I noticed a comment in another thread that someone hasnt seen any Linux based malware, whilst ive replied in that tread, i think its also worth posting about security in the Linux section of the forum.

Their is a misconception that "if i use Linux i wont have any security problems" unfortuntly that isnt true anymore (persoanly i doubt if it ever was), theirs a lot of Linux malware out their nowdays, but luckly also a number of provders of Linux AV and other security products, some are free, some are commerical, and iam certainly not making any specific recomendations, other than if you use a Linux PC or lappy, PLEASE take your security as seriously as you would as if you had a windows machine.

These links should help you find details of specific applications that you should consider installing for your protection.

Linux Anti-Virus (http://www.linux.org/apps/all/System/Anti-Virus.html)

Linux FireWalls (http://www.linux.org/apps/all/Networking/Firewalls.html)

Linux Anti-Spam (http://www.linux.org/apps/all/Administration/Anti-Spam.html)

Linux Security (http://www.linux.org/apps/all/Administration/Security.html)

As with windows you should use just one AV and one Firewall product, otherwise they can "clash" just as in windows and leave you less, rather than more secure.

theirs a lot of Linux malware out their nowdays,

obviously someone could trick you into running a program "Destroy my computer" with full privalages, Linux wont even try to protect you from that, but I don't remember hearing anything recently about Linux being at risk, perhaps you could name a few Linux viruses that have been seen in the wild recently

That sounds like a challenge Mr T

to which i am sure Orac will oblige you

It is BlackMirror. It is.

As a malware analysist i dont normally provide details of such things on public boards, however as the baddies allready know about this one, i cant see any harm can come from suggesting you try a google search, heres the results of one i just did for the purpose of this post

Results 1 - 10 of about 2,350,000 for Linux kernel vulnerability. (0.16 seconds)


Extracts from just some of links you will find

================================================== =========
Ubuntu Security Notice USN-489-1 July 19, 2007
linux-source-2.6.15 vulnerability
CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000,
CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525,
CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3380,
CVE-2007-3513
================================================== =========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.



Synopsis: Linux kernel uselib() privilege elevation
Product: Linux kernel
Version: 2.2 all versions, 2.4 up to and including 2.4.29-pre3, 2.6 up
to and including 2.6.10
Vendor: http://www.kernel.org/
URL: http://isec.pl/vulnerabilities/isec-0021-uselib.txt
CVE: CAN-2004-1235
Author: Paul Starzetz <ihaquer@isec.pl>
Date: Jan 07, 2005
Updated: Jan 09, 2005


Issue:
======

Locally exploitable flaws have been found in the Linux binary format
loaders' uselib() functions that allow local users to gain root
privileges.


Details:
========

The Linux kernel provides a binary format loader layer to load (execute)
programs of different binary formats like ELF or a.out and more. The
kernel also provides a function named sys_uselib() to load a
corresponding library. This function is dispatched to the current
process's binary format handler and is basically a simplified mmap()
coupled with some header parsing code.

An analyze of the uselib function load_elf_library() from binfmt_elf.c
revealed a flaw in the handling of the library's brk segment (VMA). That
segment is created with the current->mm->mmap_sem semaphore NOT held
while modifying the memory layout of the calling process. This can be
used to disturb the memory management and gain elevated privileges. Also
the binfmt_aout binary format loader code is affected in the same way.


Discussion:
===========

The vulnerable code resides for example in fs/binfmt_elf.c in your
kernel source code tree:




Linux Kernel Problems
Vulnerabilities have been reported in various Linux kernels, including: a problem in epoll system calls that may be exploitable to gain root permissions; a buffer overflow when writing to sysfs; a buffer overflow in the MoxaDriverIoctl() function; several network bases remotely exploitable to denial-of-service attacks; overflows in the roc_file_read() and locks_read_proc() functions; a problem with the copy_from_read_buf() that may be exploitable to read kernel memory; a locally exploitable denial-of-service attack vulnerability in the PPP code; a bug in the ext2 and ext3 filesystems that could result in default ACLs disappearing; and a denial-of-service attack based on a bug in the VC_RESIZE ioctl that may be exploitable by a user logged in on a console.

It is recommended that all Linux users watch their vendors for a kernel package that addresses these issues. SuSE has released packages for SuSE Linux 8.2, 9.0, 9.1, 9.2; SUSE Linux Desktop 1.0; SUSE Linux Enterprise Server 8 and 9; and Novell Linux Desktop 9.


