LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Laptop and Netbook
User Name
Password
Linux - Laptop and Netbook Having a problem installing or configuring Linux on your laptop? Need help running Linux on your netbook? This forum is for you. This forum is for any topics relating to Linux and either traditional laptops or netbooks (such as the Asus EEE PC, Everex CloudBook or MSI Wind).

Notices

Reply
 
Search this Thread
Old 07-17-2012, 11:57 PM   #1
edbarx
Member
 
Registered: Sep 2010
Distribution: Used Debian since Sarge. (~2005)
Posts: 326

Rep: Reputation: 18
viruses/malware etc: Is my Debian GNU/Linux system protected?


Reading a current thread from forums.debian.net about multiplatform viruses and malware, I am becoming preoccupied that my Debian system is vulnerable. The problem is accentuated even further because I use Gnu/Linux exclusively for all my computing needs. In other words I access my bank accounts online, I pay my bills online, etc.

The State of My System:
a) I make regular updates to keep up with any security updates
b) I have arno-iptables firewall enabled
c) I have all ports closed
d) I use privoxy to filter unwanted web-content (ie ads, etc.)
e) I use Add Block Plus
f) I use iceweasel aka Firefox.

Is my system protected against multiplatform scumware because the shivers I used to have when I still used MS Windows are starting to haunt me again?
 
Old 07-18-2012, 12:20 AM   #2
towheedm
Member
 
Registered: Sep 2011
Location: Trinidad & Tobago
Distribution: Debian Squeeze
Posts: 585

Rep: Reputation: 118Reputation: 118
I believe the malware you're referring to is Java related. Of course, you can always install an anti-virus app.
 
Old 07-18-2012, 01:00 PM   #3
edbarx
Member
 
Registered: Sep 2010
Distribution: Used Debian since Sarge. (~2005)
Posts: 326

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by towheedm View Post
I believe the malware you're referring to is Java related. Of course, you can always install an anti-virus app.
GNU/Linux is different from Windows, I don't imagine it requires the same scanning regimen like Windows. This should mean there are other more suitable solutions.
 
Old 07-18-2012, 02:41 PM   #4
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with Slackware 14.
Posts: 2,593

Rep: Reputation: 535Reputation: 535Reputation: 535Reputation: 535Reputation: 535Reputation: 535
Quote:
Originally Posted by edbarx View Post
Is my system protected against multiplatform scumware because the shivers I used to have when I still used MS Windows are starting to haunt me again?
Paranoia sems to be the biggest problem here don't you think? The thing with "multiplatform" malware is it is exactly that, "multiplatform". If you travel around the internet doing stupid things you will get stung but it will most likely just infect the application that it was designed to enter the system through. If you run as root without need you will allow things to enter your system even easier. The trick is not to do stupid things and only run as root for things like updating etc. Keep your system up to date (daily) and you can be 99% (this is a figure of speech not a gaurantee) that your system is as secure as it can be. There is always more you can do but being careful is the best protection.
 
Old 07-18-2012, 04:13 PM   #5
edbarx
Member
 
Registered: Sep 2010
Distribution: Used Debian since Sarge. (~2005)
Posts: 326

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by k3lt01 View Post
Paranoia sems to be the biggest problem here don't you think? The thing with "multiplatform" malware is it is exactly that, "multiplatform". If you travel around the internet doing stupid things you will get stung but it will most likely just infect the application that it was designed to enter the system through. If you run as root without need you will allow things to enter your system even easier. The trick is not to do stupid things and only run as root for things like updating etc. Keep your system up to date (daily) and you can be 99% (this is a figure of speech not a gaurantee) that your system is as secure as it can be. There is always more you can do but being careful is the best protection.
I was of the opinion expressed in this post, but a thread in offtopic on forums.debian.net, argued that a compromised executable may lead to an escalation of privileges, and to stress his point, the poster insisted that this should not be very difficult to accomplish. So, definitely, it is not paranoia on my part, but on forums.debian.net, and I am becoming preoccupied because that forum is renowned for good quality threads.
 
Old 07-18-2012, 07:15 PM   #6
towheedm
Member
 
Registered: Sep 2011
Location: Trinidad & Tobago
Distribution: Debian Squeeze
Posts: 585

Rep: Reputation: 118Reputation: 118
http://www.zdnet.com/cross-platform-...ux-7000000656/
 
Old 07-18-2012, 07:18 PM   #7
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with Slackware 14.
Posts: 2,593

Rep: Reputation: 535Reputation: 535Reputation: 535Reputation: 535Reputation: 535Reputation: 535
Edbarx, when I say don't do stupid things that also means only use trusted packages. If you go and do the "typical Windows thing" and install packages of unknown quality you can indeed install a compromised package. The thing is with Debian you have everything available that you will most probably need. There is, for the most part, no need (unless of course you want to go beyond a simple Debian system) to install things outside of Debians repositories. There are some repositories that are trustworthy, Debian Multimedia is a good example, but it is always a good idea to only use trusted sources.
 
