Linux Mint Forums

[stevefed5291]

lol, thank you but I managed to find it

[_h_]

lol, thank you but I managed to find it

I was under that assumption, but still posted the link for everyone else wanting it to get it.

[outdoorart]

This is one of the best threads I've seen on linux security issues - really good links.

I'm very new to mint and am loving it. The only thing I'm uneasy about is the warnings that everything I try to download via synaptic is potentially a threat. I don't know if this is the same risk as with other distros, and mint just points it out; or if the mint repositories really are less secure than others.

When brought up in other threads, the answer is always "just ignore the warning". Which is partly why I'm posting to this thread. With linux as secure as it is, the biggest threat would seem to be social engineering. Getting people in the habit of ignoring warnings might not be a good thing. Does anyone agree, or am I out of line?

[stevefed5291]

I'll agree. It seems to me that as of late I've been seeing more and more people treating warnings of that type as an necessary interference designed solely to prolong the task at hand, particularly with the concept of su/sudo/root. People tend to see it as an extra step in the process, rather than a security feature and as a result whenever something doesn't work the first thing they try is appending 'sudo' to the front of the command. I've even had some people tell me they run as root, all the time.

I'm in no way against the use of sudo, it is a fantastic tool, but many people (the so-called noobies in particular) will point the super-user gun at anything that doesn't work with non-root permissions. This is incredibly dangerous if you don't know the particulars of what your are running as a super user. Mint does sudo a little differently than other distros to begin with. When you install it and create a user, by default they have super-user privledges and can use sudo/gksu freely. Since Mint is such a user-friendly distro, it functions as a gateway-drug if you will to the Linux world. I feel that the misconceptions around sudo are created there, and stay ingrained with the user who has not had any Linux experience prior.

[KevinDks]

This thread seems to be exactly what I was looking for, but could I please check that I have understood something correctly?

I have just installed Mint, dual booting with Vista on my PC. The reason I've done this is that I spent quite a lot of last Saturday removing one of those fake anti-virus malwares from my daughter's Vista laptop, the kind that has pop-ups with false virus detections and proceeds to take over the whole computer. Anyway, I "knew" about Linux being more secure, and so I thought that it would be worth looking into the distros that are available now, which is how I found Mint.

So, looking at this other thread in the forum, about malware taking over Firefox, it sounds similar to what my daughter had in Vista:

http://forums.linuxmint.com/viewtopic.php?f=90&t=42966&p=247495

If I have understood that thread and this one correctly, the malware involved is Java script, so it runs in the browser regardless of the operating system, and installing a Firefox add-on to stop Java script running would stop it happening. The user in that other thread seemed to get the virus starting up with Firefox even after rebooting, but it was fixed by simply uninstalling Firefox and installing it again. Does that mean that somehow the Java script was added to Firefox? In Windows some of those viruses install keyloggers as well, but according to this thread such a thing would be impossible in Linux. Have I got that right?

Many thanks

Kevin (loving Mint by the way; almost everything works out of the box, unlike other distros I've tried in the past)

[stevefed5291]

Well malicious javascript could run in your browser, however Windows viruses can't run on Linux because... well it's a different OS . At worst it will render your browser unusable and you'd have to reinstall it. However I think the page being revived with every reboot of firefox has to do with the way firefox saves your tabs when you exit it. So If you're on the malicious site and exit firefox, when you restart it will just browse back to that page again. It always is handy to have multiple web browsers on your computer should something like this happen, however its almost unnecessary in Linux. In Windows if a browser craps out on you and you don't have another one installed your in a bit of a pickle since you would need a working web browser to go download a different one. In Linux if Firefox or other becomes unstable, you can just uninstall/reinstall through the repositories, or install a different web browser all together via the same method.

You can always turn javascript/java off or use noscript, however you'll quickly find that MANY legitimate sites use java/javascript and you would constantly have to make exceptions. If you don't mind doing this however, no script can be incredibly useful.