You could also check out this link which will give you deatils of some of the other more commonly known Linux exploits (http://www.linuxsecurity.com/)

It should be rembered that anything that can be coded, can be hacked, if enough resources are thrown at it. It doesnt matter WHAT system you use, it will be broken by somebody sometime. Dont believe me, well the germans during the second world war thought their Enigma system was uncrackable, history tells us otherwise.

Is Linux more secure than windows, yes it is.

Is Linux 100% secure, no it isnt.

Would the organisations in the first links i posted be using their resources to develop security products for Linux if real threats didnt exist in the real world, i think not.

As a malware analysist i dont normally provide details of such things on public boards, however as the baddies allready know about this one,
IMO the baddies probobly know about most of these before the goodies. Besides if you don't publish it how can people protect themselves?

It should be rembered that anything that can be coded, can be hacked, if enough resources are thrown at it. It doesnt matter WHAT system you use, it will be broken by somebody sometime.
I agree, but I do think it is possible to design a system where the cost of hacking is greater than the rewards. Not sure if Linux is that system though.

Would the organisations in the first links i posted be using their resources to develop security products for Linux if real threats didnt exist in the real world, i think not.
They would be developing security products for Linux if they thought they could make money from them. Weather they actually solve security problems is quite irrelivent. Besides anti-virus on Linux mail servers, or file servers is vital, it protects the Windows clients.


Now in response to you're posted threats:

Firstly I asked for examples of malware found in the wild You haven't given me any, you gave vulnerabilities. If Linux vulnerabilities are too hard to exploit, or fixed too quickly, or for some other reason not exploited then Linux users can happily and justifiably feel safe from threats. The way to tell if Linux is safe or not is by a count of malware, not vulnerabilities.

Btw, you've only posted kernel vunerabilities, IMO the real place to look is in browsers, servers, or web services (and the languages used to write them, PHP, python, perl etc). Of course apart from browsers the normal home user won't be using any of that.

The first two (the third doesn't give enough info for a real response) target old versions of the kernel, most probably fixed by now. And the second also says you need to be a local user to exploit it.

IMO the baddies probobly know about most of these before the goodies. Besides if you don't publish it how can people protect themselves?.

They are published, on private security forums, I for one am NOT going to publish anything of that nature on a public forum. People can protect themselves by using, and keeping updated, Linux AV and firewalls, links to which are in my original post in this topic.


They would be developing security products for Linux if they thought they could make money from them. Weather they actually solve security problems is quite irrelivent.

Agreed in part, However a lot are being devloped in open source, so theirs no profit motive attributable to those, but i do take your point about the "profit motive" in general.


Firstly I asked for examples of malware found in the wild You haven't given me any, you gave vulnerabilities.


As previously stated iam not publishing anything that could help spread malware.

IMO the real place to look is in browsers, servers, or web services (and the languages used to write them, PHP, python, perl etc). Of course apart from browsers the normal home user won't be using any of that.


Most server exploits are currently written in perl (although base64 is becoming more common) so agreed the average user has little to fear on that front.

However their are also exploits aimed at browsers, the hackers "holy grail".

I have demonstrated the EXISTANCE of Linux exploits, which i believe covers your original question Linux being at risk If you believe theirs no risk to a Linux user, then we will have to agree to disagree.

People can protect themselves by using, and keeping updated, Linux AV and firewalls, links to which are in my original post in this topic.
Sometimes a security flaw may take a long time to fix, it should be published so that people can work around it rather than trying (and most probably failing) to keep it hidden. For example Mozilla published details of a vulnerability in the autopassword system for sites like myspace where users can embed their own javascript code. (I think that's what it was, I'm going form memory). Knowing this people can protect themselves.

Oh, that perticular exploit won't be stopped by a firewall (unless you block firefox) or an anti-virus. you have to turn of automatic passwords or avoid sites where users can write their own Javascript.


Agreed in part, However a lot are being devloped in open source, so theirs no profit motive attributable to those, but i do take your point about the "profit motive" in general.
Yes but there are other motives than protecting Linux end user desktops. ClamAV, the most promiment open source AV's wikipedia entry has this in the first paragraph:
It is mainly used with a mail exchange server as a server-side email virus scanner.
A statement backed up by the official website's first paragraph
designed especially for e-mail scanning on mail gateways

Similarly Anti-spam for Linux doesn't mean Linux users are at risk. Spam isn't a risk unless you're stupid.