Old 07-18-2012, 10:08 PM   #8
jefro
Guru
 
Registered: Mar 2008
Posts: 11,156

Rep: Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365
Why don't you use a live cd?

If you need to protect the system then don't connect it to the internet and don't use an untested media in it like usb or cd.
 
Old 07-18-2012, 11:16 PM   #9
edbarx
Member
 
Registered: Sep 2010
Distribution: Used Debian since Sarge. (~2005)
Posts: 326

Original Poster
Rep: Reputation: 18
Since, the threat, apparently, is java related, an application which monitors, and if necessary blocks java executables from running, should be enough.

I opened this thread because I would like to know how realistic the claim that GNU/Linux can be compromised by malware, viruses and any form of scumware, in reality is. I only install packages from debian.org, from debian-multimedia and from an official debian mirror situated in France. Moreover, I install packages through apt (requiring the root password) and I don't do desktop or window manager root logins. I only have sudo enabled for a single script I created myself placing it in /sbin. I changed the script's permissions to match those of the executables found in /sbin adding the limitation that only root can read and write to the script.

I have a very stringent policy of keeping with reliable sources and I don't judge a source's reliability myself.

Last edited by edbarx; 07-18-2012 at 11:30 PM.
 
Old 07-18-2012, 11:49 PM   #10
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,912
Blog Entries: 15

Rep: Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746
If you need antivirus and antimalware tools for Linux, ClamAV and RKHunter are the best tools you can use. Linux isn't as prone to getting malware because it's a minority OS and has hundreds of varied distributions, but that doesn't mean that it's completely invulnerable to being attacked in the future.

Your best bet if you feel the need, is to just get protection tools, run them regularly to scan for problems, and be active in your system's security administration.
 
Old 07-19-2012, 04:59 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,014
Blog Entries: 54

Rep: Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764
Quote:
Originally Posted by k3lt01 View Post
Paranoia sems to be the biggest problem here don't you think?
Lets give it a less negative spin and say it's a problem of knowing your enemies?


Quote:
Originally Posted by k3lt01 View Post
If you travel around the internet doing stupid things you will get stung
That's only partly true.

Take for instance the cases of compromised sources. Distribution maintainers use upstream sources to create distribution packages. In more than a few cases (tcpdump (2002), Sendmail (2006), Unreal IRCd (2010), ProFTPd (2010), kernel.org (2011)) but excluding the kernel.org case attackers got away with injecting foreign code in source archives. Most of this boils down to a different kind of stupidity: developers, distributors and end-users placing implicit trust in something or somebody or imagining trust relationships where there aren't any. Running Open Source Software means everybody has the chance to examine and validate the source they run. By choosing not to do so or by choosing to defer responsibility to a distribution you should be aware of the potential risk. Still there are developers, distributors and end-users who shrug off providing or mandating source package verification as unnecessary. (And I'm not talking MD5 or SHA1 hashes but GPG signatures.)

Another example. While this should not draw away attention from other distributions having had similar problems, Debian machines got compromised in 2003 and again in 2006 by attackers exploiting kernel bugs. And sure such remotely exploitable vulnerabilities can only lead to a compromise if an attack surface is or remains available, and sure it's stupid if you don't update to a kernel version the moment it's released if it fixes known vulnerabilities but it's got nothing to do with "traveling around the Internet doing stupid things".

Yet another example: centralized advertising distribution services. A lot of sites use them because it takes away the need for individual sites to spend time on configuring for target audiences, acquisition, billing and other administrative tasks. And while scrutiny at reputable distributors is good at most times it has occurred on several occasions bad ads got through. Sure you can defend yourself against this by disabling unnecessary or unwanted browser features, disabling plug-ins, selective filtering and content scrubbing but the point here is you don't have to do "stupid" things to be involuntarily exposed to such risks.

