Security Question

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Security Question

Postby Sanchopinky on Fri Jun 01, 2007 9:18 am

Am I just as vulnerable to go to a questionable website and get my PC taken over or infected as windows? Or have my info keylogged or something?

Because I was searching on google and I think some websites didn't have the best intentions for their visitors and now my browser acts froze and crashed 2x
Sanchopinky
Level 1
Level 1
 
Posts: 22
Joined: Sat May 26, 2007 10:08 pm

Linux Mint is funded by ads and donations.
 

Postby D1Wayne on Fri Jun 01, 2007 4:34 pm

Sanchopinky
wrote:
Am I just as vulnerable to go to a questionable website and get my PC taken over or infected as windows?


in post
http://www.linuxmint.com/forum/viewtopic.php?highlight=virus&t=1962
clem wrote (snippet)
I've been using Linux since 1997 and I've never used any antivirus with it. I never had any problems with that. Is it because security is more robust in Linux? Is it because virus makers focus on Windows? Is it because the file permission and multi-user systems make it harder for a virus to affect the system and so to prevent the administrator from removing the virus? I don't know, but the thing is.. although it wouldn't be 100% correct to say "there's no viruses under Linux", it wouldn't be far from the truth either.
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby D1Wayne on Fri Jun 01, 2007 4:58 pm

My take on this,

Yes, but the main thing here is that say you visit a website that has a nasty surprise, but you are not actually dl anything, if you get an infection,
the fix is usually simply re-install your browser or first completely un-install it then re-install it, as long as you do not have a terminal up running in super cow mode, generally everything else on you system should be un-affected by this these type of attacks.

Yes there are sites that have malware that will attack Linux, of this I'm certain,
the worst is are the torrents where one can download all kinds of seemingly nice stuff, but beware many are laced with naughty surprises.

So if you are downloading programs from sites you know nothing about you run the risk of getting something more than you bargained for. In these cases
always make sure you have a safe backup of work/personal stuff for recovery
of a malicious software install or a hard disk drive failure

If you are paranoid, there are a couple of things out there
firewalls and a few anti-virus programs,

Grisoft AVG for linux is available as well as clamV
I use AVG to scan things I download before and after install of packages that I'm not sure of the source.

http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free

Half way down the page there is a .deb file that gdebi will install

Hope this helps
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby Sanchopinky on Fri Jun 01, 2007 7:09 pm

Thank you very much, I'll install AVG right away :D
Sanchopinky
Level 1
Level 1
 
Posts: 22
Joined: Sat May 26, 2007 10:08 pm

Postby scorp123 on Fri Jun 01, 2007 10:59 pm

D1Wayne wrote: if you get an infection, the fix is usually simply re-install your browser
Your browser lives in /usr/... .. And there is no way how it could get infected there with anything unless you were so incredibly stupid and were browsing the web as "root". Your normal user simply lacks the abilities to do anything about the binaries over there in /usr and other critical locations, and any nasty program would run under the account of the user that triggered it. So if your user cannot do any harm to the binaries in /usr neither could any "virus" or anything similar. Re-installing your browser is thus absolutely pointless.

I'd be more worried about the profile settings in your /home directory ... e.g. /home/youraccount/.mozilla/* ... It's those settings that would be executed again even under a new browser installation :wink:

I use Linux since 1996 and have not ever encountered any Windows-like virus outside of some highly experimental lab environments ... And even those viruses I have seen in the labs either needed to be compiled into the kernel by "root" (so what's the point? You already need to be "root" in the first place in order to install this thing!) or you need to trick "root" into executing a certain binary to get the infection started (simple: never ever execute any unknown binaries as "root" ... ) ... how pathetic.

Running a Linux server is a different story however: there is a certain risk that a hacker might find a flaw somewhere and hack his way into your system. That's the real danger here: intelligent human beings who know a great deal about network protocols and got too much time on their hands ... not stupid viruses.

