How can we make Porteus better?

New features which should be implemented in Porteus; suggestions are welcome. All questions or problems with testing releases (alpha, beta, or rc) should go in their relevant thread here, rather than the Bug Reports section.
User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: How can we make Porteus better?

Post#31 by brokenman » 17 Mar 2016, 01:12

If it is present (even in the BIOS) it cannot execute if the media is static
Not so true with an ISO that uses a live filesystem. Even if your media is static, you are booting into a live writable file system where any bug (even in your firmware, since BIOS infections are old school) can wreak its havoc.

My reservations about enabling the firewall by default are that a user wanting to enable, say a torrent client, by default will be on the forums asking why their torrent client doesn't work. We could open up ports for most popular services but where does this stop?
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: How can we make Porteus better?

Post#32 by fullmoonremix » 17 Mar 2016, 03:17

Salutations... :good:

IMHO... :oops: @ the BIOS/CMOS level the only thing malicious code can do with static media is shut down the device. It is unable to gain control of the
installation process because it cannot hijack the bootstrap which is fixed (unless the ISO was already compromised) because the media is read only.

However... this is NOT the case with storage devices like USB drives (eprom dongles and secure drives are the exception).
Just like hard drives... writeable media can be redirected even after a clean boot because the all data is written NOT burned.

Perhaps... in some far distant future some Einstein will figure out a way to burn to fixed media on the fly.
That being the case... (addressing possible intrusion and subsequent infection of writable storage media) using IPS contingency is NOT utopian but highly practical out the box.

Consider this... years ago wireless routers out the box took the "do it yourself" approach until it was realized the average end user (eg. grandma) did not set passwords.
That was the point they realized the default is... better for the user to opt out of contingency than to opt in. And again... your firewall is moot if it closes all ports so the open ones need an IPS even more than VPN.

Best Regards... :beer:
Last edited by fullmoonremix on 11 Apr 2016, 21:34, edited 7 times in total.

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: How can we make Porteus better?

Post#33 by donald » 17 Mar 2016, 04:44

fullmoonremix wrote: @ the BIOS level the only thing malicious code can do with static media is shut down the device.
Get you some insights
http://legbacore.com/Research_files/How ... t_Full.pdf

fullmoonremix

Re: How can we make Porteus better?

Post#34 by fullmoonremix » 17 Mar 2016, 05:21

Salutations... :good:

Thanks for that insight (which is of course... a "given" that I've been aware of for decades) which confirms the the point made.
Basically... compromise of anything (except static media... unless already compromised) is do able.

All compromise requires change. If you can't change it then the alternative is only the nuclear option.
I have lost many devices since '88 this way. However... destroying the device defeats the purpose ("infection").

Again... perhaps in some distant future when we finally master time travel... :unknown:
fixed media can be burned on the fly with malicious code.

Until then fixed media is... Secure by design


Best Regards... :beer:
Last edited by fullmoonremix on 17 Mar 2016, 14:17, edited 1 time in total.

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: How can we make Porteus better?

Post#35 by donald » 17 Mar 2016, 06:31

Well, what's the point.?
One can not compromise the "static media" itself, but imho
It does not make any difference, no matter how clean is the media,
the running system is compromised; even if it is completely running in RAM.
btw
Another nice place to hide malicious code...the RAID controller...and every
Firmware- or OS- Update one has been forced to install-(MS)- you might not even
know that it has been installed / updated.
Image
I'll stop here....off-topic.

fullmoonremix

Re: How can we make Porteus better?

Post#36 by fullmoonremix » 17 Mar 2016, 11:30

Salutations... :good:

Off topic indeed... :no:

Mocking the elephant in the room does not make it smaller (see... Appeal to ridicule also Informal fallacy )
Murphy's Dilemma ("nothing can be done therefore we should do nothing") is NOT Murphy's law .

The point missed doesn't pertain to clean media or compromised memory. It is simply... if the boot is NOT hijacked then you don't have jack (see... Principle of least privilege ).
When the system loads from static media the vector Attack surface shrinks (NOT disappears) because privileges are NOT there even in memory @ boot.