Firstly I asked for examples of malware found in the wild You haven't given me any, you gave vulnerabilities.
As previously stated iam not publishing anything that could help spread malware.
Dose this (http://www.sophos.com/security/top-10/index.html) help the spread of malware? I can't see how. All I'm asking for is names and descriptions of malware that targets Linux, every prominent anti-virus vendor publishes that sort of info about what it discovers.

I have demonstrated the EXISTANCE of Linux exploits, which i believe covers your original question
No, to awnser my origonal question you will have to provide evedence that people are actually abusing those exploits.

If you believe theirs no risk to a Linux user, then we will have to agree to disagree.
I don't agree to disagree, I plan to continue this until you provide some evidence, admit you have none, or it becomes clear to a bystander that you don't have any evidence.
If you publish evidence I plan to analyse it to see weather it is a real or minor threat to Linux, and debate that point with you.

I don't agree to disagree, I plan to continue this until you provide some evidence, admit you have none, or it becomes clear to a bystander that you don't have any evidence.


I have provided evidence that Linux is open to abuse, if your not willing to accept that FACT theirs nothing i can do to persuade you.

de nile isnt just a river in Egypt, which my friend i my last word on the subject. I hope that those who read this topic will take steps to protect themselves, it saves a reinstall and the potential loss of valuable data and/or finding someone has helped themselves to your bank account.

I have provided evidence that Linux is open to abuse, if your not willing to accept that FACT theirs nothing i can do to persuade you.

And you could accept the FACT that "open to abuse" is only _potential_ abuse. Since the beginning I have asked you to give examples of _actual_ abuse, you're quite clear such examples are abundant.
theirs a lot of Linux malware out their nowdays

yet you have refused to name a single example, yet alone evidence of the widespread risk you claim exists, Why? Or perhaps a better question is why did you claim there is a wide spread risk in the first place? You clearly have no evidence and conventional wisdom says the opposite to you, the wikipedia only lists 23 Linux viruses (http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses_and_worms), including one discovered in 1996 and eradicated by 1997.

Please don't claim there is a large risk to Desktop Linux users again unless you're willing to back it up with hard evidence.

I have provided evidence that Linux is open to abuse...................I hope that those who read this topic will take steps to protect themselves, it saves a reinstall and the potential loss of valuable data and/or finding someone has helped themselves to your bank account.

Orac, I definitely appreciate your warnings and info provided. I'm just
beginning to serve some of my customers by installing Puppy Linux to their
PCs that also run Windows. Instead of dealing with a dual boot system, I
simply supply them with a PUPPY CD to boot from if they want to run Linux
instead of Windows. I only utilize a 1 GB partition for saving the Puppy
configuration and swap file.

I'll look into setting up a firewall for those who have no router
(hardware firewall) and also look into some malware protection.
Any recommendations for some very basic security
software would be appreciated.

---pete---

For a firewall use IPtables, its built into the kernel and every disto has it. However the distros usually default it to allow everything.

A program like fwbuilder will allow you to use a GUI to generate a shell script, run that script to configure IPtables, and once created you can copy you're script to all you're customers. Just set it up so it runs on boot, every boot.

As for anti-virus, I wouldn't bother. At least not under the current circumstances. If you don't download and run programs from the internet (and thanks to repositorys you don't have to), you're pretty much safe.

Hi PeterF, if i read you Correctly, you want everything on that one cd.

You could either use IPTables as suggested by Tortanick or check out the following, which should be suitable for use via a CD.

Gibraltar Firewall (http://www.linux.org/apps/AppId_8737.html)
Floopy Firewall (http://www.linux.org/apps/AppId_795.html)
Mason Firewall (http://www.linux.org/apps/AppId_839.html)
Seattle Firewall (http://www.linux.org/apps/AppId_874.html)

For av i think your best bet maybe
Clam AntiVirus (http://www.linux.org/apps/AppId_8760.html)

Personally i use Kaspersky Anti Virus but thats a commerical product and probably not what your looking for.

