Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 25 Jul 2014, 19:21
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How to run Puppy safely?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
Lefty Mills

Joined: 17 Apr 2006
Posts: 18

PostPosted: Sun 03 Nov 2013, 08:59    Post subject:  How to run Puppy safely?  

I love Puppy and while not an expert, I can appreciate the genius of Puppy's operating system. We are told that Puppy is safer for web banking, and each time we log out the operating system is removed from memory, thus getting rid of any malware that may have entered the system.
This is true for a frugal install, but, I believe, not true for a full install. For a full install, is the operating system loaded into memory from lupu_528.sfs when booted, and deleted at log out?
I think not.

For a frugal install, I am not sure that the file lupu_528.sfs is completely safe. After the first boot, the file lupu_528.sfs is copied to the hard-drive and subsequently loaded into memory from there. Suppose a bad guy gets into the system when one dual boots into Windows and modifies the lupu_528.sfs file. When lupu_528.sfs is next loaded, the malware is in the system. This can be corrected following the first boot of Puppy - when lupu-528.sfs is copied to the hard-drive – by changing the properties of lupu_528.sfs to "read only" for “owner”, “group” and “world”. Nothing in “write” and “exec” should be ticked.

It is my belief that all users of Puppy should be warned as follows -
1) running Puppy in frugal install is much safer than full install, and web banking should not be done in full install.
2) following the first boot, the lupu_528.sfs file should be changed to “read only”.

I am not the first, and will not be the last, to say that the names of frugal/full should be changed. The word “frugal” has a negative connotation and the word “full” a positive one. For years I thought that a full install was better than a frugal install. Perhaps “frugal install” should be called “gold install” and “full install” be called “silver install”.

If I am wrong with what I have written above, I apologize – please correct me. I want to learn.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8028

PostPosted: Sun 03 Nov 2013, 09:13    Post subject:  

I am curious...what exactly would be left in a save file or on a disk in relation to logging into a bank...I hear this so many times and wondered where the potential problem lies.

For my bank it wants account numbers, then part of a pin number then finally an answer to a question.... the last 2 chosen at random.

I have cache set to 0mb as I don't have dial up, use firefox 3.6 as is... do it on linux and windows and use no form of clean up software. Cookies I clear rarely. Connections are encrypted to banks so I assume there is supposed to be some leftover data somewhere to worry about.

mike

edit...there does not seem to be any leftover cookies from my bank either...I assume it uses a php session which expires/disappears the minute I leave the site or do nothing for 10 minutes. (or even use the browse back button)
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sun 03 Nov 2013, 10:49    Post subject: Re: How to run Puppy safely  

Lefty Mills wrote:
I love Puppy and while not an expert, I can appreciate the genius of Puppy's operating system. We are told that Puppy is safer for web banking, and each time we log out the operating system is removed from memory, thus getting rid of any malware that may have entered the system.
This is true for a frugal install, but, I believe, not true for a full install. For a full install, is the operating system loaded into memory from lupu_528.sfs when booted, and deleted at log out?
I think not


The security problem would most likely be an intercepted transmission of a password during the interaction..in which case it wouldn't matter what install you used. Services like Facebook are recording everything you do, including mouse movements.

Another security problem would be someone breaking into your network through some vulnerability in the browser or OS. In that case, a hacker could still record everything on your drives without needing to leave anything. I always encrypt my password file.

The third issue is someone breaking into your database at the bank. Using a complex password and changing it frequently helps. Many people prefer to use something that they can remember, and use the same password for everything.

The fourth security issue involves the data centers themselves. A recent example is the NSA collecting unencrypted data transferred between various holding locations.

Any install of linux is probably more secure against viruses simply because hackers will be typically looking for holes in un-updated windows systems.

Last edited by jpeps on Sun 03 Nov 2013, 11:21; edited 1 time in total
Back to top
View user's profile Send private message 
firak

Joined: 14 Apr 2008
Posts: 174

PostPosted: Sun 03 Nov 2013, 11:17    Post subject:  

My way of safe browsing.
the issue is not about safe puppy or other operating system, is about the browser.
I don't worry about viruses in linux - but I don't like garbage files .
so in the browser.
my set up Firefox.in the settings. delete history and cookies when i close automatically.
add on -do not track me - it also track me, make statistic of my not be tracked, anyway.
I do not store sensible password.
close FF periodically so it clean itself form cookies.
add on -flash block -so i click to flash items when i wont, I think this reduces the flash cookies.
I do not open other windows or tabs of the browser, while I logged in bank account.

baks use https protocol, suppose to be safe-is encrypted.

