Linux is secure…right?

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
User avatar
Moem
Level 22
Level 22
Posts: 16228
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Linux is secure…right?

Post by Moem »

CaseyMarie wrote: I watched the companion YouTube video and his system didn't break as he installed it all! I figured I'd be fine as well!
That is highly hardware dependent, so it doesn't guarantee a thing. I'm glad to hear you reinstalled, good call!
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Faust

Re: Linux is secure…right?

Post by Faust »

Hmmm ..... it's not secure simply because it has the word Linux in the name .

There is Damn Vulnerable Linux .....
[ I was going to put a link here but decided against it ]

Okay , that one is deliberately aimed at pen-testers who want to hone their skills
eg Metasploit , meterpreter etc .

@pjotr - No , it's not on github , but it is most certainly in " wild-west " territory :mrgreen:

And no , I do not recommend that folks just casually play around with it !
.... and definitely not if you are connected to the sprawl .
It is intended for a computer lab environment ( VMs , isolated network ... all of that ).

[ Not wanting to state the obvious , but this post is of a light-hearted nature :) ]

Suicide Linux anybody ?
https://qntm.org/suicide

It will sharpen your terminal skills and keep you on your toes , that's for sure !
Just one typo ( mistake / mis-spelling etc. ) and it starts recursively deleting your entire file system ....
..... it's Russian Roulette for terminal addicts :mrgreen:
User avatar
linx255
Level 5
Level 5
Posts: 668
Joined: Mon Mar 17, 2014 12:43 am

Re: Linux is secure…right?

Post by linx255 »

6 years now and have never had a problem.
During that time, none of my Linux computers have ever been infected with any virus or malware. Nor has the computer of any Linux user I know of.
Not to encourage fear/paranoia, but how do we ever really know? Not all attacks are easy to spot. We'll be lucky if there is a log and we have the skills and time to check the logs and look for other clues. In fact, some attacks target hardware and leave no trace on the OS whatsoever except maybe network packets; I'm guessing such attacks are rare, exotic, and highly targeted. Also there are surely caches of zero-days out there. I'd like to know how often Linux / Debian / Ubuntu / Mint ever gets a hold of and hardens against any.
I also get that many noobs are not really "computer people" and can easily perceive Linux server vulnerabilities as linux desktop issues even tough they are different animals.
I wonder if that's mainly because servers offer a great deal more functionality and complexity which naturally means more attack surface. It seems not only were security concerns largely absent from the formative years of computers but Wall Street-controlled software giants don't care about security because the markets generally don't.
Metasploit
I don't know anything about these but curious how vulnerable Linux desktops are to them? Again, not to spread unnecessary fear, but, at least on the surface, metasploit looks intimidating.
- I'm running Mint 18 Mate 64-bit
- 4.15.0-34-generic x86_64
- All my bash scripts begin with #!/bin/bash
User avatar
smurphos
Level 18
Level 18
Posts: 8501
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:

Re: Linux is secure…right?

Post by smurphos »

linx255 wrote: Mon Jul 23, 2018 1:51 am I'd like to know how often Linux / Debian / Ubuntu / Mint ever gets a hold of and hardens against any.
Frequently - https://usn.ubuntu.com/
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
HaveaMint
Level 6
Level 6
Posts: 1088
Joined: Fri Feb 02, 2018 9:56 pm

Re: Linux is secure…right?

Post by HaveaMint »

Pjotr wrote: Sun Oct 08, 2017 1:37 pm
Schultz wrote:And . . . all those links are to trendmicro, which is a company selling stuff. So that needs to be taken for what it's worth (i.e., the more they scare people, the more they sell).
Well put. It's like a toilet cleaner manufacturer claiming that we need to use more toilet cleaner, or lack of hygiene will kill us all. :lol:
This reminds me of "Scented Toilet Paper". :roll:
"Tune for maximum Smoke and then read the Instructions".
User avatar
CaptainKirksChair
Level 4
Level 4
Posts: 457
Joined: Sat Feb 18, 2017 9:29 pm

Re: Linux is secure…right?

Post by CaptainKirksChair »

Security is what the user makes of it. If you have up to date, expensive, anti-malware / anti-virus installed on your Windows computer and you click on every hyperlink on every webpage and install everything without reading what is being installed and just keep clicking NEXT and OK, you're going to end up with the system you deserve: unusable.

Don't blame the software and exonerate the user. The vast majority of desktop computer systems become infected even though "they're protected." You want to have a usable, malware and virus free computer? Then change your computing habits or no matter what software you install you will always be forever having to pay someone to clean the malware and viruses off of your system.
User avatar
majpooper
Level 8
Level 8
Posts: 2084
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Linux is secure…right?

Post by majpooper »

Routers are the weak link in most home networks.
User avatar
lsemmens
Level 11
Level 11
Posts: 3936
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Linux is secure…right?

Post by lsemmens »

CaptainKirksChair wrote: Mon Jul 23, 2018 2:10 pm The vast majority of desktop computer systems become infected even though "they're protected." You want to have a usable, malware and virus free computer? Then change your computing habits or no matter what software you install you will always be forever having to pay someone to clean the malware and viruses off of your system.
THIS. I've seen too many where people have no concept of safe surfing habits. They get an email saying their computer is infected and click on the link in the e-mail and then wonder why they have problems. Or they spend their life chasing "norty stuff" ...... Or, best of all, if one AV package is good, then two or three must be even better...........
Fully mint Household
Out of my mind - please leave a message
User avatar
BG405
Level 9
Level 9
Posts: 2500
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Linux is secure…right?