I thought Linux was bullet proof and didn't have any risk of picking up a virus or malware. This is really a surprise to me. :-))

John

I thought Linux was bullet proof and didn't have any risk of picking up a virus or malware. This is really a surprise to me. :-))
I think what Orac is saying is that while Linux may have some vulnerability, it is significantly more secure than Windows. I doubt that this surprises you. ;)

Terry

Depends on what you mean by 'it is more safe than Windows.' The OS used by most people is always going to be the main target of those creating and spreading viruses. All of the nuts out there get way more attention with a virus that attacks Windows. What attention would you get by pushing a virus for Apple or Linux when so few people use the OS?

You'd get google, yahoo, the ny stock exchange (I think) and many many banks. Plus the admiration of you're fellow evil hackers (the only people who's respect matters) for being the first successful person to attack Linux on a wide scale in many years.

And what is ment by more safe than windows (meant by me), is that while Linux has vulnerabilities, no one is exploiting them against desktop users. Server users are at risk but then servers have always been extra risky.

Hi PeterF, if i read you Correctly, you want everything on that one cd.

You could either use IPTables as suggested by Tortanick or check out the following, which should be suitable for use via a CD.

Gibraltar Firewall (http://www.linux.org/apps/AppId_8737.html)
Floopy Firewall (http://www.linux.org/apps/AppId_795.html)
Mason Firewall (http://www.linux.org/apps/AppId_839.html)
Seattle Firewall (http://www.linux.org/apps/AppId_874.html)

For av i think your best bet maybe
Clam AntiVirus (http://www.linux.org/apps/AppId_8760.html)

Personally i use Kaspersky Anti Virus but thats a commerical product and probably not what your looking for.

ok, thanks for the suggestions.
My basic strategy will begin as "no router" then install Firewall
and setup up mainly as one way firewall similar to XP's Firewall.

Then run some malware scans every week or so just to see
if anything is getting through, but not be too concerned about
running malware protection in the background full time.

That will be my starting point. I don't want to get overly
protected at the expense of performance if I don't have to.

I'll report my findings for those interested.

PS: Remember too that I'm running Puppy Linux off the CD
so with each restart, I'm starting with a fresh new OS
to a large extent.

---pete---

ok, thanks for the suggestions.
My basic strategy will begin as "no router" then install Firewall
and setup up mainly as one way firewall similar to XP's Firewall.

Then run some malware scans every week or so just to see
if anything is getting through, but not be too concerned about
running malware protection in the background full time.

That will be my starting point. I don't want to get overly
protected at the expense of performance if I don't have to.

I'll report my findings for those interested.

PS: Remember too that I'm running Puppy Linux off the CD
so with each restart, I'm starting with a fresh new OS
to a large extent.

---pete---

Good Morning Pete, Puppy Linux already has a firewall in the "Wizard Wizard" it is simple to set it up, generally just keep hitting "enter".

With the dozens of machines I have installed Linux to over the last thre years or so I have never experienced any malware problems or installed any anti-virus program.
Some distributions do have malware detection programs in them but I have never experienced any detections when testing with the dozen dedicated machines I have here.
I have done external scans from time to time and never seen any detection, nor have any of my technical friends or clients.

The beauty of Linux systems is that generally any vulnerability is virtually immediately addressed wherever it may be situated, mainly because of the incredible global "parrallel" intelligence technical involvement, interest and progressive nature of that system.

Windows on the other hand is a "turkey-shoot" and can't possibly exist without substantial commercial protective programs, which themselves are generally prone to attack.

I do feel that to have to pay substantial amounts for a system that is inferior and eternally vulnerable with slow patches is somewhat idiotic especially when that system is the point of concentrated attack simply for the sake of sport akin to a duel for so many malware writers.

I gained the opinion that malware protection programs often had update sites infiltrated and updates were being comprimised thus having onward effect.

The other consideration is the repeated regular need for malware scans in windows, with the larger drives that is an awful lot of component wear and tear.

Live CD's such as Puppy Linux have some incredible positive aspects, especially if the initial program is modified and the CD re-mastered for a specific machine and the CD is closed.
This virtually precludes any viral effect apart from any saved material on other medium and if any intrusion were to happen it would only be for one session.

So I advise people not to bother about installing malware protection to their Linux systems but they may do an external scan on occasions if they feel the need or have any worries.

I do feel the live CD system that has evolved with Linux systems is a pretty decent idea.

