viruses/malware etc: Is my Debian GNU/Linux system protected?
Linux - Laptop and NetbookHaving a problem installing or configuring Linux on your laptop? Need help running Linux on your netbook? This forum is for you. This forum is for any topics relating to Linux and either traditional laptops or netbooks (such as the Asus EEE PC, Everex CloudBook or MSI Wind).
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, of course, Microsoft's continued deployment of such an intrinsically-secure system in a completely non-secured manner is, in and of itself, something that is absolutely and completely beyond my comprehension. (Maybe Peter Norton has some really-bad blackmail karma on Gates and/or Ballmer? Oh well, let's not go there ...)
To me, the most serious problem with "anti-virus" is, aside from the mis-placed biologic metaphor, that it wrongly suggests that you can accomplish system security by means of a product purchase ... which is fundamentally a passive act.
Maintaining a system is not a particularly difficult thing to do, as long as you have not been lulled into a position of perceived "security" that is, in fact, deceptive. The inexcusable part of the whole "anti-virus" thing is that it ... for obviously considerable profit ... willfully does precisely that.
It doesn't really matter what operating-system we are talking about: "the beast is the beast is the beast."
Last edited by sundialsvcs; 09-05-2012 at 03:11 PM.
As I see it, the major security threat I have to face everyday I use my computer is the Web-Browser. The latter is, as far as I can understand and imagine, an extremely complex piece of software made of several parts that work together to give a dynamic and interactive web experience. Interactivity and dynamic web-content require one to use custom code, always as far as I can reason and imagine. Custom code, as its name clearly indicates can be maliciously used as a vehicle of attack on any operating system once it is executed on the host machine. The latter, obviously, does not depend on the type of operating system one uses.
The above is why I am preoccupied and there seems to be a very logical reason for my worries. The thread on forums.debian.net I referred to earlier in this thread, says that any executables produced by malicious code, can be made to run from the /home/user directory, which as far as I can remember, allows the execution of executable code. Using /tmp for the temporary storage of executables also suffers from the same vulnerability.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by edbarx
As I see it, the major security threat I have to face everyday I use my computer is the Web-Browser. The latter is, as far as I can understand and imagine, an extremely complex piece of software made of several parts that work together to give a dynamic and interactive web experience. Interactivity and dynamic web-content require one to use custom code, always as far as I can reason and imagine. Custom code, as its name clearly indicates can be maliciously used as a vehicle of attack any operating system once it is executed on the host machine. The latter, obviously, does not depend on the type of operating system one uses.
As I see it the issue is the browsing practises of the user. If you are connected to the net you are at risk it is as simple as that, if you visit suspicious sites you are more likely to get malicious code infecting your system. So it boils down to you the user and what you do with your machine. Yes there is cross platform malware, if it really is of concern to you then you the user needs to either change your browsing practises, install something that will actually check for the malware you are concerned about, or forget about it.
Quote:
Originally Posted by edbarx
The above is why I am preoccupied and there seems to be a very logical reason for my worries. The thread on forums.debian.net I referred to earlier in this thread, says that any executables produced by malicious code, can be made to run from the /home/user directory, which as far as I can remember, allows the execution of executable code. Using /tmp for the temporary storage of executables also suffers from the same vulnerability.
The logic you are using to base your worries on is developed, and you hint at this in a previous thread, from using windows and dealing with infections in it. Linux is very different and you cannot think of Linux in the same way you think of Windows. Keep your system uo to to date, including using the latest browser you can or at least Debian's excellent security patches on older versions, adhere to safe browsing practises, don't download code from sources you do not trust etc etc etc. Where did you mention forums.debian.net in this thread? It is probably best if yoy keep the one issue to one thread instead of having 2 threads dealing with the same issue.
I am basing my arguments on the way a GNU/Linux operating system works, at least, because Windows is not known to have /home/user or /tmp. Moreover, I have been practically a full time GNU/Linux user since the Summer 2007 and before.
Before that I tried knoppix 3.7 and then being very interested in it, I installed it permanently on my machine. Being unable to handle knoppix as I wished, I dumped Linux altogether for a whole year. In the meantime, I did a lot of reading about Unix and Linux, especially the CLI. The fact that after installing knoppix 3.7 permanently on my machine the desktop didn't work and the CLI could work, made me realise that desktops and window managers were just a superstructure on the base system. I also appreciated and understood that Linux was modular and yearned to learn how the various parts worked together. In particular, I wanted to know how Linux booted, what the kernel did during its initialisation phase, why there was an initrd, what was the role of init and how to read and understand the manpages.
In short, I was eager to understand the system to empower myself with the ability of modifying the it as I wished.
As I understand it, anti-virus software for GNU/Linux is mainly aimed at scanning for windows viruses - presumably on servers which may be hosting files/mail/whatever for windows clients...?