Post by BG405 »

CaptainKirksChair wrote: Mon Jul 23, 2018 2:10 pm You want to have a usable, malware and virus free computer? Then change your computing habits
Trouble is some people seem to be incapable (or just unwilling) to change those habits, especially when it comes to the "naughty stuff". :(
lsemmens wrote: Tue Jul 24, 2018 4:34 am I've seen too many where people have no concept of safe surfing habits.
+1. And there is just no teaching some people better ways. Used to have a regular job cleaning out all the viruses and other crud from machines, without destroying user data wherever possible (very time consuming) only to see the same machines back within months with the same issues. :x
majpooper wrote: Mon Jul 23, 2018 5:38 pm Routers are the weak link in most home networks.
Mostly the ISP supplied ones, I assume, and others still running the stock firmware.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE
User avatar
CaptainKirksChair
Level 4
Level 4
Posts: 457
Joined: Sat Feb 18, 2017 9:29 pm

Re: Linux is secure…right?

Post by CaptainKirksChair »

BG405 wrote: Tue Jul 24, 2018 11:44 amUsed to have a regular job cleaning out all the viruses and other crud from machines, without destroying user data wherever possible (very time consuming) only to see the same machines back within months with the same issues.
This happens because people refuse to read the install instructions on everything they install. I will admit that some of those instructions are quite confusing and it is unclear as to which button you click to cancel the install because there is NO cancel button. I've even seen some installers that show a window that resembles a dialog box and no matter where you click, the installer starts. You can even click on the big red X in the upper right corner and it won't close the window; the installer begins and you're stuck with the software.

Unfortunately, very few people know how to open the Windows Task Manager and sniff around for the installer EXE so they can kill the process. Which in most cases is the only safe way to stop an unwanted installer.
User avatar
BG405
Level 9
Level 9
Posts: 2500
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Linux is secure…right?

Post by BG405 »

CaptainKirksChair wrote: Tue Jul 24, 2018 1:41 pm .. I will admit that some of those instructions are quite confusing and it is unclear as to which button you click to cancel the install because there is NO cancel button. I've even seen some installers that show a window that resembles a dialog box and no matter where you click, the installer starts. You can even click on the big red X in the upper right corner and it won't close the window; the installer begins and you're stuck with the software.

Unfortunately, very few people know how to open the Windows Task Manager and sniff around for the installer EXE so they can kill the process. ..
This isn't such an issue in Linux though, as far as I know. More care - and, specifically - attention is required of the Linux user when instaling software via the GUI i.e. one has to enter the password; that's why we also have the sudo, gksudo & kdesudo commands.

Not sure how that affects browser compromises though, W.R.T. popups etc.. Never have any of those; only issue is one of my add-ons interrupting my session by opening its "Updated" tab & forcibly switching to it. That is obnoxious behaviour, especially as I lose my place in the tab list, including recently accessed order. :x
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE
User avatar
Portreve
Level 13
Level 13
Posts: 4882
Joined: Mon Apr 18, 2011 12:03 am
Location: Within 20,004 km of YOU!
Contact:

Re: Linux is secure…right?

Post by Portreve »

Viruses back in the day were legitimate full programs. They had highly specialized designs and were very small, but they did all their own work, only making calls to the OS for functions it and it alone had to go do.

Malware of today is pretty radically different. It also comes in so many different forms that it would be hard for actual experts on the matter to list them without making this a TL;DR if they bothered to include enough detail to make the post worthwhile.

More modern-ish era versions of Windows (let's say, from Win95 onward) have always been the textbook example of soft target OSs where exploits and modern day authoring of malware are concerned. Microsoft has always done a piss-poor job of writing their OSs, so much so that when they've gotten to the point of having to overhaul how they do things, they break the living crap out of regular software.

UNIX was designed from the 1960s onward to be explicitly multi-user and, for much of that time, multitasking. Suffice it to say that industry was pretty darned good at it by the time Richard Stallman and his GNU Project, and Linus Torvalds and his Linux Kernel, had come on the scene. Isolation and compartmentalization of all kinds of different things at the OS level has been a significant portion of the how behind the degree to which UNIX and GNU+Linux are inherently more secure than Windows. And in that time, we've had everyone up to and including the NSA itself contributing back to GNU+Linux with better and better ways of producing a more secure OS.

I'll echo Pjotr's comments above that GNU+Linux is more secure than Windows, but it's not inherently immune to malware being written for it. It's just that you can't as trivially compromise someone else's box.

Then again, let's also remember Spectre, etc. Or that CPU that if you type in the same number over and over enough times it gives up the crown jewels. No OS is really ever going to fully compensate for running on a box built with inherently flawed hardware.

The best latex paint in the world can't help it if you insist on painting it over top of oil-based paint, or any other surface which is compromised or ill-prepared.
Flying this flag in support of freedom 🇺🇦

Recommended keyboard layout: English (intl., with AltGR dead keys)

Podcasts: Linux Unplugged, Destination Linux

Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Locked

Return to “Chat about Linux”