While the final problem currently is more the focus of networked hardware like routers, smartphones and tablets running certain other Operating Systems, nefarious activity doesn't limit itself to easily identifiable, cross-platform attempts at malware like Koobface. Certain Operating Systems harvest information and share it with the vendor without the owner being able to limit or combat this (much?). Applications that are not or appear to be vendor-approved hunt for and siphon off credentials, financial information, Intellectual Property or just run new versions of old dialer scams via SMS, etc, etc. (As for the stupidity part: one of the tenets of common sense, and this lesson unfortunately has to be re-learned again and again on-line and off-line is that if something looks to good to be true then it is too good to be true.)
Sure. The above is a problem with other OSes. And while the Microsoft-induced definition of "malware" may not apply due to OS architecture, what delivery methods like the GNOME "Waterfall" screensaver of 2009 (command execution), Firefox plugins like "Master Filer" (Microsoft only) and various other ones like PDF, Flash, Quicktime have in common (apart from problems due to licensing, laxity wrt distributor responsibilities, scrutiny, hardening and updates, unsafe browsing practices, gullibility) is that when subversion takes place solely in unprivileged user space (maybe just even within a browser, its plugins, Javascript or Flash action script) this may transcend protection offered by some traditional (or traditionally deployed) defenses. (Similar to the shift from rootkits requiring escalation of privileges to web stack-based malware that happily runs as the user the web server runs as.) UNIX-like separation of privileges (capabilities, accounts) provides enough isolation for an unprivileged user to have a dependent library cause a segfault and still be able to use the Desktop Environment, blow up a web browser or file manager and still be able to use X11 / Xorg or blow up X without having to reboot the machine. So a mix of measures like staying secure by updating software (does not thwart social engineering or keep plugins from running), running a Live CD (may lack unprivileged accounts which would mean running software as root), DAC rights (does not protect against browser attacks), using an unprivileged account (protects the system but nothing else), scanning with antivirus (would only work if scanning continuously, with up to date signatures and if it can actively halt activity), scanning with RKH (it's a post-incident tool and not meant for such malware), blocking certain applications from running (so what about the other apps or the ones needing only a browser?) may protect the user from running (into) certain forms of malware but do traditional defenses and listed measures protect the user well enough? And how would one know? And would that still hold true when confronted with new, less easily identifiable malware?..
 
Old 07-19-2012, 06:37 AM   #12
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with Slackware 14.
Posts: 2,593

Rep: Reputation: 535Reputation: 535Reputation: 535Reputation: 535Reputation: 535Reputation: 535
Quote:
Originally Posted by unSpawn View Post
Lets give it a less negative spin and say it's a problem of knowing your enemies?
Ok let's and let's consider the OPs initial post while we are at it. He specifically mentions Windows, I am suggesting there is a WIndows mindset still happening.

Quote:
Originally Posted by unSpawn View Post
That's only partly true.
In the context of the Windows reference it is pratically 99.9% accurate. However, people who travel around the internet doing stupid things will get stung no matter what type of OS they are on.

Having said that vulnerabilities occur with any system, with Linux it is much harder to introduce them if you follow good security practices. As you mentioned. Yes distros like Debian and some packages have problems but what OS doesn't have that and how many (percentage wise) of Linux machines are compromised compared to the same percentage of Windows machines? I agree with the crux of what you posted but taking the OPs last sentence at face value it seems there is a certain level of fear (a nicer word if you will than paranioa) that is not really justified considering the infection ratio as a % of OS type.

Last edited by k3lt01; 07-19-2012 at 06:38 AM.
 
Old 07-19-2012, 02:02 PM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,014
Blog Entries: 54

Rep: Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764
Quote:
Originally Posted by k3lt01 View Post
Having said that vulnerabilities occur with any system, with Linux it is much harder to introduce them if you follow good security practices.
Sure but I'm trying to move beyond infection rate, focus on Linux and explore which security practices would actually help combat malware. Maybe I should have posted what I wrote in a separate post. Mostly I've been using your line just as a hook, everything from "Take for instance .." on isn't really a reply.
 
Old 07-19-2012, 03:35 PM   #14
jefro
Guru
 
Registered: Mar 2008
Posts: 11,156

Rep: Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365Reputation: 1365
There is no secure OS. Some of the main threats are the applications on it. I would assume any system to be vulnerable.

The world is full of automated hackers with nothing to do but steal. Their country won't do anything to stop them and may encourage them. They have turned their attention from Windows systems to unix and linux. Everyday we read about sites that have been hacked. They were both linux and windows sites.

Any OS that has best practices applied to it would be less vulnerable. That doesn't make it secure.
 
1 members found this post helpful.
Old 07-19-2012, 10:36 PM   #15
ReaperX7
Senior Member
 
Registered: Jul 2011
Distribution: LFS-SVN, Slackware-14.1, PCBSD-10.0
Posts: 2,912
Blog Entries: 15

Rep: Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746Reputation: 746
Hardened Gentoo and OpenBSD may be some very secure operating systems but they are FAR from being 100% invulnerable to attacks and malicious software.

Security isn't something you have out of the box, it's something you have to administrate and manage continuously through tests and checks to ensure everything is safe for the time being.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Security: Linux, OS X, Unix and Malware (Viruses) LXer Syndicated Linux News 0 12-01-2011 08:00 AM
Linux viruses/malware? newbiesforever General 23 09-25-2011 04:35 PM
Configuring GNU/Linux against viruses Mr. Alex Linux - Security 2 11-18-2010 02:33 PM
LXer: On Bugs, Viruses, Malware and Linux LXer Syndicated Linux News 0 08-11-2009 06:00 AM
LXer: Malware on GNU/Linux LXer Syndicated Linux News 0 07-15-2008 05:20 AM


All times are GMT -5. The time now is 09:08 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration