LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-11-2016, 09:09 AM   #16
JeremyBoden
Senior Member
 
Registered: Nov 2011
Distribution: Debian
Posts: 1,109

Rep: Reputation: 226Reputation: 226Reputation: 226

Not keen on running Windows style anti-virus programs.
I notice that nearly all the anti-virus have to be downloaded & installed from insecure web sites.
 
Old 10-11-2016, 09:18 AM   #17
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,835
Blog Entries: 1

Rep: Reputation: 561Reputation: 561Reputation: 561Reputation: 561Reputation: 561Reputation: 561
I just re-install with a minimum install every 3 to 6 months. With various bootable usb sticks to accomplish that task as well as trying out other distros and OSes. But I mostly live on usb booted OSes. When I travel I use a different usb install. The small drive that comes with the low end computers these days is mostly a minimal distro that barely has networking and a bootloader. Which I boot when I forget, or I need to fsck the previously booted distro, or I need to update the bootloader. The rest of that internal drive I use for swap or for screen capture when write speed matters more than convenience.
 
Old 10-11-2016, 10:12 AM   #18
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Whatever that means. fewe{r,st} installed packages = fewer 'attack vectors' = fewer logs? I suppose there's an argument in there somewhere.

so...Without quoting 'what' you 'read' on "a website", we can only guess.
And I hate guessing. Linux doesn't guess.

Link please. Many eyes makes all bugs shallow.

Reference:
http://web.mit.edu/tweilu/www/eff-ss...reatmodel.html
About the logs like you said too, I'm just guessing but seems like that would be the case.. http://www.infoworld.com/article/287...youll-get.html There you go he didn't use the word "logs" like I thought, but he said events which I assume is the same thing

Last edited by linux4evr5581; 10-11-2016 at 10:23 AM.
 
Old 10-11-2016, 10:17 AM   #19
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by dave@burn-it.co.uk View Post
Most nasties nowadays infect the Browser and that is going to happen whatever the OS behind it.
An unprotected Linux system is more dangerous than a protected Windows system and most people do not run any protection at all under Linux.

It doesn't matter who you are, you will be open to disease if you perform unprotected sex.
I have to disagree since all of Linux's software comes from trusted repositories, and no malware can infect every distribution since their all structured differently. Not to mention that its not really the target of main stream malware...
EDIT: I apologize you said "unprotected Linux system" that idk

Last edited by linux4evr5581; 10-11-2016 at 10:21 AM.
 
Old 10-11-2016, 10:30 AM   #20
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by JeremyBoden View Post
So how do you protect the average Linux desktop other than by not running a browser?
You can make a user account for every service that you use.
 
Old 10-11-2016, 10:59 AM   #21
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 233

Rep: Reputation: 88
You can get real time scanners that work under Linux.


I have to beg to differ about trusted repositories when a large number of downloads are distributed through peer networks where it would not be impossible to infect the code.

In any case where the software comes from is irrelevant when the danger is in its use. As I said, the vast majority of malware is passed though browsers and for low level code attacks the OS doesn't matter.

Last edited by dave@burn-it.co.uk; 10-11-2016 at 11:17 AM.
 
Old 10-11-2016, 11:52 AM   #22
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,097
Blog Entries: 11

Rep: Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215Reputation: 2215
Quote:
Originally Posted by linux4evr5581 View Post
About the logs like you said too, I'm just guessing but seems like that would be the case.. http://www.infoworld.com/article/287...youll-get.html There you go he didn't use the word "logs" like I thought, but he said events which I assume is the same thing
I too would equate "events" with logs.

"and monitor and alert on unexpected member additions" - Know who is on your little slice of the network.
The first rule is "Establish persistence" and frequently new users on questionable systems may have far too many privileges.
So, new "users" is a valid metric IMO.

Good Luck.
 
1 members found this post helpful.
Old 10-11-2016, 12:53 PM   #23
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by dave@burn-it.co.uk View Post
You can get real time scanners that work under Linux.


I have to beg to differ about trusted repositories when a large number of downloads are distributed through peer networks where it would not be impossible to infect the code.

In any case where the software comes from is irrelevant when the danger is in its use. As I said, the vast majority of malware is passed though browsers and for low level code attacks the OS doesn't matter.
That's why I only download from mirrors or main. But with reguards to the browser issue i'm wondering if that can be completely negated by using a terminal based browser such as Lynx or Links, since they run without pop-ups, java and flash..

Quote:
Originally Posted by Habitual View Post
I too would equate "events" with logs.

"and monitor and alert on unexpected member additions" - Know who is on your little slice of the network.
The first rule is "Establish persistence" and frequently new users on questionable systems may have far too many privileges.
So, new "users" is a valid metric IMO.