Cheers, qldit.

This virtually precludes any viral effect apart from any saved material on other medium and if any intrusion were to happen it would only be for one session.

So I advise people not to bother about installing malware protection to their Linux systems but they may do an external scan on occasions if they feel the need or have any worries.

I do feel the live CD system that has evolved with Linux systems is a pretty decent idea.

Cheers, qldit.

gldit,
The above sounds like good advise. Just do an ocacional scan to see
if anything got in. When you say do an EXTERNAL SCAN, what exactly
do you mean by that? How would you perform such a scan?

---pete---

I should think he means online scans Pete like Bitdefender etc:D
Good morning to you:)

I just checked Kaspersky on line scanner and its windows only :(

gldit,
The above sounds like good advise. Just do an ocacional scan to see
if anything got in. When you say do an EXTERNAL SCAN, what exactly
do you mean by that? How would you perform such a scan?

---pete---

Good Evening Pete, no I have a bootable closed CD with an antivirus program on it, (and other stuff) I can boot and simply select whatever drive to scan and away it goes.
I will have to check which system it is, I will post back later. I have a feeling it is Fprot but not sure.
I was using another which as far as I can recall was Bitdefender which operated similarly.

With infected Windows machines that no longer boot it is interesting to use because protected files are no longer protected and there is a need to watch and record what file is being deleted etc.

Cheers, qldit.

How do you update that cd qldit with the latest virus/spyware definitions ???

How do you update that cd qldit with the latest virus/spyware info ???

Good Evening BM, Orac and Pete, actually it is possible to make a bootable CD with your windows system using one of the Barts programs and use whatever A/V system you wish (as far as I know) but I haven't done that.
That method has possibility to also have an online capability and update the A/V.
I do have some Live Linux programs that can scan windows drives and have capability for A/V updating but the main one I use is different and needs to be replaced periodically otherwise the virusbase becomes outdated.

Generally any viral attack in my experience is older stuff that for one reason or another has disabled the normal installed A/V system or been missed for one reason or another.
So external viral scanning has some interesting benefits where protected files can be scanned.

Many of the newer Live CD's for Linux programs also contain rootkit detectors but that is another story.

As an introduction you might checkout the "Ultimate Boot CD" http://www.ultimatebootcd.com/ and try obtaining a free D/L.
I prefer to use ISO files rather than .exe types and it seems the latest version is 4.1.1 (some 100 megs or so)

Anyway, for anyone that hasn't used these types of CD's it is an excellent exercise with the ISO file, it simply creates a bootable CD if a suitable ISO burning program is used.

The free BurnCDCC program is excellent for achieving this in windows. Burn the ISO file at a slow speed for best results, use the speed slider in that program window.

To do this D/L both the UBCD and the BurnCDCC files, place the BurnCDCC file in a folder on your desktop and unpack it back to that same folder.
This particular program is a free running program and does not install, doubleclicking the BurnCDCC icon opens the program and gives a neat little window, direct it to the UBCD ISO file, slide the speed slider across to slowest, shove a new CD in your burner slot and make a couple of other choices, like check the burn and close CD and then begin the burn. This is a neat burning program specifically for burning ISO files to CDs or DVDs and really is a gem of a program. (how can they make something this good and not charge for it!!)

There are Zip or other types of file containing the UBCD files but I suggest sticking to ISO files.

I have just downloaded the latest Ultimate Boot CD and will give it a run shortly, but I have others here which are similar and operate almost identically.

Fprot for DOS is also available free and can be loaded on a suitable bootable CD with OS, as far as I understand it also can be used for W-XP. But I haven't made this one.

Anyone that has never tried a bootable CD viral scan might give this a try, it is a good exercise, but do be careful with some of the tools in it. It is really a technical person's toolbox.
Make sure you record any files deleted, protection may not be present!

Edit, I have burned the UBCD and had a play with the latest version it has Fprot and a couple of other malware detection programs in it that appear to operate pretty well on Windows drives, as for Linux programs specifically for Linux I doubt there is any requirement, if you did want one there are some on the Puppy repository but I really think it is a waste of resources getting one for Linux, especially Puppy.

Some of the other larger Linux distributions contain A/V systems but I haven't bothered running any of them when I have used those other systems.
This particular machine I am currently using has been online for a couple of years on a daily basis running 2 linux and windows ME (rarely ever used) Linux is mainly used for getting windows drivers, some day to day stuff, large downloads and downloading technical stuff, I then transfer the D/L files to flashdrives, CDs or to the Windows drive in this particular triple booter and can scan them running windows.
I must admit I have D/L files from time to time that have been infected but they were windows malware and never had any affect in my linux machines.
I have a second quadruple boot machine alongside and all booting in both these machines uses the Grub Bootloader and run Puppy Linux of different versions almost exclusively. Virtually all my personal online operation uses Puppy, except for visiting the Kicken Chat on your Wednesday evening. So these machines are online most days for at least 12 hours daily and regularly used and never experienced any problems. (Apart from junk mail that is automatically marked as junk and dumped)

I hate leaving any windows machines online for any extended period, receiving email or making any downloads with them and any online banking is an absolute no, after finding a keylogger in one many years ago.
When I did use windows I had regular problems until I used Nod32 and even then I regularly had the hairy fireball show suddenly.
I switched to Linux around the 2002/3 period and never had any problems since.

I have other online machines here but these are my favourites. (Mainly because they have large flat screens and easy to see for my poor eyesight LOL!!)

Cheers, Lawrence.

qldit,
I just read through your previous post. Thank you, I appreciate all the info,
but it's extremely confusing when we combine Windows issues with Linux
issues. Regarding malware detection, to my understanding, what applies to
Windows does not apply to Linux. Therefore, I'll keep this post focused on
Linux only.

On the topic of external scans, it sounds like I need a bootable Linux CD
that contains a malware scanner intended for Linux systems. Correct?
If correct, which Linux malware detection CD would I use?
(Assume that I know how to burn an ISO to CD.) :)


---pete---

Good Afternoon Pete, yes but it is handy to have this particular kind of windows scanner that can check multiple drives and examine the partitioning MBR's etc, which may be affected by a windows virus or malware, even though they may not be running windows entirely.

Check the Puppy repository, I will see if I can find a Live Linux distro here that also has an included preloaded A/V system.

I recall a couple did have that capability.

Edit. OK Pete, I have just D/L XFPROT from the Puppy repository and installed it on this machine, it needs updating before it will operate properly, then it is a case of placing the path to the partition or drive you wish to scan, selecting the type of scan you wish to do and then hit the "scan" button".
The Xfprot window is pretty self explanatory and will take a few minutes to get the idea of how to set it.
You can set it to scan anything or any drive but you need to enter the path in the "Path to scan" window.

Now remembering that Puppy runs entirely in memory and that additional programs added to it in that mode will not appear on reboot needs to be addressed.
Initially I feel that burning an open Puppy Linux CD and then adding and installing whatever additional programs you desire and using the save option when shutting down (burn back to CD) will be needed, I don't know that programs are saved to a save file or partition if that is all that exists on a hard drive, you may need to test this.

So if a saved to CD is thus modified the extra programs should appear on reboot, and also should appear if that Cd is placed in a different machine. (I haven't done this with extra saved programs)

When booted, Puppy should then be able to be saved to the new "save file" on the hard drive or partition etc.

When rebooted Puppy should operate normally and the Xfprot Virus Scanner can be opened from within the Start > Utilities area, this should open the A/V window.

Now the buttons along the bottom of that window are self explanatory and it will have to be immediately updated online, so at this point the update will only be in memory, it may ask for a reboot or restart of Xwindows either way it is probably easier to do a complete reboot to ensure the save file is updated appropriately on the hard drive.

Now when you reboot you should be ready to go, open the program and type in the path to that location of that save file or partition e.g.
/mnt/hda2 and select the type of scan you wish to do, then hit "scan", it will generate a log and the scan will probably take about two seconds, it is amazingly fast. (Because there is not much in that file)
You need to hit the report button to see what happened as it doesn't stay visible for very long after a scan.
You can also scan the actual CD if you wish or the windows partition. (I don't know how effective this program is with windows though)

I have no idea how regular the A/V updates might be but they come down pretty rapidly and are only a couple of megs at most.

I am interested to see how you manage.

I am still looking for a different Live CD with a loaded A/V, I have hundreds of Linux CDs here and I know I have seen several, but my poor memory has been depleted somewhat, maybe some more lubrication might help it! LOL!!

Cheers, qldit.

