Run Puppy 5.0 on windows business PCs for non-business internet-Safe against viruses?
I am certainly a Linux Newbie..I have a business with a network of PCs that need not get client files corrupted by viruses & other bad things from the internet...YET I would like to let my employees(who are way worse newbies than me..om Windows even...& stand good chance to mess up computers) use internet at times if they wish. My first thought was just separate side by side PCs, one to get on for Clients/business network etc, & the other to get trashed by the internet. What I am thinking is a better alternative (& I need to know from yall who I'm sure are way beyond this newbie whether this thinking is correct) is to put something like Puppy Linux 5.0 on small memory USB flash drives & let them each have one to use for internet, simple application functions etc. Can I safely believe that running internet browsing on the flash drive with Puppy Linux booted & running as the OS is NOT going to potentially infect my windows XP business PCs with viruses etc? Have I found a good solution here?
Yes, you can run Puppy Linux off a USB drive (instead of booting to Windows from the PC's hard drive)
And yes, running a Linux OS from a USB stick instead of running Internet Explorer from the hard drive will definitely increase security.
Unfortunately, I *don't* know if it's a good overall solution.
What ELSE are these PCs being used for (besides occasionally browsing the Internet)? Ideally, perhaps you can migrate ALL of your applications (work processing, calendars, spreadsheets, etc etc) as WELL as web browsing to Linux.
Otherwise, you might wish to:
a) stick with Windows
b) get a good virus scanner ... and make sure everybody uses it
c) make sure you're always up-to-date on your Windows patches
... and ...
d) get something like "Watchdog" to restrict access to "dangerous" sites
IMHO .. PSM
It is actually a medical chart system/program that apparently will not run on linux. (I tried that option, asking the makers of the program many times & it is not doable/compatible, even with WINE etc, It just don't jive). I have had a few individual PC problems b/c viruses from browsing etc, some very bad & mostly they required complete redoing of windows XP on them, etc. I have to use XP b/c later windows OS's are CURSEDLY slow to run this program. Tried AVG & it actually (mixed with a certain virus I suppose) absolutely shut one PC down & the much-more-computer-savy IT guy that is kind enough to set me up & fix my messes had an absolutely terrible time getting it off (finally just redid the computer ). Yes I'd agree watchdog type things are good; & now I scan w/ClamWin a lot. I was just going to get all the PCs "clean" as can & try to have them drastically less likely to get dirty again. Would you think the option of having a few "throw it to to internet wolves" PCs (probably fairly old XP Pc's, or maybe linux) side by side w/PCs for the system (with internet essentially shut down on them) is enough difference in security to justify that or is the linux on a flash drive pretty much just as safe? Thanks very much for yours (& anyone's help here also-I love this stuff but still am very very very ignorant of things & feel painfully limited , surrounded by AWESOME tools-Make sense?) SF
It sounds like your best bet is:
1. Stick with Windows
2. Use a good anti-virus program, and make sure it's configured to keep the system protected and keep its signatures up-to-date.
Maximum PC magazine did a great article a couple of months ago about "Top 10 A/V Programs". Check it out:
3. Install Firefox.
Remove the icon for Internet Explorer.
Make Firefox the default browser (yeah, I should have put this at #1 ;))
4. Make sure Firefox blocks pop-ups.
Consider getting the "BlockSite" Firefox plug-in:
'Hope that helps .. PSM
I agree that businesses need to have some access.
What you should do though is to remove all internet access from confidential computers. Then make some don't care linux systems for people to use. Then set a strong policy and best practices. For example set rules and practices that prevent common users from using usb drives in the xp systems. See MS site for many more best practices.
Any computer connected to the internet can be hacked. Last year every OS and browser was hacked in less than an hour in the annual contest. To protect data you need to learn and use as many best practices as you can. It also involves strong employee rules but if you setup your systems to be secure then they will be. Making your lan and wan secure is also a requirement. Preventing physical access to various points is needed too.
You can do this all because of two reason. Legally you are bound to protect this data. Secondly you have to protect your company from being sued in case the data is lost due to your lack of security. Funny how money come up with a threat of a law suit.
A good choice for the internet computers is puppy but also consider distros such as slitaz or xpud.
...online security is a big worry, especially with Windows. Combine that with sensitive data and you have a serious potential problem.
Truly, (as RMS has written) a computer is only secure if it is switched off, dismantled, and the hard drive crushed. But that's not much use!
