How to run Puppy safely?

For discussions about security.
Post Reply
Message
Author
Lefty Mills
Posts: 21
Joined: Mon 17 Apr 2006, 09:54
Location: near the Red Sea

How to run Puppy safely?

#1 Post by Lefty Mills »

I love Puppy and while not an expert, I can appreciate the genius of Puppy's operating system. We are told that Puppy is safer for web banking, and each time we log out the operating system is removed from memory, thus getting rid of any malware that may have entered the system.
This is true for a frugal install, but, I believe, not true for a full install. For a full install, is the operating system loaded into memory from lupu_528.sfs when booted, and deleted at log out?
I think not.

For a frugal install, I am not sure that the file lupu_528.sfs is completely safe. After the first boot, the file lupu_528.sfs is copied to the hard-drive and subsequently loaded into memory from there. Suppose a bad guy gets into the system when one dual boots into Windows and modifies the lupu_528.sfs file. When lupu_528.sfs is next loaded, the malware is in the system. This can be corrected following the first boot of Puppy - when lupu-528.sfs is copied to the hard-drive – by changing the properties of lupu_528.sfs to "read only" for “owner

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#2 Post by mikeb »

I am curious...what exactly would be left in a save file or on a disk in relation to logging into a bank...I hear this so many times and wondered where the potential problem lies.

For my bank it wants account numbers, then part of a pin number then finally an answer to a question.... the last 2 chosen at random.

I have cache set to 0mb as I don't have dial up, use firefox 3.6 as is... do it on linux and windows and use no form of clean up software. Cookies I clear rarely. Connections are encrypted to banks so I assume there is supposed to be some leftover data somewhere to worry about.

mike

edit...there does not seem to be any leftover cookies from my bank either...I assume it uses a php session which expires/disappears the minute I leave the site or do nothing for 10 minutes. (or even use the browse back button)

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

Re: How to run Puppy safely

#3 Post by jpeps »

Lefty Mills wrote:I love Puppy and while not an expert, I can appreciate the genius of Puppy's operating system. We are told that Puppy is safer for web banking, and each time we log out the operating system is removed from memory, thus getting rid of any malware that may have entered the system.
This is true for a frugal install, but, I believe, not true for a full install. For a full install, is the operating system loaded into memory from lupu_528.sfs when booted, and deleted at log out?
I think not
The security problem would most likely be an intercepted transmission of a password during the interaction..in which case it wouldn't matter what install you used. Services like Facebook are recording everything you do, including mouse movements.

Another security problem would be someone breaking into your network through some vulnerability in the browser or OS. In that case, a hacker could still record everything on your drives without needing to leave anything. I always encrypt my password file.

The third issue is someone breaking into your database at the bank. Using a complex password and changing it frequently helps. Many people prefer to use something that they can remember, and use the same password for everything.

The fourth security issue involves the data centers themselves. A recent example is the NSA collecting unencrypted data transferred between various holding locations.

Any install of linux is probably more secure against viruses simply because hackers will be typically looking for holes in un-updated windows systems.
Last edited by jpeps on Sun 03 Nov 2013, 15:21, edited 1 time in total.

firak
Posts: 175
Joined: Mon 14 Apr 2008, 14:07

#4 Post by firak »

My way of safe browsing.
the issue is not about safe puppy or other operating system, is about the browser.
I don't worry about viruses in linux - but I don't like garbage files .
so in the browser.
my set up Firefox.in the settings. delete history and cookies when i close automatically.
add on -do not track me - it also track me, make statistic of my not be tracked, anyway.
I do not store sensible password.
close FF periodically so it clean itself form cookies.
add on -flash block -so i click to flash items when i wont, I think this reduces the flash cookies.
I do not open other windows or tabs of the browser, while I logged in bank account.

baks use https protocol, suppose to be safe-is encrypted.

Of course pfix=ram is the most safe, but - is not useful if you have to set up internet connection each time. Some puppy discussion talk bout a way to log in as "guest" for a temporary session, not saved in the pup save. I' not an expert of that.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#5 Post by mikeb »

Security by obscurity is a commonly quoted reason for linux advantages but its more to do with being designed securely from the ground up.

Windows has a web browser integrated into its operating system consisting of active x controls and a zone authentication systems that's just so easy to get around ... running as non admin is actually one way to slightly improve the situation. The ability to automatically download and run a file is lacking on Linux... it requires manual intervention. Viruses can have similar effects on linux IF you can actually get them onto the system, then make it executable and finally run it.
One example is such as adobe used to be able to silently update your flash player on windows.... mimic its method and your in. Such holes get plugged but there's a fundamental flaw in the design.

Back to the specific bank scenario.... https.... so how exactly would a password be intercepted?. In my example a password is not used but a series of questions so cracking a simple password does not apply at least for banks with a decent level of steps to go through. And again is there somewhere locally where anything that could be (ab)used be stored?.... if say a keylogger was being used (how on linux?) then storage would not be relevant either.

One thing I do notice is a significant amount of phishing emails that wander about.... 'your account is frozen..log in to sort it'..... probably a more successful way to grab details compared to filtering through piles of encrypted hard to get at data...one from 'ebay' did nearly fool me once.

Bottom line of querying here is what is really needed to use online banking (and credit card usage for that matter) safely and what is not.

10 years of windows and linux and internet banking and my only steps were to banish IE but I may be overlooking something.

Perhaps if anyone has examples of cases where personal bank accounts have been sucessfully exploited with information of how it was actually done that might gives us more information to gain a clearer picture and then take suitable steps to make life a little more secure.

mike

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#6 Post by Flash »

Burn a Puppy DVD, boot it, configure your Internet access, install the programs you want, open the browser and adjust all the settings to your liking but don't go to any websites, then shut down, saving to the DVD. This creates a multisession DVD. Use this DVD for banking or whatever else that makes you worry about online security when you do it, but never save to the DVD again. I like Mike's idea of setting the browser's cache to zero if you have an Internet connection that's faster than dial-up.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#7 Post by mikeb »

I like Mike's idea of setting the browser's cache to zero if you have an Internet connection that's faster than dial-up.
I did such to save space...I removed IE to make windows 98 stable/useable.... sometimes I/we inadvertantly benefit in ways not related to the initial reasons for changes that I/we make.

Perhaps some of the perceived problem is related to Internet Explorer's insistance in keeping multiple copies of your browsing habits scattered around the system and possibly within easy reach of the outside world...... its mass usage and the accompying infamous insecurity has created a culture of suspicion when it comes to using the internet in general especially where money is concerned.

mike

User avatar
d4p
Posts: 439
Joined: Tue 13 Mar 2007, 02:30

#8 Post by d4p »

Lightbeam is a Firefox add-on that enables you to see the first and third party sites you interact with on the Web.

https://addons.mozilla.org/en-US/firefo ... src=search

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#9 Post by jpeps »

d4p wrote:Lightbeam is a Firefox add-on that enables you to see the first and third party sites you interact with on the Web.

https://addons.mozilla.org/en-US/firefo ... src=search
Some interesting comments:
I installed it. Holy effing smokes. These sneaky little bastards are all over the place.
Attachments
original.jpg
(51.81 KiB) Downloaded 451 times

Post Reply