Good Afternoon All,
Pete, I have had a look at some of the Linux A/V systems, Bitdefender (Linuxdefender) and Plop Linux are two live distros that contain specific Linux A/V systems, XandRos is another that contains an A/V program but it is really for HD installation.
There are quite a few other live distros which appear to more oriented toward windows recovery and I don't know that some of their A/V systems are really functional so much for Linux as for Windows, although some of the literature appears to suggest they operate and detect on both systems.

Avast, Fprot, and many others have Linux A/V scanners available but I don't know how to install them in Puppy, that Xfprot appears to operate pretty well, it has been modified for Puppy as far as I can see.

From my experience I found that installing Puppy to a hard drive was the easiest method for using it, and I also find that having a one gig swap space is extremely useful.
My method of use has been to pinch two gigs of space off the back end of a hard drive and partition and format one gig for Puppy as Ext2 and the other gig as swap. This essentially extends memory significantly and is only used when normal RAM space is taken.

The reason I found this so useful was because I often D/L large files (distros) and burn them with Puppy to Cds. (remembering that Puppy's burn program is two stage and converts the initial material to an ISO file (as far as I understand) before the actual burn process is done.

Further to this, using the Grub bootmanager also appears to improve the windows booting reliability yet gives simple choice of startups.

My reasoning was for recipients to learn to prefer to use Linux mainly because of it's reliability and greater integrity. I rarely get any call-backs for problems, possibly because some of these people are actually dying before their system has any problem.
Some of them are very elderly and email and the surfing the net is much of their life.

One chap was a paraplegic and spent all his time surfing "smutty" sites, when he used windows it was forever infected with the nastiest problems. (checking his browser history was a real eye opener!! LOL!!)
He had no further similar type problems using Puppy.

I feel the xfprot A/V program from the puppy repository also would be a more practical idea to have on the actual hard drive, but so many people are simply using flashdrives as linux system boot sources containing all the system files these days it is difficult to say.
Many of the older machines do not have ability to boot from flashdrives so I found the hard drive install was best, plus the flashdrive failure rate is finite.
I understand Puppy flushing rates for flashdrives was considered to improve reliability.

Of course if an open Puppy Linux CD is used and additional programs are installed and saved back to that same CD with their updates that would be another option, but having to use the CDROM anytime a more reliable system is needed plus the need for a constantly reliable burner doesn't appeal to me.

I normally provide the Puppy CD simply as an emergency tool, but it is rarely needed.

How did you find that Xfprot program?

I think we might get BM to give this kind of live program a try soon!!

Cheers, Lawrence.

How did you find that Xfprot program?


qldit,
I found the xfprot program here... http://web.tiscali.it/sharp/xfprot/
and DL'd it, but it also requires the Gtk+ 2.x libraries. So I tried to
find them following several links from that page and DL'd a file
named.. LATEST-IS-2.14.0

I'm not even sure if I DL'd the correct file because these sites
assume you know all about Linux and offer way too many options.

That's as far as I got. I can see this is going to be very complex
and time consuming because I never installed anything into any
Linux verson yet. I have those 2 files and no idea what to do with
them. :D

I was under the impression that I could simply DL a version of
Linux with the antivirus application already installed and ready
to go as run off the live CD.

Unless I can find some quick way to get through all this, I'm going
to save the project for another time. Right now I need to learn how
to setup a firewall in Puppy Linux. The anti-virus issue takes a lower
priority.

Are there any online malware scanners for Linux?
That would be the simplest solution becasue I only want to "check"
for malware on an occasional basic to see if AV protection is actually
necessary.

---pete---

Are there any online malware scanners for Linux?

I looked earlier and couldnt find one, sorry :(

If i come across one i will post the details in this thread for you.

Good Evening Pete, try going to the Menu > Setup > Wizard wizard, at the bottom of that panel there is an item "Setup a firewall" clicking on that and following the defaults with initiate the firewall, when you shutdown save it appropriately.

You need Puppy online to get the A/V program from the Puppy repository.
To obtain and load the Xfprot antivirus program you will see an install icon on the Puppy Desktop, open it, click button to run the Puppy Package Manager, click button to run the "petget package manager", click the button to "choose and install an official pet package etc., this willl open a two pane window, locate the "Xfprot with GUI" entry in the left hand pane, and hi-light it, hit the add button, this will transfer it across to the other pane, hi-light it and hit the "Okay" button, this will allow a window to appear with choices as to where to source that program online, this will cause several boxes to appear as the program is fetched, downloaded and automatically installed to your machine, it will eventually indicate the program is successfully installed with correct dependencies.