D1Wayne wrote: or first completely un-install it then re-install it,
See above. Pointless exercise in my opinion. If any "infection" of any sorts would occur, then in your /home directory and all the "dot" files and sub-directories there (.gnome, .kde, .profile, .mozilla, .config, .bashrc .... ) and not in an area where your user account doesn't even have write access to :wink:

D1Wayne wrote: Yes there are sites that have malware that will attack Linux, of this I'm certain,
SHOW ME. :D (Linux user since 1996 ... Internet user since 1992 .... never ever seen such a thing ... )

D1Wayne wrote: the worst is are the torrents where one can download all kinds of seemingly nice stuff, but beware many are laced with naughty surprises.
The worst surprise you can get is this: you think you download Hollywood's newest blockbuster movie but then it turns out that some moron faked a file and you've in fact downloaded some silly p0rn movie ... and not what you thought.

That's it. :D Everything else is just FUD :D

D1Wayne wrote: So if you are downloading programs from sites you know nothing about
Why would you do that in the first place? Everything is in your apt repos, you never ever even have to surf the web and hunt for programs ... This ain't Windows :wink:

D1Wayne wrote: Grisoft AVG for linux is available as well as clamV
I use AVG to scan things I download before and after install of packages that I'm not sure of the source.
OK, better cautious than sorry .... But I honestly never used such a program on Linux. Because I simply don't have to. Most of those virus scanners serve the purpose to protect Windows, e.g. when you use your Linux as a file server for Windows clients. So this anti-virus scanner would make sense: it scans the files the Windows clients upload and thus stops Windows viruses from spreading .... it doesn't stop Linux viruses simply because there are almost none :D
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Postby marcus0263 on Sat Jun 02, 2007 12:02 am

scorp123 wrote:
D1Wayne wrote: if you get an infection, the fix is usually simply re-install your browser
Your browser lives in /usr/... .. And there is no way how it could get infected there with anything unless you were so incredibly stupid and were browsing the web as "root". Your normal user simply lacks the abilities to do anything about the binaries over there in /usr and other critical locations, and any nasty program would run under the account of the user that triggered it. So if your user cannot do any harm to the binaries in /usr neither could any "virus" or anything similar. Re-installing your browser is thus absolutely pointless.

I'd be more worried about the profile settings in your /home directory ... e.g. /home/youraccount/.mozilla/* ... It's those settings that would be executed again even under a new browser installation :wink:

I use Linux since 1996 and have not ever encountered any Windows-like virus outside of some highly experimental lab environments ... And even those viruses I have seen in the labs either needed to be compiled into the kernel by "root" (so what's the point? You already need to be "root" in the first place in order to install this thing!) or you need to trick "root" into executing a certain binary to get the infection started (simple: never ever execute any unknown binaries as "root" ... ) ... how pathetic.

Running a Linux server is a different story however: there is a certain risk that a hacker might find a flaw somewhere and hack his way into your system. That's the real danger here: intelligent human beings who know a great deal about network protocols and got too much time on their hands ... not stupid viruses.

D1Wayne wrote: or first completely un-install it then re-install it,
See above. Pointless exercise in my opinion. If any "infection" of any sorts would occur, then in your /home directory and all the "dot" files and sub-directories there (.gnome, .kde, .profile, .mozilla, .config, .bashrc .... ) and not in an area where your user account doesn't even have write access to :wink:

D1Wayne wrote: Yes there are sites that have malware that will attack Linux, of this I'm certain,
SHOW ME. :D (Linux user since 1996 ... Internet user since 1992 .... never ever seen such a thing ... )

D1Wayne wrote: the worst is are the torrents where one can download all kinds of seemingly nice stuff, but beware many are laced with naughty surprises.
The worst surprise you can get is this: you think you download Hollywood's newest blockbuster movie but then it turns out that some moron faked a file and you've in fact downloaded some silly p0rn movie ... and not what you thought.

