Virus dangers with the RetroPie?

Zigurana

Well, nothing is ever secure. For instance i read about this exploit using nsf (music files from NES) on Ubuntu systems with old libraries...

garrettendi

I totally understand nothing is secure, even big websites such as eBay have been prone to attacks that can affect individual workstations, and I also accept that the only way to be virus "free" would be to stay off the net entirely, but my question was more concerning the likelihood of a website or ROM attacking the RetroPie and other workstations on the network in the intended use of the system.

My apologies if the question was not explicit in this regard.

Zigurana

@garrettendi
Seeing that an absolute likelihood will be difficult to calculate, it will always be expressed as a relative probability (more/less likely to attract a virus than this or that). The question then becomes, relative to what?

Also, I think you need to consider what you are going to do with the answers you will be likely to get. How is it going to affect your behavior, do you keep a list of possibilities for all other retrogaming systems then choosing the one with the lowest probability?
Or are you going to only use a RetroPie system when you somehow have determined that it's relatively probability is below some threshold value?
@herb_fargus already took some of those steps for you, simply indicating how you minimize the risk of a virus infection.

Personally, I think it's a non-issue, but I like the discussion nonetheless, so please explain to me why this concerns you so much.

mediamogul

herb_fargus said in Virus dangers with the RetroPie?:

Viruses are unlikely as long as you aren't frequenting porn sites

All porn, or just the weird stuff?

Zigurana

@mediamogul said in Virus dangers with the RetroPie?:

herb_fargus said in Virus dangers with the RetroPie?:

Viruses are unlikely as long as you aren't frequenting porn sites

All porn, or just the weird stuff?

Just the stuff that includes gamecontrollers.
Or so a friend tells me, ahum.

obsidianspider

@Zigurana said in Virus dangers with the RetroPie?:

@mediamogul said in Virus dangers with the RetroPie?:

herb_fargus said in Virus dangers with the RetroPie?:

Viruses are unlikely as long as you aren't frequenting porn sites

All porn, or just the weird stuff?

Just the stuff that includes gamecontrollers.
Or so a friend tells me, ahum.

That poor poor Atari 5200 controller…

mediamogul

I know we're already dangerously off topic here, but I just can't help it. Did anyone happen to see that unbelievably strange report from Engadget yesterday about the viability of some nearly forgotten 90's-era control input device that next to no one had, being re-purposed for VR porn? They spend ten minutes talking about it's history in relation to the failure of similar VR concepts of the time and then proceed to strap a dildo to it with duct tape, send it some custom code and then relate it with a doughnut until it's destroyed. After all that, they conclude that it's just not a practical application of the technology. I kept expecting to read about Engadget being hacked, with this video being the result, but apparently this was an editorialized news piece from one of the biggest tech news sites in the world. Very strange... yet oddly compelling.

Edit: ... and that's why viruses are bad. (topic saved)

garrettendi

@Zigurana

It worries me because in this day and age nothing is safe, so I like to know what my risks are before. Having said that, I have used torrents before so I do understand that a lot of the virus stories out there are more scaremongering than as prevalent as some might say.

In regard to a comparison, I'm not sure what to answer. I have an anxiety disorder, so for me I like to prevent worrying by finding out the facts. I know the a Pi/Linux combination is one of the rarest out there, which makes viruses pretty scarce, but really I'm just wondering if viruses on this system are in any way more common than I might otherwise think. Windows is of course far more prone to viruses - simply because it's so common - so really I'm just looking to find out if there are reports of viruses impacting this specific system.

I'm not really after a comparison, just the facts. And from the sounds of the answers in this thread, I can happily accept that the facts are simply: "It's safe and viruses are very uncommon"

Zigurana

@garrettendi
I agree that this is most probably the correct conclusion.

backstander

@garrettendi

Windows is of course far more prone to viruses - simply because it's so common

I work in an IT department that services about 500 computers and about 15% of them are Mac OS X and in the resent years we've noticed a lot more Mac viruses that come in through Safari. So far it's been an easy fix of just running the Mac version of Malwarebytes but we're seeing more and more viruses on Mac each year. I'm personally not a Mac person but I know how to operate one. That being said, I don't know how these infections actually happen but the end users that are catching them are varied from total computer noobs to very knowledgeable users and with the very knowledgeable more often than the noobs. It could be that they have the mindset that they're invincible because they're using a "superior operating system".

@garrettendi you might be on to something here, if you let your guard down, that's when security breaches happen.

Steps to help you stay more secure would be to:

• never tell anyone your password(s)
• never use the default passwords you are given
• keep your OS updated with all the security patches (including updating 3rd party software)
• never execute a program from an unknown, unrepeatable source (like attachment in emails)

Both the open source Anti-Virus ClamAV & Rootkit Hunter works on the Raspberry Pi. For some extra peace of mind you could run scans with them every once and a while.

Securing Your Raspberry Pi: From Passwords to Firewalls:
http://www.makeuseof.com/tag/securing-raspberry-pi-passwords-firewalls/

The most secure computer is going to be the one that doesn't have any power and isn't connected to anything, ever!

Clyde

@garrettendi The other posts already cover many points that I second, with the notable exception of anti-virus software which I regard as snake oil, expecially on Linux. To my knowledge, there are next to no Linux viruses known to be "in the wild", so most Linux anti-virus products are meant to scan for Windows and Mac malware that might pass a Linux system (e.g. file servers).

In my opinion, it makes much more sense to close as many entry points as possible: Use a wired network instead of wifi; if using wifi, use a secure protocol like WPA2 with strong passphrases; only connect the Pi to the network when you need it; disable Samba on your Pi, and access it via ssh with public key authentication; use Retropie only for gaming; don't use the web on the Pi's system (although that might be much more secure than on a Windows PC or Mac), or if you want to do that, buy another dedicated Pi for that.

In the matter of security, you'll find many approaches that might seem or actually be opposed to each other, e.g. the neverending anti-virus debate. As you said yourself, you should be pretty secure with Retropie on a Pi, and even more if you heed some of the suggestions presented in this thread.

SuperFromND

@mediamogul I haven't seen that actually; sounds entirely absurd enough to interest me. Got a link at all?

mediamogul

@supercatfooz

Even though it was two years ago, I still remember that odd video pretty well. I did a quick search for it and it didn't come up, which might mean they had the good sense to take it down. Just picture a shake weight ad, but waaayy more uncomfortable with less production value. Since that time I don't really follow Engadget in any way. I started noticing too many stories and videos being posted with only thin ties to technology.

Capeman

A good first step is always changing the standard "pi" "raspberry" login that all retropie installs come with - if somebody wrote a script to scour the internet for connected retropies, they would likely just target the ones with the default password instead of going through lengths to decode the protected ones.

KN4THX

As if my browser history wasn't embarrassing enough, now I have to add this to my list. Thanks Retropie community.

SuperFromND

@thedatacereal Glad to help!