This is more or less the same procedure for all the packages especially arranged for Puppy.

At this time the program has only been loaded to memory, so the save is important when you go to shut Puppy down.
When you reboot you can update Xfprot.
I am assuming you would be using an open CD and leaving it open so that you can save back to it for use in any machine afterwards.
In that case you would have a bootable CD with the Xfprot program included and updated, but that A/V may need further updating from time to time so the CD would have to remain open.

I always close CD's to avoid any chance of them having errors added, and load the programs to the Hard drive, from that loaded medium source, your technique is different so you will have to decide how you will do it.

To load other kinds of programs they need to specially compiled as petget packages suitable for Puppy, there are instructions on how to do this on the Puppy Site, but it is over my head I am afraid, often dependencies get very complicated so it may not be all that simple.

Cheers, qldit.

I am assuming you would be using an open CD and leaving it open so that you can save back to it for use in any machine afterwards.


Actually, I just use the Puppy CD in it's original state as DL'd and burned.
I setup a 1GB partition using 512mb for saving the Puppy configuration
and any data created. The swap file is also on that partition. Once it's
initially setup, I don;t have to think about it becasue any changes I make
are automatically saved when I shut down Puppy. My goal is to have a
unique setup for each machine so that's why I'm doing it this way.

PS: I'm building my Linux knowledgebase and your post will be added
for future reference. Thank you for all your time and encouragement.

---pete---

Good Evening Pete, I just tried an open CD and D/L the Xfprot program to it and updated it.
It works pretty well and saved back to the CD without problem.
I tried various scans and the system appears to operate and enable scanning of any drive or media.

Your scheme is interesting, notice the memory increase in the taskbar, you will probably see that it includes your total additional partition.
This system is very interesting the way it improves overall operation.

One of the first things I usually do is use the Menu > Desktop > Puppy Background, and change the image to the cloud scene or something more pleasant than the default image.
Then use the networking wizard to set the thing online.
Then the set firewall.
It really enhances the operational pleasure.

By the way when you run that Xfprot you need to set the scan target using the "select" button and then use the /root/Xfprot button, (default setting) change it to / xxx the path to desired area drive, partition or file, being the target to scan.
It really takes a few minutes to get the gist of how to set up the scan path.
I imagine you probably had it operating immediately!

I might even have to read the destruction manual for it!! LOL!!

I have just gotten the Avira for Linux A/V program but don't know how to load it or make it into a suitable package. I am surprised that there are so many Linux Anti-virus packages appearing.
I really like the avira products, maybe I can load it to another live linux CD program.
I would love to see what it's GUI is like! LOL!!

See what you have started!!!

I am about to give this "Nimblex" another run, I suspect it may be easier to load different programs to it.

Cheers, Lawrence.

Good Evening Pete, I just tried an open CD and D/L the Xfprot program to it and updated it.


qldit,
I recenly ran the NOD32 online scanner.. http://www.eset.com/onlinescan/
on my Windows PC that I used to DL the Xfprot program. NOD32 identified
it as being malware and deleted the file. I suspect it was a false positive.

---pete---

Good Morning Pete, yes I expect that would be false.
As far as I can see Xfprot contains a test function with a file that may trigger a "false" sense.

By the way, I was looking at some A/Vs and noticed the "Clam" program, it seems to have pretty good write-ups.

Have a look at this URL, http://www.sysresccd.org/System-tools
I made a CD of it when it first appeared but you need a reasonable understanding of linux to really get the full benefit using it. Much is commandline stuff.
Have a read of the programs contained in it!

The current spate of "A Card For You" malware is going to really wreak havoc in a lot of systems, it apparently affects the hard-drive first cylinder, and spreads through email lists.

I don't know if it affects Linux.

I mentioned XandRos Linux recently on another item, the last time I ran that system it was very interesting and pleasant to use, it appears Microsoft now have some financial interest in it and now it is a fully Commercial System that costs a relatively large amount considering the circumstances.
It also now contains a full Linux anti-malware suite!

Maybe this is a sign of things to come!!

Cheers, Lawrence.