That's it. :D Everything else is just FUD :D

D1Wayne wrote: So if you are downloading programs from sites you know nothing about
Why would you do that in the first place? Everything is in your apt repos, you never ever even have to surf the web and hunt for programs ... This ain't Windows :wink:

D1Wayne wrote: Grisoft AVG for linux is available as well as clamV
I use AVG to scan things I download before and after install of packages that I'm not sure of the source.
OK, better cautious than sorry .... But I honestly never used such a program on Linux. Because I simply don't have to. Most of those virus scanners serve the purpose to protect Windows, e.g. when you use your Linux as a file server for Windows clients. So this anti-virus scanner would make sense: it scans the files the Windows clients upload and thus stops Windows viruses from spreading .... it doesn't stop Linux viruses simply because there are almost none :D


I Agree

And to the claim of mailware infecting a *nx system by just browsing Show Me

I could see this if browsing as root, but any fool who browses the internet as root deserves it.
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby D1Wayne on Sat Jun 02, 2007 12:11 am

Sorry scorp123

I believe a week or so ago blogger ran a foul of a bad torrent. (agreed that was a total install of the os, but crap is out there.

I personally have had under Breezy, dapper several occassions where visiting a web site malicious scripts has caused me to re-install firefox, due to flaws that were exploited. I said completely remove I meant the profiles and personal folders related to firefox as well.

downloading any application/package can cause problems you can not install them without giving permission to do so and once a script is given power it has pretty much control to do what it wants, including reformatting the drive, dropping other surprises. I run into many people that simply download pireted software consistantly and install them blindly, on linux, macs and windows,

BTW: I have never had a but 2 small malicioues things on any of my machines that has had ms software, back when there were zilog z80's

for an example if the author of a script to install gameABC had this statement in it "rm -r -d -f /*" oops perhaps missing a simple dot in front of that slash. This might simply be a mistake and no harm was intended, but

there is no such thing as true security, there is perhaps less secure things out there, such as windows, The plain truth is that the market share is not there for linux to make it worth wild for most hacks to try killing linux.

Main point I'm trying to make is that most cases of malicious attacks are crafted for those people that are blindly downloading and installing programs from torrents or personal websites.

This week to vm apps a ubuntu firebird and a Mysql has given me grief
As soon I change the default password in the firebird, all of sudden it started changing the password on me and no access within 30 seconds.

The mySQL vm after powering of the VM application and closing vmplayer, Cassandra would not launch anything but a dialog saying I could wait or cancel,panel menus everything same dialog. Had to physically power macne off

Both appliance were from vmware site

It is sad day when one can not express ones on own opinion without the riot brigrade step on ones freedom of thought
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby marcus0263 on Sat Jun 02, 2007 12:17 am

D1Wayne wrote:Yes there are sites that have malware that will attack Linux, of this I'm certain,


You made a pretty bold claim here and both Scorp and I disagree, we're just asking you to substantiate your claim. No one is being a "riot brigade" we just disagree.

Also anyone not only who browses the Internet as root but installs software for unknown sources deserves what they get. Basically use some common sense.
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby marcus0263 on Sat Jun 02, 2007 12:26 am

To follow up, you continually hear the "well the market share isn't there for Linux virus's". Well truth being is it's 1000+ times easier to create virus's, trojans, rootkits, worms for windows than any *nix system. The fundamental design of *nix systems with being modular and having "user" land makes it architecturally more difficult. For Microsoft a 1/2 page of code created by VB (Virus Basic) will tear up 1/2 the worlds M$ Systems, won't see that in the *nx world.

So that argument about it just not being popular enough is basically FUD.
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby D1Wayne on Sat Jun 02, 2007 12:54 am

Actually attacking the browser whether your visting with windows Mac or Linux

When say linux that includes everthing running under it, just like windows.
I know if you want to nit-oick it Linux is not an operating system, but to most it is so considered

Scorp123 was the one that mentioned browsing as root not I.

as Scorp123 pointed out servers are less secure, but many desktop users install servers on them regularly.

most problems are do to loose social computer behavior, and it is generally the operators lack of judgment that is the heart of most of these problems.

