Linux and malicious "Attack" sites

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Linux and malicious "Attack" sites

Postby Bob E on Wed Jun 08, 2011 4:37 pm

I've seen these before over the years when running Windows, but now that I'm running Linux, I'm curious. Are these type of encounters harmful to Linux as well? I haven't been using Linux long enough to know. I have read articles about Linux and Windows based viruses, but I don't think this is the same.

Last night I went to zap2it.com, a site for TV listings, and encountered the big red warning. [Screenshot: http://i813.photobucket.com/albums/zz59 ... ckPage.png ] I also did a follow-up on the Google Safe Browsing Advisory page for more info. [Screenshot: http://i813.photobucket.com/albums/zz59 ... ngPage.png ] The Google page says it's not currently listed, but at the time of this writing, the site itself still brings up the Warning page if you click on "TV" on their home page.

Just looking for feedback about Linux and malicious attack vulnerabilities such as this.

Thanks in advance for any help.
User avatar
Bob E
Level 4
Level 4
 
Posts: 370
Joined: Sun May 01, 2011 9:45 am
Location: Directly above the center of the Earth.

Linux Mint is funded by ads and donations.
 

Re: Linux and malicious "Attack" sites

Postby ThistleWeb on Wed Jun 08, 2011 6:14 pm

Malware is simply a program that's written to exploit another, so there's no such thing as a "PC virus", there's "Windows viruses", there's theoretical "Linux viruses" and "OSX viruses". A program written to exploit some flaw in IE expects to find IE in a specific place in the C:. Linux doesn't even have an C: let alone IE.

The services that track malicious sites like that can mark it malicious for any number of reasons, not just because it hosts (or has hosted) malware that affects Windows. Often these groups have a very strong influence from the "won't someone think of the children" brigade, so even regular sites that go beyond their morals are knowingly reported as serving malicious software, so they get that warning, which is enough to deter most people from investigating.

Flash is still an angle into your PC, regardless of the OS, the pwn2own competition saw Apple with Safari fall first in the last couple of years not because of an exploit on OSX or Safari, but Flash. Scripts can still run to try to throw files at you but they're only going to be a minor irritant on Linux, as there's too many barriers to get infected. You can help yourself by using something like NoScript to only enable scripts from sites you want, as well as Flash blocking and advert blocking.

Malware writers want maximum infections for the longest time before discovery, for this they target Windows. Windows often allows them to script it so it installs secretly, and only shows up after the users anti-virus scanner has detected it.

Linux is so disparate in terms of what people run, that it's all but impossible to actually infect. Exploit in Firefox? Does it work in Fedora? Debian? Ubuntu may place the vulnerable lib in a different location thwarting the exploit, or Frugalware may package it differently, removing the exploit etc. Exploit in Gnome? It won't affect KDE users, it may not affect all Gnome users for the same reason.

If that wasn't hard enough to target, Linux has a solid user / root separation right from the ground up, it peculates through everything, meaning that any admin action needs root privs, which means asking you for a password. If you're savy enough to question that popup box when you didn't trigger it, it's not going to install.

Linux has a vast number of packaging formats too, like rpm, deb. Not all rpms are the same, neither are debs. A deb for Debian Sid may not install on Debian Squeeze, or Ubuntu etc. This narrows down your potential victims, in that you'd have to make a plethora of different binaries and detect them to know which distro to serve one for, knowing the user is gonna be asked for a password at the very least.

After you get passed all that, Linux is open source. Everything is done in the open. Distros talk to each other. So when an exploit is found on one, word gets around VERY quickly, someone patches it, often within a day, and within a couple of days, every distro has patched it, so all your work is for nowt.

Security is an ongoing thing, it's never a one-stop-shop. Linux isn't invulnerable to malware, it's just an incredibly difficult and fast moving target to hit for all the reasons above. As it gains more market share it will be worthwhile for malware writers to try and target it, they will no doubt at some point start to get some success, but Linux is much more secure in the way it's setup and developed. The key is to not do stupid stuff, and put up some basics like a firewall, and script blocking in your browser. After that you can be pretty much assured you don't have to deal with malware.
Crivens!
User avatar
ThistleWeb
Level 5
Level 5
 
Posts: 900
Joined: Fri Mar 25, 2011 9:59 am
Location: Scotland

Re: Linux and malicious "Attack" sites

Postby Habitual on Wed Jun 08, 2011 6:55 pm

Google Safe Browsing (part of every firefox package now) will check w\google first.
http://www.google.com/safebrowsing/diag ... com/&hl=en <--- it's flagged now.
http://www.google.com/safebrowsing/diag ... com/&hl=en <--- same.

