How to protect the PC?

[Duprate]

Faced with the growing news about computer security such as:

"Cloudfare: Brazil was the basis for the largest DDoS attack ever recorded by the company";
"Travis CI Cloud Service Exposes Thousands of Authentication Tokens";
"Malware attacks distributed with PDF files are on the rise";
"Symbiote: Linux malware targets Latin American financial systems, including Banco do Brasil and Caixa Econômica Federal";
"Ransomware attacks: Brazil ranks 4th among the most affected countries";
"After paying ransomware ransom, companies still have to spend 7 times more on repairs";
"LinkedIn is the most spoofed brand by cybercriminals in phishing scams";
"Ransomware attack shuts down a college founded in 1865 in the city of Lincoln, in the US state of Illinois";
“Prevention is crucial to mitigate the global increase in ransomware attacks”;

What can we simple Puppy Linux users expect?
How to protect us? Is browsing a system with a frugal install and no savefile safer?
With the system loaded in RAM and HD disk unmounted, is it safe to browse?
After browsing the internet, restarting the system without connecting the HD, does it avoid the problems?
When downloading a file, running anti-virus before opening it will protect us enough?
What about the systems that keep a savefile, therefore with some HD partition mounted?

Many here are interested in this subject... Shall we share opinions, recommendations and experiences?

[dancytron]

The first thing is to evaluate the risk.

What needs to be done to protect a laptop that's used to browse the web, read email, and watch YouTube videos is different than what needs to be done if you use it for banking and credit card stuff is different than if it is being used to control cooling rods in a nuclear reactor.

[Duprate]

The first thing is to evaluate the risk.

What needs to be done to protect a laptop that's used to browse the web, read email, and watch YouTube videos is different than what needs to be done if you use it for banking and credit card stuff is different than if it is being used to control cooling rods in a nuclear reactor.

Well, my usual usage doesn't include storing personal information, banking and credit card services, and controlling cooling rods in a nuclear reactor.
My installation is "frugal" type, I don't use savefiles.
However, it would be interesting to visualize a set of security rules that would serve all interested in security...

[wizard]

I use VNC to control a separate computers browser that connects to the internet. Browser only used for financial transactions. It's been stated before that a Puppy system booted from a CD (no other drives connected) has tremendous security. The same would apply to a USB that is formatted to ISO 9660 (unwriteable).

There are a lot of Puppy combinations that can be assembled for enhanced security using removable media. Just keep your sensitive info off the computer unless you're actually using it. Ransomware on a Puppy with no save file, NO PROBLEM. Ransomware on a Puppy save file that has no personal data, NO PROBLEM.

Am using a separate system with no internet connection to control my reactor.

wizard

[Feek]

Duprate,
I do it similarly. In most cases I do not use Savefile with the connected partition. Everything I boot is in that case a compressed .sfs file. Here on the forum I previously read that it would be the solution to do regularly md5sum of these files to verify that nothing was modified. However, I do not do this.

In most cases I use Fatdog. You probably know that Internet applications run as spot and, for example, everything from the browser can only access to /home /spot.

Safety could be also increased by using of a container. I tried it, but I don't normally use it.

For online banking, I might think about a special boot entry with the appropriate settings.

General principles I try to follow:
in the browser not to save anything (especially passwords),
not to use extensions (or just a minimum of those you trust),
not to click on anything thoughtlessly on the Internet (several times it has been mentioned that security on the Internet is given by the behavior of an individual sitting in front of the monitor).

[ozsouth]

Old Puppies have security holes unless updates are made. I like ScPup64-20.06, but keep my Firefox-esr updated & run-as-spot.
I also use a recent kernel, & compiled current openssl, curl & wget (I tried to compile busybox, but had 'field length' errors).
My chromebook gets frequent security auto-updates, including to its (now) debian bullseye facility.

[Duprate]

I also use FatDog64 as my battle system; the browser I trust the most is Mozilla Firefox, setting privacy and security in strict mode and enabled DNS over HTTPS; when I download a file, I run the anti-virus Clamav-0.105.0 in /home/spot/Downloads; and, I don't go around downloading crap!
However, the risk is there....

A very recent example: "Symbionte"

A Linux malware dubbed Symbiote has been spotted by security researchers and is being considered nearly impossible to detect.
Its harmful actions start from backdoor infections, that is, through alternative access ports existing in a system, bypassing protection and users. Because of this stealth potential, the malware received the nickname of Symbiote (symbiote) from threat intelligence companies BlackBerry and Intezer.
A few months ago, we discovered a new undetected malware that acts with this parasitic nature affecting Linux operating systems.
Linux malware can hide inside running processes and network traffic, as well as drain a victim's resources like a parasite. The operators behind Symbiote are believed to have started developing the malware in November 2021, with a focus on the financial sector.
As the report puts it, what makes Symbiote different from other Linux malware "is that it needs to infect other running processes to cause damage to infected machines." The rogue agent exploits a native Linux feature called LD_PRELOAD, to be loaded by the dynamic linker (the part of Linux that links and loads the individual shared libraries to a file) in all running processes, and thus infects the host.
Its main purpose is to capture credentials and facilitate backdoor access to victims' machines. “Because the malware operates as a user-level rootkit, detecting an infection can be difficult,” the researchers concluded.

News source: https://olhardigital.com.br/editorias/seguranca/