I'm sure you or Scorp123 and many in this community are *oops) NOT guilty of mindless dl and installing from unknown sites. But by not cautioning newbies that there are dangers, and if they have in the past been quilty of this, is to potentionally more harmful, than stating that Linux is so much better at security you can do what you please without consequences.

http://www.conntact.com/article_page.lasso?id=40980
http://www.scmagazine.com/uk/news/artic ... mac-linux/
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby marcus0263 on Sat Jun 02, 2007 1:14 am

D1Wayne wrote:Actually attacking the browser whether your visting with windows Mac or Linux

When say linux that includes everthing running under it, just like windows.
I know if you want to nit-oick it Linux is not an operating system, but to most it is so considered

Scorp123 was the one that mentioned browsing as root not I.

as Scorp123 pointed out servers are less secure, but many desktop users install servers on them regularly.

most problems are do to loose social computer behavior, and it is generally the operators lack of judgment that is the heart of most of these problems.

I'm sure you or Scorp123 and many in this community are *oops) NOT guilty of mindless dl and installing from unknown sites. But by not cautioning newbies that there are dangers, and if they have in the past been quilty of this, is to potentionally more harmful, than stating that Linux is so much better at security you can do what you please without consequences.

http://www.conntact.com/article_page.lasso?id=40980
http://www.scmagazine.com/uk/news/artic ... mac-linux/


What you posted was "proof of concept", not in the wild, nor does it infect anything outside of the specific user unless they have "root" privileges. So it's displaying a jpg, apples and oranges compared to rootkits. Also it's executed when opening a Open Office Draw file, not browsing.

If for some remote chance the user is infected with something very nasty just remove the users home directory if you can't remove it. The OS has not been compromised.

Also with open source the proof of concept being published how long do you think before it's fixed?

So again back up this claim you made

D1Wayne wrote:Yes there are sites that have malware that will attack Linux, of this I'm certain,


I know of nothing out there that will infect a *nx system by just browsing the site as in M$.
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby D1Wayne on Sat Jun 02, 2007 1:23 am

I think what we have is a difference of opinion,

you are not going to change my mindset and I will not change those that disagree

I and most people that boot something do not care if it is a component or the whole,

beside with bugs like this
https://bugs.launchpad.net/ubuntu/+sour ... +bug/89853

who needs viruses :D

how many linux ATI and Nvidia problems this ine alone caused days of lost time
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby marcus0263 on Sat Jun 02, 2007 1:37 am

D1Wayne wrote:I think what we have is a difference of opinion,

you are not going to change my mindset and I will not change those that disagree


Just asking you to back up that very bold claim

D1Wayne wrote:I and most people that boot something do not care if it is a component or the whole,

You say that now, but *nix users don't have to fdisk because of just merely browsing a website.

D1Wayne wrote:beside with bugs like this
https://bugs.launchpad.net/ubuntu/+sour ... +bug/89853

who needs viruses :D

how many linux ATI and Nvidia problems this ine alone caused days of lost time

At least with Linux all I have to do is edit one file and add one line ;-)

And Microsoft never has problems with drivers?

ROTFL ..............................
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby D1Wayne on Sat Jun 02, 2007 1:54 am

proof of concept, proves they vulnerability,
the bug mentioned earler, is proof, that 1 digruntle person on adevelopemnt team could easily sabotage a project.

Make sent ipods with viruses
Ibm shipped flash memory with viruses in them for 2 years before they were discovered, back in the early 90's a video card manufacrure put a virus in the companys master driver disk, the reasin for the link was simply to illustrate how easy it would be to slip in malicious or faulty code.