As for the keylogger... I'm sure you COULD write one to run on Linux, but I've never seen one. All malware tends to be Windows-focused since its the most commonly used platform, and the viruses can effect more people simply because more people use Windows.

[KevinDks]

You can always turn javascript/java off or use noscript, however you'll quickly find that MANY legitimate sites use java/javascript. and you would constantly have to make exceptions. If you don't mind doing this however, no script can be incredibly useful.

That's a very good point, which I hadn't considered. I think I'll "suck it and see" for a while, to work out how much of a pain it would be.

As for the keylogger... I'm sure you COULD write one to run on Linux, but I've never seen one. All malware tends to be Windows-focused since its the most commonly used platform, and the viruses can effect more people simply because more people use Windows.

Yes, thanks for confirming that. It's my main worry with the virus on my daughter's Vista machine - I managed to get rid of the popup in Firefox, and scanned with AVG and some anti-spyware tools with updated profiles. Didn't find anything, but that doesn't mean there isn't something still there. As you say, that wouldn't be a problem in Linux.

Thanks for the rest of your answer Steve, it confirmed what I thought I had understood, and I appreciate it.

Kevin

[stevefed5291]

Actually there are a number of keyloggers for Linux, most recent among them being logkeys,
which is hosted by Google projects.

Sorry, I should have refined my train of thought, I meant in the sense of a typical malware keylogger, One that you would not have put on your computer intentionally. But this still doesn't mean they don't exist, I've just been lucky enough to have never seen one 'in-practice' on my Linux boxes, one of which is a server.

The 'malware-market' certainly does cater to Windows more so than any other OS, and with each new virus-scare I'm a little happier that I got off of that boat when I did. Nothing brought me more enjoyment in this past year than to be able to smugly tell people that confliker was (in the truest sense of the phrase) 'no-problem' for my computers whilst all the Windows-users set their firewalls to panic-mode.

[mathazar102]

This most definitely applies to Linux too. Anyone with a little know-how can code malware
for Linux. However the point is why would anyone bother? The so-called
malware-market is essentially "catering" for Windows. Linux is not the target

I agree with this statement. However, Linux is gaining popularity and computer vendors such as Dell are selling computers with Ubuntu installed on them right-out-of-the-box. I would not be surprised if in the near future if more malware will be written with Linux users in mind.

[vincent]

Just my humble opinion, It is far from safe to assume that Linux is impenetrable to malware, and is misleading to let new Linux users follow this train of thought. As Microsoft and Apple keep implementing more security measures to hinder malware on their respective OS'es, malware makers are turning towards other, more vulnerable targets, software products that are widely installed on home PCs and are often neglected to be updated, namely the various Adobe products out there (e.g. Flash, Shockwave, Reader, etc.) and Java as well. These are all cross-platform applications, and malware can have cross-platform implications as well.

A lot of the security that comes with Linux distros like Ubuntu and Mint comes from the rigid permission system, which stops a regular user from directly damaging their computer due to read access only on many directories in your system where important config files reside. That being said, you have read, write, and execute permissions by default from your Home folder, which contains all your data, and all user-specific config settings for your programs. That means that you could fall victim to a drive-by download in Firefox and have nasty stuff injected into your Home folder that can sift through your personal data that you keep in your Home folder (data loss and identity theft, anyone?) and tinker with your own config files (what config files, you ask? Go to your /home directory, and press CTRL + H. All those hidden directories can be compromised easily), so that your programs do stuff they shouldn't do. I've heard of an example where a Linux user got their Firefox contaminated and had his homepage directed to a page he didn't want everytime he started Firefox. You can, of course, delete the .mozilla folder, but if you don't have ClamAV or another virus scanner and leave the virus or whatever you have in your Home directory, it could just mess up a new .mozilla folder that you create. Once a virus or something gets into your system, even without root privileges. if you leave gaping security holes in your programs (especially with daemons with root privs) or have skewed security settings, you run the risk of having that virus escalate and gain root privileges anyhow (not entirely sure how that works though), and if any malware attains root privileges, you're screwed.