Typically, Linux users are not affected by these tactics, but we are bound to GSB as long as we use Firefox.
What's a landing but a take off in reverse?
User avatar
Habitual
Level 8
Level 8
 
Posts: 2219
Joined: Sun Nov 21, 2010 8:31 pm
Location: LM17Q-Xfce

Re: Linux and malicious "Attack" sites

Postby Bob E on Wed Jun 08, 2011 7:06 pm

Thanks ThistleWeb. This info helped a lot. Running Linux is definitely a new learning curve for me. Even when I was running Windows, NoScript is always the first Add-on I install to FF when starting up a new build, I just wasn't sure how such things affected Linux.
ThistleWeb wrote:The key is to not do stupid stuff.

True. I'm not about to go storming past the warning with an "I'm invincible" attitude just because I'm running Linux. To borrow a phrase from Mad Eye Moody: "CONSTANT VIGILANCE!"

It's just a shame that, even on a harmless site, the "bad guys" have to mess things up.
User avatar
Bob E
Level 4
Level 4
 
Posts: 370
Joined: Sun May 01, 2011 9:45 am
Location: Directly above the center of the Earth.

Re: Linux and malicious "Attack" sites

Postby Bob E on Wed Jun 08, 2011 7:16 pm

Habitual wrote:Typically, Linux users are not affected by these tactics, but we are bound to GSB as long as we use Firefox.


Thanks Habitual. It's good to know that it's less of a threat. My reaction to this is pretty much "old habit" from years of Windows surfing, and like I said above, I'm still going to proceed with caution even on Linux.
User avatar
Bob E
Level 4
Level 4
 
Posts: 370
Joined: Sun May 01, 2011 9:45 am
Location: Directly above the center of the Earth.

Re: Linux and malicious "Attack" sites

Postby Roken on Wed Jun 08, 2011 8:45 pm

Bob E wrote:True. I'm not about to go storming past the warning with an "I'm invincible" attitude just because I'm running Linux. To borrow a phrase from Mad Eye Moody: "CONSTANT VIGILANCE!"


??? - We are invincible. If I come across a malicious site I linger there and click all sorts of things just for the fun of it. It's always amusing to see a flash window mimicking a Windows security alert pop up and tell me I have 1000 viruses ;)
Kernel Linux Tex 3.2.2-1 (64 bit) xfce , burg
Arch
ATI Radeon HD 4670, 1GB
OSS4
AMD Phenom II X4 (965BE) @ 3.6 Ghz (Overclocked)
8Gb RAM
Image
User avatar
Roken
Level 5
Level 5
 
Posts: 747
Joined: Fri Nov 19, 2010 4:55 pm
Location: Oldham, UK

Re: Linux and malicious "Attack" sites

Postby daveinuk on Thu Jun 09, 2011 8:47 am

Thanks to ThistleWeb for one of the most concise 'laymans terms' newbie friendly explanations of linux security I've ever read - ever after a year of mucking about with distro's from ubuntu/mint8 when i started to today, i still consider myself very much a newb but i like the learning curve and always take something away every time i visit the forums.

Roken, that's too funny lol . . . . got to admit i did that on my other laptop a while back when i was about to format it and it was funny . . . . . . . . :lol:

I've got the clam av package on now and the ufw firewall and may tweak that further still now after ThistleWeb's excellent security lesson :)
Lenovo ThinkPad T61 LM16-64 bit Intel T7500/2.2GHz/Cinammon 1.8 Intel GM965. Toshiba Satellite M70: LM16-32bit. Desktop:LM13 Maya 64 bit, on new Intel 3.2ghz proc/asus MB/8gb RAM
User avatar
daveinuk
Level 5
Level 5
 
Posts: 978
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.

Re: Linux and malicious "Attack" sites

Postby sgosnell on Thu Jun 09, 2011 10:44 am

Peculate? I'm not sure how that fits in this context. Perhaps you meant to use another verb? :lol:
Asus eee-pc 900 w/ 32GB SSD.
sgosnell
Level 5
Level 5
 
Posts: 686
Joined: Fri Sep 10, 2010 9:32 pm
Location: Baja Oklahoma

Linux Mint is funded by ads and donations.
 

Return to Newbie Questions

Who is online

Users browsing this forum: Bing [Bot], Google Adsense [Bot], Hecubus, karlchen, Morgan2Melman and 28 guests