Linux and malicious "Attack" sites

[Bob E]

I've seen these before over the years when running Windows, but now that I'm running Linux, I'm curious. Are these type of encounters harmful to Linux as well? I haven't been using Linux long enough to know. I have read articles about Linux and Windows based viruses, but I don't think this is the same.

Last night I went to zap2it.com, a site for TV listings, and encountered the big red warning. [Screenshot: http://i813.photobucket.com/albums/zz59 ... ckPage.png ] I also did a follow-up on the Google Safe Browsing Advisory page for more info. [Screenshot: http://i813.photobucket.com/albums/zz59 ... ngPage.png ] The Google page says it's not currently listed, but at the time of this writing, the site itself still brings up the Warning page if you click on "TV" on their home page.

Just looking for feedback about Linux and malicious attack vulnerabilities such as this.

Thanks in advance for any help.

[ThistleWeb]

Malware is simply a program that's written to exploit another, so there's no such thing as a "PC virus", there's "Windows viruses", there's theoretical "Linux viruses" and "OSX viruses". A program written to exploit some flaw in IE expects to find IE in a specific place in the C:. Linux doesn't even have an C: let alone IE.

The services that track malicious sites like that can mark it malicious for any number of reasons, not just because it hosts (or has hosted) malware that affects Windows. Often these groups have a very strong influence from the "won't someone think of the children" brigade, so even regular sites that go beyond their morals are knowingly reported as serving malicious software, so they get that warning, which is enough to deter most people from investigating.

Flash is still an angle into your PC, regardless of the OS, the pwn2own competition saw Apple with Safari fall first in the last couple of years not because of an exploit on OSX or Safari, but Flash. Scripts can still run to try to throw files at you but they're only going to be a minor irritant on Linux, as there's too many barriers to get infected. You can help yourself by using something like NoScript to only enable scripts from sites you want, as well as Flash blocking and advert blocking.

Malware writers want maximum infections for the longest time before discovery, for this they target Windows. Windows often allows them to script it so it installs secretly, and only shows up after the users anti-virus scanner has detected it.

Linux is so disparate in terms of what people run, that it's all but impossible to actually infect. Exploit in Firefox? Does it work in Fedora? Debian? Ubuntu may place the vulnerable lib in a different location thwarting the exploit, or Frugalware may package it differently, removing the exploit etc. Exploit in Gnome? It won't affect KDE users, it may not affect all Gnome users for the same reason.

If that wasn't hard enough to target, Linux has a solid user / root separation right from the ground up, it peculates through everything, meaning that any admin action needs root privs, which means asking you for a password. If you're savy enough to question that popup box when you didn't trigger it, it's not going to install.

Linux has a vast number of packaging formats too, like rpm, deb. Not all rpms are the same, neither are debs. A deb for Debian Sid may not install on Debian Squeeze, or Ubuntu etc. This narrows down your potential victims, in that you'd have to make a plethora of different binaries and detect them to know which distro to serve one for, knowing the user is gonna be asked for a password at the very least.

After you get passed all that, Linux is open source. Everything is done in the open. Distros talk to each other. So when an exploit is found on one, word gets around VERY quickly, someone patches it, often within a day, and within a couple of days, every distro has patched it, so all your work is for nowt.

Security is an ongoing thing, it's never a one-stop-shop. Linux isn't invulnerable to malware, it's just an incredibly difficult and fast moving target to hit for all the reasons above. As it gains more market share it will be worthwhile for malware writers to try and target it, they will no doubt at some point start to get some success, but Linux is much more secure in the way it's setup and developed. The key is to not do stupid stuff, and put up some basics like a firewall, and script blocking in your browser. After that you can be pretty much assured you don't have to deal with malware.

[Habitual]

Google Safe Browsing (part of every firefox package now) will check w\google first.
http://www.google.com/safebrowsing/diag ... com/&hl=en <--- it's flagged now.
http://www.google.com/safebrowsing/diag ... com/&hl=en <--- same.

Typically, Linux users are not affected by these tactics, but we are bound to GSB as long as we use Firefox.

[Bob E]

Thanks ThistleWeb. This info helped a lot. Running Linux is definitely a new learning curve for me. Even when I was running Windows, NoScript is always the first Add-on I install to FF when starting up a new build, I just wasn't sure how such things affected Linux.

The key is to not do stupid stuff.

True. I'm not about to go storming past the warning with an "I'm invincible" attitude just because I'm running Linux. To borrow a phrase from Mad Eye Moody: "CONSTANT VIGILANCE!"

It's just a shame that, even on a harmless site, the "bad guys" have to mess things up.

[Bob E]

Typically, Linux users are not affected by these tactics, but we are bound to GSB as long as we use Firefox.

Thanks Habitual. It's good to know that it's less of a threat. My reaction to this is pretty much "old habit" from years of Windows surfing, and like I said above, I'm still going to proceed with caution even on Linux.

[Roken]

True. I'm not about to go storming past the warning with an "I'm invincible" attitude just because I'm running Linux. To borrow a phrase from Mad Eye Moody: "CONSTANT VIGILANCE!"

??? - We are invincible. If I come across a malicious site I linger there and click all sorts of things just for the fun of it. It's always amusing to see a flash window mimicking a Windows security alert pop up and tell me I have 1000 viruses

[daveinuk]

Thanks to ThistleWeb for one of the most concise 'laymans terms' newbie friendly explanations of linux security I've ever read - ever after a year of mucking about with distro's from ubuntu/mint8 when i started to today, i still consider myself very much a newb but i like the learning curve and always take something away every time i visit the forums.

Roken, that's too funny lol . . . . got to admit i did that on my other laptop a while back when i was about to format it and it was funny . . . . . . . .

I've got the clam av package on now and the ufw firewall and may tweak that further still now after ThistleWeb's excellent security lesson

[sgosnell]

Peculate? I'm not sure how that fits in this context. Perhaps you meant to use another verb?