Don't assume that just because you're running Linux, you're safe. Most vulnerabilities nowadays reside not in the OS itself (even with the case of Windows and Macs), but from improper security settings or other security loopholes that reside in your system not tied with your OS, but has the privileges to alter it (take a look at all the applications you have...while this may sound a bit paranoid, all of them can be a security risk to your system, and although Linux does a good job in securing itself, it's up to you to secure your programs and your data. This means a firewall, regular updates to not just your OS, but Flash, Java, that kind of stuff, and proper Samba/Remote Connection settings if you use those services. Other 3rd party tools, like NoScript, help to secure vulnerabilities in your applications, and whenever possible, you should restrict the privileges you give to your applications. This is where mandatory access control (MAC) tools like SELinux and AppArmor come in. One caveat I have with Mint is that neither of them are installed, while many other popular distros have one or the other installed (Fedora/RHEL has SELinux by default, Ubuntu and [open]SUSE have AppArmor by default). They shouldn't incur a noticeable performance hit (although I suppose it really depends on how you configure them), so I see no reason why they shouldn't come pre-installed.

[Kaye]

Vincent,

Although much of what you say has truth to it (mainly that a virus could mess with your home directory), you're taking the implications of something like that too far. There is no way for a virus to magically gain root privilege by accessing your home directory. Additionally, for many of the things to conspire that you've addressed, the user would have to purposefully disable security features in many applications after downloading them - something that simply won't happen.

The point of this thread wasn't to make people feel like they can do whatever they want. Even with an AV a completely careless person will find a way to infect their system. Clearly anyone interested in this thread is also interested in the integrity of their system. Why would anyone disable their firewall or something like that? The point of the thread was to bring to light the fact that an AV program is, for the average home user, unnecessary. Many of the users on this forum (myself included) have been running AV free for years now with absolutely no problem whatsoever.

[Fred]

vincent,

To the best of my knowledge, I don't know of any way you can get a java app. or anything else to run and access anything outside of the Fire Fox catche unless it places a file on the desktop, (you have to allow that), and references it in the auto start file, then starting it on boot.

By-the-way, your home folder does not have read write execute privileges for all by default. If yours is set to 777 it is because you set it that way. It should be 644 by default, but can be made tighter if you like, ie. 600.

If Fire Fox was completely broken by malware, it may be possible to "see" what is in the user's home directory. I haven't given much thought to that, but I would concede that if you worked at it you could probably pull it off. Fire Fox would have to be very broken though.

If what happens in Fire Fox bothers you then isolate it. Let Fire Fox be owned by another user and allow yourself group execute privileges. Voila, It no longer matters what Fire Fox wants to look at. It doesn't have access.

If you are paranoid about downloading something to your desktop, where it will execute without the execute flag, then set the desktop ownership to root and allow only read access. This forces you to download to a folder that you can't execute from. Also, set your "auto startup" folder to root ownership and allow only read access to it to.

Now Fire Fox is completely isolated. It can't see anything or write anything to your data or operating system. Regardless of what happens to it.

I also use tmpfs mounts for /tmp, /var/tmp, and the Fire Fox catches, but that is a little different issue.

You don't need AppArmor or SELinux. What you need to do is spend some time learning about the ownership and permission system in Linux. You will be surprised at how flexible and inventive you can be in protecting and controlling your system, data, and venerable apps.

Fred

[vincent]

Ok, I concede that I still have a lot to learn about Linux security. My past experiences with Windows have made me somewhat paranoid about computer security.

My overall impression so far is that I think Linux relies a bit too much on its permission system to secure itself, which was really what I was trying to imply in my earlier post. I'm not saying this is a bad thing, and Windows would do well to learn from Linux not to default to an Admin account which many home PC users won't bother changing, but anything that makes it past the rigid permission system and gains root access by some kernel vulnerability, zero-day remote exploit, or just plain negligence from the user would be able to wreak havoc on the OS with practically no way of stopping that piece of malware (if it gets root privs, it can do anything, right?). It seems that malware prevention in Linux revolves mostly around the idea of making sure that the virus never gets root access, and if it does, it's game over...or am I missing something?

