Linux is secure…right?

Chat about Linux in general
User avatar
Moem
Level 16
Level 16
Posts: 6520
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Linux is secure…right?

Post by Moem » Thu Oct 26, 2017 9:52 am

CaseyMarie wrote: I watched the companion YouTube video and his system didn't break as he installed it all! I figured I'd be fine as well!
That is highly hardware dependent, so it doesn't guarantee a thing. I'm glad to hear you reinstalled, good call!
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Faust
Level 4
Level 4
Posts: 398
Joined: Thu Jul 14, 2016 3:40 am

Re: Linux is secure…right?

Post by Faust » Sun Oct 29, 2017 4:37 am

Hmmm ..... it's not secure simply because it has the word Linux in the name .

There is Damn Vulnerable Linux .....
[ I was going to put a link here but decided against it ]

Okay , that one is deliberately aimed at pen-testers who want to hone their skills
eg Metasploit , meterpreter etc .

@pjotr - No , it's not on github , but it is most certainly in " wild-west " territory :mrgreen:

And no , I do not recommend that folks just casually play around with it !
.... and definitely not if you are connected to the sprawl .
It is intended for a computer lab environment ( VMs , isolated network ... all of that ).

[ Not wanting to state the obvious , but this post is of a light-hearted nature :) ]

Suicide Linux anybody ?
https://qntm.org/suicide

It will sharpen your terminal skills and keep you on your toes , that's for sure !
Just one typo ( mistake / mis-spelling etc. ) and it starts recursively deleting your entire file system ....
..... it's Russian Roulette for terminal addicts :mrgreen:
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

User avatar
linx255
Level 5
Level 5
Posts: 675
Joined: Mon Mar 17, 2014 12:43 am

Re: Linux is secure…right?

Post by linx255 » Mon Jul 23, 2018 1:51 am

6 years now and have never had a problem.
During that time, none of my Linux computers have ever been infected with any virus or malware. Nor has the computer of any Linux user I know of.
Not to encourage fear/paranoia, but how do we ever really know? Not all attacks are easy to spot. We'll be lucky if there is a log and we have the skills and time to check the logs and look for other clues. In fact, some attacks target hardware and leave no trace on the OS whatsoever except maybe network packets; I'm guessing such attacks are rare, exotic, and highly targeted. Also there are surely caches of zero-days out there. I'd like to know how often Linux / Debian / Ubuntu / Mint ever gets a hold of and hardens against any.
I also get that many noobs are not really "computer people" and can easily perceive Linux server vulnerabilities as linux desktop issues even tough they are different animals.
I wonder if that's mainly because servers offer a great deal more functionality and complexity which naturally means more attack surface. It seems not only were security concerns largely absent from the formative years of computers but Wall Street-controlled software giants don't care about security because the markets generally don't.
Metasploit
I don't know anything about these but curious how vulnerable Linux desktops are to them? Again, not to spread unnecessary fear, but, at least on the surface, metasploit looks intimidating.
- I'm running Mint 18 Mate 64-bit
- 4.15.0-34-generic x86_64
- All my bash scripts begin with #!/bin/bash

User avatar
smurphos
Level 6
Level 6
Posts: 1411
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: Linux is secure…right?

Post by smurphos » Mon Jul 23, 2018 2:05 am

linx255 wrote:
Mon Jul 23, 2018 1:51 am
I'd like to know how often Linux / Debian / Ubuntu / Mint ever gets a hold of and hardens against any.
Frequently - https://usn.ubuntu.com/

HaveaMint
Level 4
Level 4
Posts: 305
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in th USA
Contact:

Re: Linux is secure…right?

Post by HaveaMint » Mon Jul 23, 2018 12:05 pm

Pjotr wrote:
Sun Oct 08, 2017 1:37 pm
Schultz wrote:And . . . all those links are to trendmicro, which is a company selling stuff. So that needs to be taken for what it's worth (i.e., the more they scare people, the more they sell).
Well put. It's like a toilet cleaner manufacturer claiming that we need to use more toilet cleaner, or lack of hygiene will kill us all. :lol:
This reminds me of "Scented Toilet Paper". :roll:
"Tune for maximum Smoke and then read the Instructions".

User avatar
CaptainKirksChair
Level 4
Level 4
Posts: 306
Joined: Sat Feb 18, 2017 9:29 pm

Re: Linux is secure…right?

Post by CaptainKirksChair » Mon Jul 23, 2018 2:10 pm

Security is what the user makes of it. If you have up to date, expensive, anti-malware / anti-virus installed on your Windows computer and you click on every hyperlink on every webpage and install everything without reading what is being installed and just keep clicking NEXT and OK, you're going to end up with the system you deserve: unusable.

Don't blame the software and exonerate the user. The vast majority of desktop computer systems become infected even though "they're protected." You want to have a usable, malware and virus free computer? Then change your computing habits or no matter what software you install you will always be forever having to pay someone to clean the malware and viruses off of your system.

User avatar
majpooper
Level 5
Level 5
Posts: 604
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Linux is secure…right?

Post by majpooper » Mon Jul 23, 2018 5:38 pm

Routers are the weak link in most home networks.

User avatar
lsemmens
Level 5
Level 5
Posts: 857
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Linux is secure…right?