And if you examthe forum you'll see a few minters here with recent repartition issues formating problems
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby D1Wayne on Sat Jun 02, 2007 1:54 am

D1Wayne wrote:proof of concept, proves the vulnerability,
the bug mentioned earler, is proof, that 1 digruntle person on adevelopemnt team could easily sabotage a project.

Make sent ipods with viruses
Ibm shipped flash memory with viruses in them for 2 years before they were discovered, back in the early 90's a video card manufacrure put a virus in the companys master driver disk, the reasin for the link was simply to illustrate how easy it would be to slip in malicious or faulty code.

And if you examthe forum you'll see a few minters here with recent repartition issues formating problems
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby D1Wayne on Sat Jun 02, 2007 1:56 am

definitly need sleep when I start quoting self :D :D
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby marcus0263 on Sat Jun 02, 2007 2:01 am

D1Wayne wrote:
D1Wayne wrote:proof of concept, proves the vulnerability,
the bug mentioned earler, is proof, that 1 digruntle person on adevelopemnt team could easily sabotage a project.

Make sent ipods with viruses
Ibm shipped flash memory with viruses in them for 2 years before they were discovered, back in the early 90's a video card manufacrure put a virus in the companys master driver disk, the reasin for the link was simply to illustrate how easy it would be to slip in malicious or faulty code.

And if you examthe forum you'll see a few minters here with recent repartition issues formating problems


Still apples and oranges from your very bold claim

D1Wayne wrote:Yes there are sites that have malware that will attack Linux, of this I'm certain,


And again nothing has deterred from the fact it's 1000+ more difficult to create malware on any *nix system than M$, M$ just makes it too easy.
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby D1Wayne on Sat Jun 02, 2007 2:26 am

http://www.viruslist.com/en/viruslistfi ... nux&page=1
list 1224 viruses/keylogers/backdoor/trojans that are displayed when searching for Linux

Sophos
http://www.sophos.com/security/analyses ... us_search&
submit.x=54&submit.y=9&action=search
22 oages @ about 10 per page

SYmantec
http://searchg.symantec.com/search?q=li ... US&client=
symc_en_US&hitsceil=100&site=symc_en_US_vir&output=xml_no_dtd&context=gbh&x=0&y=0
list about 1000

Article
http://www.vnunet.com/vnunet/news/21436 ... inux-virus
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Postby marcus0263 on Sat Jun 02, 2007 2:38 am

D1Wayne wrote:http://www.viruslist.com/en/viruslistfind?words=linux&page=1
list 1224 viruses/keylogers/backdoor/trojans that are displayed when searching for Linux

Sophos
http://www.sophos.com/security/analyses ... bmit.x=54&
submit.y=9&action=search
22 oages @ about 10 per page

SYmantec
http://searchg.symantec.com/search?q=linux&charset=
utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US_vir&output=
xml_no_dtd&context=gbh&x=0&y=0


Still nothing that infects Linux by simply browsing as a normal user website as with M$ as you claimed.

Also listed are security vulnerabilities that are quickly fixed 100x faster than M$'s vulnerabilities. Keeping up with security patches are standard common sense.
Shuttle SX58
Intel i7 Gulftown Hex Core
G.Skill 16Gig 1333
OCS Vertex 2 SSD
Segate SATA II
Palit GeForce GTS 450
LMKDE 14 64Bit

Where Thought Crime is Committed
Reject the Herd
User avatar
marcus0263
Level 4
Level 4
 
Posts: 362
Joined: Mon Dec 25, 2006 9:40 am
Location: Seattle

Postby D1Wayne on Sat Jun 02, 2007 3:34 am

I noticed you did not quote the article :D
D1Wayne
Level 3
Level 3
 
Posts: 198
Joined: Tue Apr 24, 2007 6:11 am
Location: Pacific North West

Linux Mint is funded by ads and donations.
 
Next

Return to Newbie Questions

Who is online

Users browsing this forum: Bing [Bot], Biran Jackson and 35 guests