The caveat is (once again)... it is NO panacea. As brokenman pointed out there are still other vectors.
The bottom line is... Fault tolerance NOT nirvana. The point is... contingency NOT guarantee (see... Contingency plan )

In life (which ultimately leads to death)... we are all playing a game of musical chairs (which is why we learn it as children).
The "point" is NOT "if"... it is "when" and how you face it. So... in the end (which we all must face) will it be about contingency or comedy?

Sorry... :unknown: I was a big fan of the "McGyver" TV series (see... MacGyver: MacGyverisms )
The smart money says... half a loaf beats nothing every time when it's the only game in town (unless the game is rigged).

Best Regards... :beer:
Last edited by fullmoonremix on 18 Mar 2016, 01:15, edited 2 times in total.

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: How can we make Porteus better?

Post#37 by donald » 17 Mar 2016, 17:41

what are we talking about, Porteus, a small portable OS to carry in your pocket?
Or are we talking about "how to secure the next mission to mars"?
You might have lifted off a bit, no?

All the theoretical "if and when"..omg
The Admins working at a backbone may have to think about that, i do not.

I use computers since ....I don't even remember..
Have I ever been hacked?..no...at least I'm not aware of.
Spied on, maybe
Is it really worth the effort to build a "Fort Knox" to protect what, a single coin?

also,
The usage of "security" software for Linux requires knowledge,
And knowledge precludes the need for such software.

Yep, mac gyver, I liked him too...when i was young...but now i know that most of
his tricks are based on Theories and won't work in reality.

Do we have the same here?

fullmoonremix

Re: How can we make Porteus better?

Post#38 by fullmoonremix » 17 Mar 2016, 20:37

Salutations... :good:
Or are we talking about "how to secure the next mission to mars"?
We are talking about value. Some people want more than others. The folks @ Hardened Gentoo see things this way (see... Security-focused operating system ).
And knowledge precludes the need for such software.
Really? So that's why... Porteus has a firewall (an iptables frontend "default"). :shock:
All the theoretical "if and when"..omg
"Omg"? Seriously? He (she? they? it?) might be theoretical... but not death which was invented because life is NOT amusing.

Sorry... I'm also a fan of " All Is Lost ".
Consider this... you can either laugh in the dark or simply turn on the light.

Machiavelli once stated... "time is on the side of the defeated". Taking to it's logical extreme gives you... "time is on the side of the resourceful". Contingency IS resourcefulness.

Best Regards... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 22 Mar 2016, 15:48, edited 3 times in total.

donald
Full of knowledge
Full of knowledge
Posts: 2063
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: How can we make Porteus better?

Post#39 by donald » 18 Mar 2016, 02:53

We are talking about value. Some people want more than others.
Imho porteus is meant to be as useful and useable as possible for an "average joe"
Not a geeky / specialized OS for e.g. pentesting like Backtrack or a super secure
wannabe like Tails etc.
Really? So that's why... Porteus has a firewall
The porteus "Firewall" is just a front end for iptables, so one can activate this
packet filter with a click without knowing how it works.
If one knows iptables he/she wouldn't need this Gui at all.
life is NOT amusing.
au contraire
it's like a grand stage...everyone has its role...very busy,busy..and sooo important.LOL
If I were a resident of another world, somewhere in the universe and would look to the earth, it would look like an anthill..
life is just for fun...no reason..no meaning.
Do you think the Universe gives a f**k for what I am doing or if the planet earth exists.?

....get yourself some w**d, go out and watch the sunrise.. :wink:

fullmoonremix

Re: How can we make Porteus better?

Post#40 by fullmoonremix » 18 Mar 2016, 10:55

Salutations... :good:
Imho porteus is meant to be as useful and useable as possible for an "average joe"
Which is why defaults were invented.
The porteus "Firewall" is just a front end for iptables, so one can activate this
Hence a "default". And like the Highlander (film): Plot there should be only one?
life is just for fun...no reason..no meaning.
Therefore pointless... (unless relevant) which is why death was invented. It's a motivator (for juveniles... grownups by default are already motivated).
And man is afraid of it... which is why comedy was invented. Like sex, drugs and rock n' roll... it takes the edge off. Unfortunately... "excess" puts it back on. (see... Human homeostasis: History of discovery )

Sorry... :unknown: I'm also a fan of " The World as Will and Representation "

Best Regards... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 22 Mar 2016, 15:48, edited 2 times in total.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: How can we make Porteus better?