Post by lsemmens » Tue Jul 24, 2018 4:34 am

CaptainKirksChair wrote:
Mon Jul 23, 2018 2:10 pm
The vast majority of desktop computer systems become infected even though "they're protected." You want to have a usable, malware and virus free computer? Then change your computing habits or no matter what software you install you will always be forever having to pay someone to clean the malware and viruses off of your system.
THIS. I've seen too many where people have no concept of safe surfing habits. They get an email saying their computer is infected and click on the link in the e-mail and then wonder why they have problems. Or they spend their life chasing "norty stuff" ...... Or, best of all, if one AV package is good, then two or three must be even better...........
Kernel: 4.15.0-24-generic x86_64 bits: 64
Desktop: Cinnamon 3.8.7
Distro: Linux Mint 19 Tara

Laptop T4500 Dualcore 4Gb RAM
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
Out of my mind - please leave a message

User avatar
BG405
Level 6
Level 6
Posts: 1369
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Linux is secure…right?

Post by BG405 » Tue Jul 24, 2018 11:44 am

CaptainKirksChair wrote:
Mon Jul 23, 2018 2:10 pm
You want to have a usable, malware and virus free computer? Then change your computing habits
Trouble is some people seem to be incapable (or just unwilling) to change those habits, especially when it comes to the "naughty stuff". :(
lsemmens wrote:
Tue Jul 24, 2018 4:34 am
I've seen too many where people have no concept of safe surfing habits.
+1. And there is just no teaching some people better ways. Used to have a regular job cleaning out all the viruses and other crud from machines, without destroying user data wherever possible (very time consuming) only to see the same machines back within months with the same issues. :x
majpooper wrote:
Mon Jul 23, 2018 5:38 pm
Routers are the weak link in most home networks.
Mostly the ISP supplied ones, I assume, and others still running the stock firmware.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32---------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
CaptainKirksChair
Level 4
Level 4
Posts: 306
Joined: Sat Feb 18, 2017 9:29 pm

Re: Linux is secure…right?

Post by CaptainKirksChair » Tue Jul 24, 2018 1:41 pm

BG405 wrote:
Tue Jul 24, 2018 11:44 am
Used to have a regular job cleaning out all the viruses and other crud from machines, without destroying user data wherever possible (very time consuming) only to see the same machines back within months with the same issues.
This happens because people refuse to read the install instructions on everything they install. I will admit that some of those instructions are quite confusing and it is unclear as to which button you click to cancel the install because there is NO cancel button. I've even seen some installers that show a window that resembles a dialog box and no matter where you click, the installer starts. You can even click on the big red X in the upper right corner and it won't close the window; the installer begins and you're stuck with the software.

Unfortunately, very few people know how to open the Windows Task Manager and sniff around for the installer EXE so they can kill the process. Which in most cases is the only safe way to stop an unwanted installer.

User avatar
BG405
Level 6
Level 6
Posts: 1369
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Linux is secure…right?

Post by BG405 » Tue Jul 24, 2018 3:11 pm

CaptainKirksChair wrote:
Tue Jul 24, 2018 1:41 pm
.. I will admit that some of those instructions are quite confusing and it is unclear as to which button you click to cancel the install because there is NO cancel button. I've even seen some installers that show a window that resembles a dialog box and no matter where you click, the installer starts. You can even click on the big red X in the upper right corner and it won't close the window; the installer begins and you're stuck with the software.

Unfortunately, very few people know how to open the Windows Task Manager and sniff around for the installer EXE so they can kill the process. ..
This isn't such an issue in Linux though, as far as I know. More care - and, specifically - attention is required of the Linux user when instaling software via the GUI i.e. one has to enter the password; that's why we also have the sudo, gksudo & kdesudo commands.

Not sure how that affects browser compromises though, W.R.T. popups etc.. Never have any of those; only issue is one of my add-ons interrupting my session by opening its "Updated" tab & forcibly switching to it. That is obnoxious behaviour, especially as I lose my place in the tab list, including recently accessed order. :x
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32---------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
Portreve
Level 6
Level 6
Posts: 1282
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Linux is secure…right?

Post by Portreve » Fri Jul 27, 2018 9:31 pm

Viruses back in the day were legitimate full programs. They had highly specialized designs and were very small, but they did all their own work, only making calls to the OS for functions it and it alone had to go do.

Malware of today is pretty radically different. It also comes in so many different forms that it would be hard for actual experts on the matter to list them without making this a TL;DR if they bothered to include enough detail to make the post worthwhile.

More modern-ish era versions of Windows (let's say, from Win95 onward) have always been the textbook example of soft target OSs where exploits and modern day authoring of malware are concerned. Microsoft has always done a piss-poor job of writing their OSs, so much so that when they've gotten to the point of having to overhaul how they do things, they break the living crap out of regular software.

UNIX was designed from the 1960s onward to be explicitly multi-user and, for much of that time, multitasking. Suffice it to say that industry was pretty darned good at it by the time Richard Stallman and his GNU Project, and Linus Torvalds and his Linux Kernel, had come on the scene. Isolation and compartmentalization of all kinds of different things at the OS level has been a significant portion of the how behind the degree to which UNIX and GNU+Linux are inherently more secure than Windows. And in that time, we've had everyone up to and including the NSA itself contributing back to GNU+Linux with better and better ways of producing a more secure OS.

I'll echo Pjotr's comments above that GNU+Linux is more secure than Windows, but it's not inherently immune to malware being written for it. It's just that you can't as trivially compromise someone else's box.

Then again, let's also remember Spectre, etc. Or that CPU that if you type in the same number over and over enough times it gives up the crown jewels. No OS is really ever going to fully compensate for running on a box built with inherently flawed hardware.

The best latex paint in the world can't help it if you insist on painting it over top of oil-based paint, or any other surface which is compromised or ill-prepared.
Everything is in hand. With this tapestry... and with patience, there is nothing one cannot achieve.

No hamsters were harmed in the authoring of this post.

Post Reply

Return to “Chat about Linux”