Fred, isn't the default permission setting for /home 755? I could be wrong though, and I probably am. The thing is, there seems to be a trade-off with permission settings; the less permissive you are, the less functionality you'll get. If you really want to protect a file from anything besides being read, 400 works great, but that really limits what you're able to do with that file. This is one of the reasons I like Apparmor...it gives you (from what I've seen so far) more fine-grained tweaking to permission rights. Let's use Firefox for example; with your /home directory set to 644 or 755, Firefox will be able to write stuff to it, which is important if you download files to ~/Downloads or you install some addons for Firefox so that the addon's files have to be written inside ~/.mozilla. However, if Firefox was taken over by malware, it would also have access to write anywhere else within the /home directory, something you probably won't want. Apparmor can restrict Firefox's write access only to the directories you want, like Downloads or .mozilla. On second thought, I bet you could probably set Downloads and .mozilla to 644 or 755 permissions and set your entire Home folder to a more restrictive permission, but this is (in my opinion) more easily configurable with Apparmor, and it's less dangerous to screw up with permission settings in AppArmor than it is with chmod/chown because you can at least backup your Apparmor config settings before you make any changes and restore them if something goes bad, but there's no record of any chmod/chown commands run previously, so you'll have to undo the changes you made with chmod by hand, which can be risky...

...Or maybe I need to learn more about chmod before I make more errornous statements.

[Fred]

vincent,

Good post. You are thinking. I like that.

My overall impression so far is that I think Linux relies a bit too much on its permission system to secure itself, which was really what I was trying to imply in my earlier post.

The ownership/permission system in Unix/Linux is much more fine grained than with Windows. It ties in nicely with the unified file system. In Unix/Linux everything is a file/folder. No device, real or virtual, can be recognized, used, or manipulated unless it is mounted to a file/folder in the file system. Therefore, controlling what can be done with a file and who can do it is a powerful tool to control access.

It is debatable of course, but I think the biggest single flaw in the Windows system is the executable extension. Anybody, from anywhere can attach the .exe extension to a file and Windows will try to run it. In Linux this is part of the permissions system. Files can not be executed, with one exception, unless the execute flag is set locally. And then it can only be run with the permissions of the user that owns it.

This system may seem simplistic. It is in its' basic concepts, but there are almost endless possibilities in its applications and uses. SELinux is an outgrowth or set of extensions that just expands the granularity of these permissions. I am not that familiar with AppArmor, having only used it a few times, but it too expands upon the basic permissions to control what resources applications have access to as well, often called DAC or MAC. It is kinda like group permissions on steroids.

In my opinion, using SELinux or AppArmor on a desktop system is at best over kill. At worst, a waste of resources and a maintenance nightmare on a system that is constantly changing, as desktops typically do, and is a pain to have locked down.

... but anything that makes it past the rigid permission system and gains root access by some kernel vulnerability, zero-day remote exploit, or just plain negligence from the user would be able to wreak havoc on the OS with practically no way of stopping that piece of malware (if it gets root privs, it can do anything, right?). It seems that malware prevention in Linux revolves mostly around the idea of making sure that the virus never gets root access, and if it does, it's game over...or am I missing something?

Yes, you are correct. Root is God, and can do anything. If root tells the system to burn down you neighbor's house, shoot your dog, throw your wife out on the street, and then self destruct, ie commit suicide, it will promptly and happily do so without warnings or regrets.

The only flaw in your statement is about the virus. A virus must not only be able to live/run on your system but it must be able to replicate/infect other machines. This is a problem with Linux machines, hence the difficulty for Linux viruses surviving in the wild. To date, most Linux users don't invite/enable viruses to run on their boxes by operating in root or doing other dumb things. That may change as more and more Windows users with bad habits migrate to Linux though. Time will tell.