In practice we find that owner-driver systems with prudent owners can be OK even with Windows so long as you
a) have a separate firewall (or router/firewall) box with stateful packet inspection
b) use Firefox with
1) Adblock Plus and the Easylist/Easyprivacy filters
2) Flashblock - puts user in control of Flash (major cause of nasties)
3) WOT - Web of Trust - warns of most nasty sites
c) decent Windows anti-nasties packages
1) Antivirus - AVG free was good for us up to version 8, ClamWin seems to be more stable
2) Anti-Malware - we liked Spyware Blaster and Spybot S&D
3) A lucky rabbit's foot (not so lucky for the rabbit!)
d) Last, and most important, sensible, mature users.
The only problem is that I have only found a handful of item 'd'!
Most of our 'mature' users are intelligent young people in their early teens - even 'educated' adults often do not get the idea that updates really matter!
To be fair, there are a lot of updates to take care of with that lot on Win XP, and my MS knowledge is no longer up to date since I have finally migrated all of my extended family/friends support circle (dozens of machines now) to Linux. :)
Oh, and one musician has gone to the dark side of *nix with Mac OS X - needed for the <spit> proprietary software on their course. <grin>
Most of our posse use Ubuntu variants - a lot of Xubuntu since it used to be a bit lighter than Gnome, and the lightweight XFCE compositor is a nice compromise for gentle eye-candy without slowing things drastically. Just did our first Lubuntu install - looks nice with Wbar at the top and runs fast on an ancient AMD 3000+ with 512M RAM.
We ran a -lot- of tests when getting into Linux, and still do a rootkit check routinely, as well as using ClamAV to check Win partitions whilst they are offline. With the same Firefox configuration as Windows, automatic updates that have never borked our installations, we have a really good feeling about *buntu installations that live behind a sensible box as in (a) above.
Similarly we have Puppy 4xx installed on four or five (lost count!) of 'our' 8 GoBook 250s wth 128M RAM and intel P3 700~800 cpus (clock at 350~400MHz). These have all the above add-ons to Firefox or its equivalent, and seem to work well enough without OS updates. The other GoBooks have 256 RAM varii flavours including Xubuntu 804 and SliTaz 3.0 which works really well for us. One of them has 10 distros installed, plus the original Win2K! Rugged old laptops that weigh a bit, but take the hammering that kids can administer.
So, for a no-worries separate internet access box (or boxes) we would suggest a *buntu or maybe Mint which does the codec installations for you, then create a non-Admin user, add the bits to Firefox and you are done.
Strong passwords, remember!
Without sensitive data on it the box can have the password written on it. Cheap (and tiny) box sometimes available from eBuyer is the Acer Revo 3610 - the 3600 would also do for your purposes. Expect to pay a good bit less than £200. Dabs had a similar Acer thing that is a bit more recent last time I looked. Or an old laptop would do....
Puppy-Linux-on-a-stick is a great solution - we have an old Celeron 1000 that does this trick with Win 98 on the 1GB HD. But..... if it does get infected (unlikely, but..) then the hacked Puppy would have access to your PC's main HD with all your sensitive data on it. Bit of a problem that.
Hope that helps!
All the best, Ben
This comes to you from my 'production' laptop using SliTaz 3 - which I am getting to be rather fond of. Seeing 'Conky' fade in on startup (thanks to the compositor) to report that RAM usage is some 56MB is worth a grin every time. The same machine has Xubuntu 904, Ubuntu 1004, Mint 9 also installed and available via GRUB. Yes, I seem to have become a distroholic! :banghead:
Your solution could very well work, as long as the users are responsible enough to follow it to the letter. That will likely not happen though, because most likely they'll want to look at something on the Wikipedia or download the latest e-mule version while at work and without having to reboot.
A way to enforce this would be to completely disable networking in Windows.
In any case, and even if they are good boys and girls and use your solution 100% of the times, no one is going to guarantee that they will not download something infected and then run it on Windows afterwards manually.
An alternate solution, assuming that your Windows-based software doesn't have any esoteric hardware/software requirements, would be to run Linux on those work stations and then use an VM to run WinXp (or the bare minimum you can use) to run your program inside that VM.
All in all, if you really must use Windows I would concentrate on hardening Windows instead of adding yet-another-OS to the soup, because that's what your users will be using (as said, unless they are extremely well-behaved robots). Read about disabling unnecessary services, make as hard as possible to use IE, install another browser by default and try to be vigilant about spyware and viruses.
I am not much into Windows security, but I am sure there are many things you can do to improve the security model in modern Windows versions. That would be for another forum though.
|All times are GMT -5. The time now is 11:43 PM.|