SliTaz Forum

tcll

Member

Registered: 2026-01-25

Posts: 31

Security Discussion

Hope you don't mind this Shann

This is really just a sort of discussion about the idea of security, and so quite frankly what I mean when I talk about it, since I haven't moved on to the new norms "security" is now classified by...

I personally follow the beliefs from the early 2000s where you had both your primary and secondary security levels back in the days of WinXP and all that, and refuse to cave to doing away with the secondary level as everyone else seems to have done

Primary security would obviously be your LUKS or access control on the local front, and firewall and HIPS on the software front.

Secondary security would be what slows down attackers when primary security happens to somehow be breached, which includes while not limited to FS/execution perms, and would also include EFS (would be cool on top of LUKS) if Linux had it.

you may notice 2 rather important things here being HIPS and EFS

---

HIPS (for those unaware) stands for Host Intrusion Prevention System, and is used for catching immediate access breaches when software breaks access control rules

Comodo HIPS was an excellent solution for WinXP back in 2008 (before Comodo corrupted), which basically all it did was pause the process on a flagged syscall while displaying a verification check dialog to amend your rules by

[attachment=53771,3819]

[attachment=53771,3820]

[attachment=53771,3821]

how is this a security?

well if you block a process from executing before any damage is done, I think it's pretty obvious as an effective solution for catching any sort of malicious acts, such as Discord spying on system resources for example.

---

EFS stands for Encrypting File System, and while windows only, is used for ensuring your data is never decrypted at rest (what a lot of systems like LUKS, ecryptfs, or fscrypt fail at after being mounted as your data is always decrypted)...

EXT4 supports transparent encryption for EFS-like functionality, but I still as of yet haven't seen any sort of implementation making use of this

for any remaining confusion

SYS_write in a program context would encrypt

SYS_read in a program context would decrypt

external contexts (such as [c]cp[/c]) would leave the data encrypted

how is this a security?

in the event your system is breached, transparent encryption means any retrieval of data from mounted filesystems will be encrypted, despite that very data being actively in use by local software ([c]Ctrl+S[/c] in your favorite text editor would write encrypted data to the filesystem)

This would also include transferring that data to a flash drive, you would need your OS key (among potentially additional keys depending on design) to decrypt your own data on another machine

---

also on another note, antiviruses haven't actually existed for over a decade now

a proper antivirus would scan (including decrypt) the machine code of the ELF(s) and compare against any malicious actions detected in that code (sending data to an unknown server for example)

VirusTotal is not a security as file hashes don't prove nor disprove malicious actions, hence Chrome or FireFox are not marked as viruses when the data they collect is worse than some minuscule keylogger...

all forms of data collection should be treated as malicious until proven otherwise with continued sanity (Discord lying about ID collection for example)