Post#41 by brokenman » 18 Mar 2016, 16:21

Even non-writable is not 'secure by design'. Don't fool yourself. Read Kapersly's paper about the bug they found that has been around since perhaps 1999. It infects the hard drive firmware. Search for EquationFish or GrayFish for an idea on what is possible nowadays. It can essentially load whatever it wants (it hijacks the loading of the first driver) when you boot, and no amount of reformatting/reinstalling is going to kill it. In any case we are Porteus. Security paranoids can download tails.

Imho porteus is meant to be as useful and useable as possible for an "average joe"
This is exactly what Porteus is. Users concerned with their security can go the extra mile an lock down the hatches, but we want to remain as accessible and usable as possible to the average joe. If someone is concerned with security they will actively seek information about how to harden their OS. If they are not concerned they won't bother. I don't want to make life more difficult for users on the pretense that I am trying to secure their data.
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: How can we make Porteus better?

Post#42 by fullmoonremix » 18 Mar 2016, 19:22

Salutations... :good:
Even non-writable is not 'secure by design'. Don't fool yourself. Read Kapersly's paper about the bug they found that has been around since perhaps 1999. It infects the hard drive firmware.
IMHO... :oops: Quite the contrary. You refer to the insecurity of a writable device which confirms the point made so we concur. Your citation is a given and these issues have been known for over 30yrs.
However... this is not what I refer to. I refer to "burnable" NOT "writable" media which to this date and for the distant foreseeable future is "secure by design". The technology to burn "on the fly" does NOT exist.
I don't want to make life more difficult for users on the pretense that I am trying to secure their data.
IMHO... :oops: (again) this is not what I refer to which is why I gave the router example. The "average joe" is grandma. Therefore... the firewall will never be activated the same way router passwords used to be ignored.
So grandma will be hassled with malicious code to save someone else hassle. I don't envy your predicament. In regard to hassle and/or concern... then why bother with a firewall (w/ or w/o a frontend) at all?

Not being concerned about security doesn't mean it is not needed. And not being concerned may also be simply being uninformed and/or unskilled (like grandma?).
The real question here is... will it hassle you to create the hardened (hassle free) defaults? If the answer is yes... then it's NOT a good fit. Perhaps a derivative might address that issue.

I am fully aware of your burden. If (defaulted... preconfigured...) hardening increases it then that in no way helps the official version because maintenance comes first always.
Under better circumstances... the suggestion perhaps might be more useful. That still does not negate it's credibility. There are plenty of respectable projects using this approach whose users aren't hassled.

It appears hassles are introduced often by hasty implementation. Which is one of the reasons why this thread should be highly valued. It raises questions so answers can be found in advance.
I always find your responses to be refreshing. They are practical and free of cynicism. I intend to soon "suggest by example" by posting a derivative that addresses many of the issues I've raised over time.

However... my skill set is limited (I've spent over 3 decades mostly self taught... half of it certified) so it's a long hard slog.
If not well received... @ least it might be an interesting "proof of concept". As they say... "nothing beats a fail like a try".

Oh... I forgot to mention I use Porteus on a diskless (yep... nothing to infect kiosk) system swapping to /tmp with Swapspace (I also use zram).
I'm currently booting from a cd (w/ copy2ram) which only archives to a 128mb stick and I will soon purchase a secure stick to replace the cd.

Best Regards... :beer:
Last edited by fullmoonremix on 20 Mar 2016, 15:58, edited 4 times in total.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: How can we make Porteus better?

Post#43 by brokenman » 19 Mar 2016, 00:14

The technology to burn "on the fly" does NOT exist.
Nor does it need to exist. My point was that even burnable/non-writable media is not a panacea. A bug hiding in your firmware doesn`t much care how you boot. It does not need to write anything to your boot media to wreak its havoc. Just because you lock your door doesn't mean someone cant get in.