When bad mouthing Windows users I should, in a sense of fairness say that it isn't all the Windows user's fault. In fact, it is more Microsoft's and their proprietary software partners fault. They have never really built a multi-user networking system and software stack. Much Windows software has to be run as root to function, and Microsoft has traditionally if not encouraged it, certainly allowed it to happen. Microsoft has spent untold fortunes indoctrinating users with bad habits and pervading false assumptions.

Fred, isn't the default permission setting for /home 755? I could be wrong though, and I probably am. The thing is, there seems to be a trade-off with permission settings; the less permissive you are, the less functionality you'll get.

You should not have the ability to execute things in your home folder. The exception to this is your auto start folder. I can't say for sure, as I don't have Mint 8 currently installed on this box, but it should not be 755. 644 is usually the default on most desktops and past versions of Mint but it is up to the distro developer of course. You last thought would be better expressed using the word "flexibility" in place of the bold in your quote. The functionality is still there, it just isn't accessible.

Below is a post that may start you down the permissions path. Just be careful when playing with permissions and think through what you need to do. A short pencil is better than a long memory when trying to explain to someone how you managed to break your system.

viewtopic.php?f=90&t=34206&p=197520&hilit=Fred+mess#p197520

Fred

[vincent]

I'm starting to see why Linux's simplistic permission system really works quite well...as long as you don't mess with it too much, you pretty much have out-of-the-box secure permissions as Linux is configured with the "least user access" mentality, which isn't necessarily true for WIndows. Anything that doesn't have to be run as root normally isn't, and only trusted applications and processes should ever be run as root only when necessary. Linux leaves it up to the user to determine what's trustworthy and what's not, but over time you'll gather enough experience to make sound judgments yourself. Hopefully I now have a good start to build upon my own experience.

Thanks for the links, Fred. I just tried chmod on some folders I created in my home folder, and I've gotten somewhat more comfortable with it. However, I still appreciate AppArmor's flexibility because it allows you to restrain specific applications, daemons, and services in what they're allowed to access and modify, even root daemons and services, while chmod only allows you to change permissions for individual files and folders, which are fine for normal users but do not restrict root at all, because root has the power to read, write, and execute everything, everywhere it wants to. While I don't think anyone is foolhardy enough to run Firefox as root and surf the web with it, I can still see the value of having AppArmor-like restrictions for any program that suddenly goes berserk, for whatever reason.

[Syntax Errors]

Thanks, I started using "No Script" right after reading this message. Very informative, especially for a newer MINT user like myself. So far I am in love with MINT. Only next thing I need to find out is if Open Office is a direct replacement for WORD 2007, or at least WORD 2005 that I am forced to use throughout all my college courses. Farewell and thanks again....!

[vincent]

OpenOffice.org vs MS Office has nothing to do with the topic of this thread, but I'll answer your question anyways. Whether or not OOo Writer will be a valid replacement for MS Word depends on your own needs, but for the average user, OOo is fully functional and does everything they've come to expect from Word. Of course, the UI does seem to be a bit old (current version of OpenOffice's user interface is akin to MS Office 2003...no fancy ribbons or anything, just classic menus and toolbars), but other than that, you'll find that Writer should satisfy your needs, unless you need to write and use a bunch of complex macros or something like that. One thing of note though; if you share documents with others on a regular basis, do make sure to set OOo so that it automatically saves your files in Office 2003 compatible formats (e.g. .doc, .xls, .ppt, etc.), instead of the OpenDocument Formats that OOo currently uses (e.g. .odt, .ods, .odp, etc.), otherwise your fellow students and professors may be unable to open your files. You can ask them to download a plugin from Sun that enables them to read OpenDocument files, but it's more convenient to save your files in a format which they can read by default.

[Kaye]

Although saving in the proprietary formats is a double edged sword, since Word can read the OO formats flawlessly, but the OO to .doc conversion can sometimes be a little rough around the edges.

[Kaye]

Wow.. Wish I knew what that post said

[Pierre]

since Word can read the OO formats flawlessly

which Word version is that?.