Good Luck.
Thanks for the feedback!

Last edited by linux4evr5581; 10-11-2016 at 01:03 PM.
 
Old 10-11-2016, 12:57 PM   #24
JeremyBoden
Senior Member
 
Registered: Nov 2011
Distribution: Debian
Posts: 1,109

Rep: Reputation: 226Reputation: 226Reputation: 226
I understand Adobe are planning to upgrade flash to the same level as the massively secure Windows version.
 
Old 10-11-2016, 01:18 PM   #25
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 233

Rep: Reputation: 88
Quote:
But with reguards to the browser issue i'm wondering if that can be completely negated by using a terminal based browser such as Lynx or Links, since they run without pop-ups, java and flash..
That may eliminate some of the sources, but anything returned from the site could be infected.
You (and I) check thoroughly to make sure that programs and so on that we ask for are malware free, but we usually forget that the wrapping (ie screen display code) can also be corrupted with malware that will infect our machines.
That is why a good malware scanner needs to be running to detect any abnormal activity.

I also remove ALL temporary files and clear all browser caches at the end of every session.
 
Old 10-11-2016, 01:29 PM   #26
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by dave@burn-it.co.uk View Post
That may eliminate some of the sources, but anything returned from the site could be infected.
You (and I) check thoroughly to make sure that programs and so on that we ask for are malware free, but we usually forget that the wrapping (ie screen display code) can also be corrupted with malware that will infect our machines.
That is why a good malware scanner needs to be running to detect any abnormal activity.

I also remove ALL temporary files and clear all browser caches at the end of every session.
Not a programmer so cant comet too much on the screen display code, I knew that you can do buffer overflows (or something) on certain text rendering software that normal browsers use. But since with text based browsers I don't think they use such software (just speculation), so I was hoping that was not possible.. As with malware entering your machine through the cloud, something someone said, and what I thought was very interesting was to use Clamav as a reverse proxy..

Last edited by linux4evr5581; 10-11-2016 at 05:13 PM.
 
Old 10-11-2016, 01:47 PM   #27
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 233

Rep: Reputation: 88
You don't even need screen disply code.
Even with a text based internet access there are codes that you can embed in text strings that hide the text. So you could get a text reply from a site that perhaps took just a little longer than you expected - just seconds-. You see a reasonable reply, but don't realise that at the end or even in the middle there is malware code that has been received but not displayed.

I never store any of my data on "the cloud" if I can at all avoid it. Any data not under your direct control is vulnerable no matter how much other people say.
Banks' safe boxes get robbed and they are supposedly experienced in securing stuff. How often do you hear that some online company's security has been breached.
 
Old 10-11-2016, 01:49 PM   #28
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,065

Rep: Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470Reputation: 2470
Quote:
I have to beg to differ about trusted repositories when a large number of downloads are distributed through peer networks where it would not be impossible to infect the code.
that is mostly BS ( south end of a north facing cow )

you would need to change the signature keys for the repos

yes it "can" be done( theoretically) but not easily


"dave@burn-it.co.uk"
i hope you have GREAT spam filters on that email address
this forum is crawled by bots all the time

Last edited by John VV; 10-11-2016 at 01:51 PM.
 
Old 10-11-2016, 02:53 PM   #29
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by dave@burn-it.co.uk View Post
You don't even need screen disply code.
Even with a text based internet access there are codes that you can embed in text strings that hide the text. So you could get a text reply from a site that perhaps took just a little longer than you expected - just seconds-. You see a reasonable reply, but don't realise that at the end or even in the middle there is malware code that has been received but not displayed.

I never store any of my data on "the cloud" if I can at all avoid it. Any data not under your direct control is vulnerable no matter how much other people say.
Banks' safe boxes get robbed and they are supposedly experienced in securing stuff. How often do you hear that some online company's security has been breached.
I suppose you could find said code like that using inspect element, or prevent it using a script block software.. But I agree software should have the five freedoms, or only use such software in a VM so only virtual freedoms can be harmed lol.

Last edited by linux4evr5581; 10-11-2016 at 03:01 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to move the needle in open source LXer Syndicated Linux News 0 10-07-2015 06:22 PM
Anti-censorship program Haystack withdrawn Jeebizz Linux - News 1 09-15-2010 04:20 AM
Hello World! from Haystack Haystack LinuxQuestions.org Member Intro 2 11-13-2005 05:08 PM
needle printer, need help blackman890 Mandriva 2 11-25-2004 11:03 AM
9 needle printer mtb Linux - Hardware 3 03-15-2003 07:05 AM


All times are GMT -5. The time now is 05:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration