LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   Linux Vulnerable (http://www.linuxquestions.org/questions/general-10/linux-vulnerable-399623/)

yenonn 01-04-2006 07:18 PM

Linux Vulnerable
 
http://www.techweb.com/wire/security/175801128

Does it true????

J_K9 01-04-2006 07:25 PM

It may be (I don't have the time to take a proper look at it), but I think you'll find that almost all the Linux vulnerabilities are minor whereas, in the case of M$, a simple image can allow a remote user to take over the system.

Cheers,

-jk

XavierP 01-04-2006 07:49 PM

The list was skewed. And, as is said above, one of our vulnerabilities tends to be pretty minor. Whereas the vast majority of Windows vulns tend to be very major (some might say critical ;))

SciYro 01-04-2006 07:50 PM

no, dont trust that article. If you read /., youll have heard that the US CERT thingy included all UNIX/BSD/Linux/MacOSX in the same group. On top of that, they also included 3rd party software's vulnerabilities in the count for Linux. Also, check out and see how many bugs have gone unpatched .... all in all, those numbers are biased, or at least the person taking those numbers was uneducated and touch "well, they all are *nix, so they must share the same valnurabilitie", something which isn't true.

Epyon 01-04-2006 08:05 PM

They included 3rd party software for the windows count too.

It is unfair though that they lumped multiple operating systems together like that.

sundialsvcs 01-04-2006 10:04 PM

But let us never deceive ourselves to think that "Linux does not get viruses." It does!

The single most fundamental vulnerability of Windows is, not how it is designed, but how it is used. Windows ships with one user, automatically logged-in, who is an Administrator, with no passwords anywhere. No wonder it is a "sitting duck!" The things that viruses do, and succeed in doing, would be forbidden to a non-Administrator user!

It's pure numbers: there are millions of victims out there; the odds of finding one by random probing are excellent.

Unfortunately, OS/X presently ships that way too, although it is slightly more aggressive even in its rather (and totally unnecessarily...) vulnerable state.

The mantra is clear:
  • Your everyday account should be an absolutely-unprivileged "ordinary Joe."
  • Use a separate non-root account for system maintenance.
  • Don't activate any accounts that you don't need/use.
  • Use non-trivial passwords that do not occur in a dictionary, such as those which might be based on some mnemonic phrase. (ALLHMISFAWAS = A Little Lamb Had Mary, Its Silky Fleece As White As Snow.) (AALHMABWID = A Little Lamb Had Mary, And Boy Was It Delicious!) ;)

Epyon 01-04-2006 11:37 PM

How many of the vulnerabilities led to exploits that were seen in the wild for Linux?

Linux may get viruses but in all my years of using it I have yet to encounter one.

arunvk 01-04-2006 11:50 PM

i have been using linux since 2 yrs and not once i felt the need to install a anti virus and restrict my internet browsing for the fear of virus attacks.

XavierP 01-05-2006 09:00 AM

The last time I checked, all of the Linux viruses were proof of concept. Although, I think one or two may have been in the wild, but they didn't actually do anything, because we all run as users and they were pretty poorly coded.

bigearsbilly 01-05-2006 10:21 AM

Quote:

Originally Posted by sundialsvcs
But let us never deceive ourselves to think that "Linux does not get viruses." It does!

does it?
evidence?

I've never ever ever had one, well not one that does anything I know about like pop-ups porn
CPU usage, adware, ethernet usage, or any out of the way behaviour at all.
So maybe I've had one that doesn't do anything at all.

Have you ever had one?
Do you know anyone who as ever had one?

Just interested.

nx5000 01-05-2006 10:27 AM

To evaluate a bit more how dangerous a security hole can be, I've discovered CVSS. It is highly subjective and can only be helped to compare two exploit with big different scores. I also think it is not very maintained anymore but we will see..
It would be interesting to calculate the scores for the flaws you mention.

http://www.first.org/cvss/cvss-guide.html


But let us never deceive ourselves to think that "Linux does not get viruses." It does!

=> I agree, very important to keep it in mind!

bigearsbilly 01-05-2006 10:57 AM

anyone had a virus then?

try "google linux virus maybe?"

jeremy 01-05-2006 11:05 AM

You can see my thoughts on this topic here, but a succinct summary is "those numbers are garbage".

--jeremy

Charred 01-05-2006 11:27 AM

To paraphrase (I've forgotten who), there are "lies, damn lies, and statistics." That article embodies all three.

sundialsvcs 01-05-2006 11:38 AM

There are plenty of vulnerabilities, and it is always prudent to be vigilant. If you don't maintain the mindset of sensible caution, you forget to lock your doors at night.

I think that the main reason why Windows gets such a bad rap is that, most of the time, users are Administrators and have no passwords. There's also the sheer number of them; it's literally a probability issue. But MS also thrust a hole right through the system when they tried to imbed IE so deeply into it that they could tell a court that the two were inseperable. They also clung to compatibility with older applications which diddled with hardware from DOS.


All times are GMT -5. The time now is 10:27 AM.