Of course pfix=ram is the most safe, but - is not useful if you have to set up internet connection each time. Some puppy discussion talk bout a way to log in as "guest" for a temporary session, not saved in the pup save. I' not an expert of that.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8028

PostPosted: Sun 03 Nov 2013, 13:55    Post subject:  

Security by obscurity is a commonly quoted reason for linux advantages but its more to do with being designed securely from the ground up.

Windows has a web browser integrated into its operating system consisting of active x controls and a zone authentication systems that's just so easy to get around ... running as non admin is actually one way to slightly improve the situation. The ability to automatically download and run a file is lacking on Linux... it requires manual intervention. Viruses can have similar effects on linux IF you can actually get them onto the system, then make it executable and finally run it.
One example is such as adobe used to be able to silently update your flash player on windows.... mimic its method and your in. Such holes get plugged but there's a fundamental flaw in the design.

Back to the specific bank scenario.... https.... so how exactly would a password be intercepted?. In my example a password is not used but a series of questions so cracking a simple password does not apply at least for banks with a decent level of steps to go through. And again is there somewhere locally where anything that could be (ab)used be stored?.... if say a keylogger was being used (how on linux?) then storage would not be relevant either.

One thing I do notice is a significant amount of phishing emails that wander about.... 'your account is frozen..log in to sort it'..... probably a more successful way to grab details compared to filtering through piles of encrypted hard to get at data...one from 'ebay' did nearly fool me once.

Bottom line of querying here is what is really needed to use online banking (and credit card usage for that matter) safely and what is not.

10 years of windows and linux and internet banking and my only steps were to banish IE but I may be overlooking something.

Perhaps if anyone has examples of cases where personal bank accounts have been sucessfully exploited with information of how it was actually done that might gives us more information to gain a clearer picture and then take suitable steps to make life a little more secure.

mike
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10930
Location: Arizona USA

PostPosted: Sun 03 Nov 2013, 18:25    Post subject:  

Burn a Puppy DVD, boot it, configure your Internet access, install the programs you want, open the browser and adjust all the settings to your liking but don't go to any websites, then shut down, saving to the DVD. This creates a multisession DVD. Use this DVD for banking or whatever else that makes you worry about online security when you do it, but never save to the DVD again. I like Mike's idea of setting the browser's cache to zero if you have an Internet connection that's faster than dial-up.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8028

PostPosted: Sun 03 Nov 2013, 18:47    Post subject:  

Quote:
I like Mike's idea of setting the browser's cache to zero if you have an Internet connection that's faster than dial-up.

I did such to save space...I removed IE to make windows 98 stable/useable.... sometimes I/we inadvertantly benefit in ways not related to the initial reasons for changes that I/we make.

Perhaps some of the perceived problem is related to Internet Explorer's insistance in keeping multiple copies of your browsing habits scattered around the system and possibly within easy reach of the outside world...... its mass usage and the accompying infamous insecurity has created a culture of suspicion when it comes to using the internet in general especially where money is concerned.

mike
Back to top
View user's profile Send private message 
d4p


Joined: 12 Mar 2007
Posts: 406

PostPosted: Mon 04 Nov 2013, 00:57    Post subject:  

Lightbeam is a Firefox add-on that enables you to see the first and third party sites you interact with on the Web.

https://addons.mozilla.org/en-US/firefox/addon/lightbeam/?src=search
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Mon 04 Nov 2013, 01:56    Post subject:  

d4p wrote:
Lightbeam is a Firefox add-on that enables you to see the first and third party sites you interact with on the Web.

https://addons.mozilla.org/en-US/firefox/addon/lightbeam/?src=search


Some interesting comments:

Quote:

I installed it. Holy effing smokes. These sneaky little bastards are all over the place.
original.jpg
 Description   
 Filesize   51.81 KB
 Viewed   366 Time(s)

original.jpg

Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0788s ][ Queries: 12 (0.0036s) ][ GZIP on ]