Not being concerned about security doesn't mean it is not needed.
Agreed. Those who need it have the tools at their disposal.

then why bother with a firewall (w/ or w/o a frontend) at all?
As I said, the tools are there. If someone wants to lock down they have that option. In the same way that Porteus doesn't have changes encrypted by default, but the tools are there should someone want to.

And not being concerned may also be simply being uninformed and/or unskilled (like grandma?).
Not at all. I am not concerned, yet I have the ability to lock my system down should I choose. I have no need. I am more concerned with my network than my local system.

The real question here is... will it hassle you to create the hardened (hassle free) defaults?
I will be struggling to get a usable system out in time for the next slackware release. ANY extra work is a hassle, but as I mentioned I don't think it is needed. Those that believe it is, have the tools available to do it. You can encrypt all your changes, turn on the firewall, encrypt your entire home directory and put on a tin foil hat. If these were enabled by default there would be all sorts of questions on the forum like, why won't my torrent client work ... I forgot my password and my home directory is encrypted ... etc.

Grandma probably isn't worried about security in the same way that you and I are. Even if we can completely lock down Grandma's system ... this is not where the threat is. The threat for her is a compromised network wherein the data she sends/receives can be intercepted.

If you want to create a derivative that is 'secure by design' then knock yourself out. I have my hands full. Sorry.
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: How can we make Porteus better?

Post#44 by fullmoonremix » 19 Mar 2016, 05:11

Salutations... :good:
My point was that even burnable/non-writable media is not a panacea
Nothing is... I have stated this throughout. The attack vector you describe is one of many. However... to compromise the boot you must compromise the media (unless already compromised)
to compromise burn media you must burn. That technology is many light years away so I will never say never. For now this means the only choice for the bug is to destroy the device. This has happened to me.
Agreed. Those who need it have the tools at their disposal.
Those tools were also available for routers. That industry realized however... opt in created more problems for the user than opt out.
I am more concerned with my network than my local system
Out of context. You were not the point of reference which is why I gave the router example. An entire industry realized the problem of opting in. In truth... it appears there are problems no matter what choice is made.
tin foil hat...
This is the 2nd response of this kind to my point of view. My opinion regarding this has NOT changed since last summer (see... http://forum.porteus.org/viewtopic.php? ... sal#p37111 also Appeal to ridicule )
this is not where the threat is...
The threat is everywhere to everyone's system from anywhere. However... a smaller attack surface is more useful than a larger one. How small it should be for any project is ultimately determined by priority.
If you want to create a derivative that is 'secure by design' then knock yourself out. I have my hands full. Sorry.
This appears to assume a request was being made instead of MY suggestion(s) made in response to the title of this thread. As I stated last summer telling someone what to consider...
is NOT telling them what to do (or even what is right or wrong). What to do and/or believe is up to them. I can only speak for myself and what I might do (or prefer) based on known credible reference.

I shared my goals... to illustrate there may be more options for the community. The one I'm working on and perhaps there are better ones by those more knowledgeable in the works.
Nemesis is an example of an Arch option that addresses a particular concern and/or interest. IMHO... options are useful tools for realizing the potential of the technology that serves our needs.

In the '70's when I studied Shotokan :x my instructor (Sensei) gave me this book... The Book of Five Rings
The passage from it that will always stick out in my mind is... "let your enemy do anything useless while keeping them from doing anything useful".

National Security Agency honeypots can be said to operate on this same principle (see... Honeypot (computing )

This also forms the basis of my interest in "shrinking" (Moore's Law makes "elimination" highly unlikely) my vector attack surface. And the surface of anyone else that is uninformed and/or unskilled (eg. "grandma").

Best Regards... :beer:
Last edited by fullmoonremix on 22 Mar 2016, 21:23, edited 4 times in total.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: How can we make Porteus better?

Post#45 by brokenman » 19 Mar 2016, 22:20

This assumes a request was made instead of a suggestion in response to the title of this thread.
This was not a response to the title at all, but rather a response to your comment ...

"Perhaps a derivative might address that issue."
How do i become super user?
Wear your underpants on the outside and put on a cape.

Post Reply