For a desktop user is it worth it? I would say not, but I suppose it depends on you and what you do with your system.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by edbarx
I am basing my arguments on the way a GNU/Linux operating system works, at least, because Windows is not known to have /home/user or /tmp. Moreover, I have been practically a full time GNU/Linux user since the Summer 2007 and before.
You posted this from a Windows 7 machine, furthermore every one of your posts in this thread is done on a Windows 7 machine. Windows actually has a user files and settings folder in which things like MyDocuments (now Documents library) etc are located. I used to always make that my D:\ drive.
Quote:
Originally Posted by edbarx
In short, I was eager to understand the system to empower myself with the ability of modifying the it as I wished.
Modifying? or adding things that you don't really need? Modifying is fine and in Linux is encouraged, adding a myriad of things that you don't really need (virus scanners etc) just adds more process' and takes up more disc space and RAM. By all means empower yourself and try things out but understand what you are doing and see the results for yourself.
As I understand it, anti-virus software for GNU/Linux is mainly aimed at scanning for windows viruses - presumably on servers which may be hosting files/mail/whatever for windows clients...?
And this, too, is a Faustian quest. You can't recognize every rogue that's trying to get in through the front gate, and you can't keep the rogue from climbing over the wall. But the Windows machine can be "hardened" so as to refuse the rogue's instructions.
In fact, this is particularly the case with Windows, which almost-constantly refers to "policies" and which in general provides a policy for just about everything ... even though almost none of this is documented for anyone except MSDN folks, and even though the policy-editor tool is omitted (or provided without its online documentation!) on some designed-to-be-vulnerable editions.
@OP: this thread is temporarily closed while it's being moved to the Linux - Laptop and Netbook forum for merge with your previous same topic thread. While you are free to create new threads it is more efficient to keep posts on the same topic together. I also would like to add, since you claimed to be not a new Linux user, that actually reading the links you've been given previously could help gain a better understanding of the security aspects of using Linux software.
Also be aware that personal observations are only meaningful in the context of that respective users system(s). They are no measure for the amount of (ab)use inflicted slash seen on the 'net and people should not mistake personal observations for security best practices to follow.
(This post was sponsored by the numbers 3, 24, 19, 7, 31, 14 and 87. The numbers 42, 4 and 18 were found behind the shed trying to smoke something while the numbers 8, 9, 10 and 11 tried to point at something else.)
You posted this from a Windows 7 machine, furthermore every one of your posts in this thread is done on a Windows 7 machine. Windows actually has a user files and settings folder in which things like MyDocuments (now Documents library) etc are located. I used to always make that my D:\ drive.
I was posting from a public library where I have no authority to decide which operating system they use. At home, it is a totally different story because I have the freedom to decide which operating system to use.
I found the approach from Debian wifi wiki and enriched the procedure after reading the manpage for ifup to enable myself to use more than one wifi point by using several interfaces files. I also created a script to bypass the backlight bug and another script to start my wifi without root privileges. I saved this script in /sbin and used the same file permissions and ownership as the executables found in it. I used /sbin because I wanted more stringent file permissions than /home. Moreover, I modified the sudoers file to enable an unprivileged user to run the script but without the vulnerability of having a readable and/or editable custom script.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
edbarx, forgive me please, yu say one thing and then seem to do something completely different.
Quote:
Originally Posted by edbarx
Moreover, I modified the sudoers file to enable an unprivileged user to run the script but without the vulnerability of having a readable and/or editable custom script.
Why did you edit a sudoers file in Debian? either use the root terminal (not always advisable) or use the regular terminal and type in su.
Please read about su, sudo, and Debian to find out why Debian has not gone the Ubuntu way and used sudo as the default method to elevate user privilidges.
There is a difference in using sudo the "Ubuntu way" or using it the way it was intended: giving single users well defined access to run scripts as a different user. sudo used in that way is not a security risk (if you do it right), in opposition of the "Ubuntu way".
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I feel I ought to point out that there is at least one Debian installer which gives the option of not allowing root login in the "Ubuntu way". It's not set by default but it is there and I don't recall any frightening warnings.
edbarx, forgive me please, yu say one thing and then seem to do something completely different.
Why did you edit a sudoers file in Debian? either use the root terminal (not always advisable) or use the regular terminal and type in su.
Please read about su, sudo, and Debian to find out why Debian has not gone the Ubuntu way and used sudo as the default method to elevate user privilidges.
As hinted by TobiSGD, I edited the sudoers files to allow ONLY the custom script to be run by a non-privileged user. I also saved the custom script in /sbin and changed its permissions and ownership to match those of the executables found there. This to make sure that only root can run the script by invoking its name without sudo. The script does not take parameters and if any are passed, they are ignored. Besides that, the script owned by root and can only be viewed and edited by root.
As Debian recommends, I use su and I don't do root logins. I use vim whenever modifying a configuration file requires me to take root privileges.
Finally, I installed no-script to aid my security on the web. Before that I only had ad-block plus, privoxy and arno-iptables-firewall.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.