which is (in its current design) a single-user, home system.
You go to a site that attaches malware to puppy. It's a morphing virus that's difficult to track, since the code changes every time it propagates. It attaches to the kernel, which is on most systems the most desirable target.
Puppy user turns off computer. Kernel disappears. Poof.
Puppy user turns on computer. Kernel is brand new, in perfect state from boot disc. So are most of the system files, since they also live on the boot disc.
Puppy lives in a sandbox. Now although, since, while running as root, an attacker could theoretically open any disc drive attached to the device, they might be able to open some drives. Still, turn it off and turn it on, and you've just outwitted the attacker.
A static configuration, such as the one on the puppy disc, solves SO MANY security problems. On a system where all your system files are permanently on the hard drive, running as root means you would either 1) have to find the attacked, modified file, or 2) reinstall the whole system from the ground up and hope the attacker wasn't lurking in your data drives (which I sure hope you put on separate partitions!)
Now, none of these attacks are easy, or particularly likely, ESPECIALLY if you're browsing sensibly. I proposed attacking the kernel because it's one of the few things every subspecies of linux has in common. But let's presume, for the sake of argument, that somebody actually did compromise system files. Now, if you're running a save file, they've attached to a file that you're saving there.
OMG!!!!1!!!1111 You've lost, at most, 1.25 Gigs of stuff! And you almost certainly will know what is important on your save file. Just pull the stuff you care about off of it, create a new save file, and 'shred -u' the last one. Boom, virus gone, completely new OS, and you've lost, what, half an hour?
Now, I'm not saying this is a suitable system for fully automated servers. That's a completely different story. But for a single user system, from a recoverability perspective Puppy is hard to beat. Add the speed and usability that are both priorities of the excellent dev team and you've got a real winner of a system.