LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-07-2013, 08:34 PM   #16
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286

Just have a look at this thread here. It has a very useful discussion.

In short, no operating system is 100% secure from viruses or maleware, but Linux is little bit, because most of the modifications or executions on OS can be done by root/super-user only and you by default gets no root privileges.
 
Old 03-08-2013, 10:22 AM   #17
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
Quote:
Originally Posted by metallica1973 View Post
I agree with Jefro in that nothing is bullet proof. I work in the vulnerability assessment/penetration testing industry and can tell you that there are software vulnerabilities in just about everything out there, more often on the Microsoft side of town given its popularity. We pull most of our vulnerabilities from:

http://nvd.nist.gov/

I am willing to bet that with just 5 minutes of browsing around the NVD NIST site, it will change your way of thinking. Rigor also has a very valid point in the Android popularity boom putting an exponential amount of additional linux OS out in the wild.
Actually, it shows pretty good. Last 3 months - no virus at all. Over the entire database, 37

Vulnerabilities, yes - causing system crash/Denial of service. and two of those has already been fixed.

The entire database, shows only 110. So if you are running a recent kernel (3.7.9 or better) those also disappear.

Now there can still be some undocumented problems - most in services... don't run services, then not a problem. And typical desktops wouldn't run a service.
 
Old 03-08-2013, 11:26 AM   #18
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886
Quote:
Originally Posted by PTrenholme View Post
Microsoft products were developed from DOS, an OS designed to be used by a single user on a system with no network connectivity. So "security" was not a consideration in that base OS, and, as the hardware and networking became available, Microsoft worked harder to maintain "backward compatibility" then they did to improve security. (That was actually a very good strategy for MS to follow at that time.)
Since Windows NT this is not true anymore, those times are long gone. A modern Windows version has as much in common with DOS as Linux has with the very first version of Unix.
A properly set up modern Windows system can be as secure as a properly setup Linux system nowadays. I had no virus on my Windows installs for years, just follow basic rules and use your brain and usually you are fine.
Besides the underlying base of the OS there are some other things to consider that lead to less malware on Linux systems. In contrary to Windows systems most Linux distributions use repositories to install software from, read: trusted and tested sources. Those that do not use repositories usually get their software directly from the developers (like in Slackware's case, for example). I deal with many Windows users and usually they install their software from the source that has the highest page rank on Google, not even looking if the site may be suspicious. It seems that Linux users in general (of course there are as always exceptions) are better educated in basic security than Windows users.
Also, nowadays malware doesn't target OSes directly anymore, they tend to use common and known as insecure entry points to your system, like security holes in browser plugins (the Java plugin from Oracle is infamous for this, for example).

Quote:
I use an outdated operating system, fedora 8, and find it more stable and easy to use than many of the newer versions. As others have pointed out, there are many servers out there that are running outdated UNIX/Linux systems, and yet they can stay up for quite a long time.......of course, they could be secured better, but that is what they make patches, etc for.
Only that Fedora 8 has not seen any patch for years, so systems running that are wide open to any script kiddie out there.

Quote:
Besides, you are using Windows XP, so outdated that microslop doesn't support it any more.
Windows XP does get security patches until 8th of April 2014, so it is still supported.
Quote:
**Indeed windows has permissions and "groups", but not as complex.
In fact they are much more fine grained than Linux/Unix users and groups, the problem is that most people in the consumer environment just don't use them.
Quote:
When set up its not per-configred to allow Administrator use all the time.
Modern Windows systems use a sudo like system, you aren't Administrator by default.

In short, any OS is as secure as the administrator (which in the consumer area is the user himself) sets it up, security is not something that is just there, it is a process.
As long as users open mail attachments from unknown sources, click on links in spam mails or just click on OK when warning dialogs appear without even reading them it doesn't really matter which OS you are using.
 
1 members found this post helpful.
Old 03-09-2013, 06:35 AM   #19
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
Quote:
Originally Posted by TobiSGD View Post
Since Windows NT this is not true anymore, those times are long gone. A modern Windows version has as much in common with DOS as Linux has with the very first version of Unix.
A properly set up modern Windows system can be as secure as a properly setup Linux system nowadays. I had no virus on my Windows installs for years, just follow basic rules and use your brain and usually you are fine.
Is that why a simple font file is or could be a vulnerability in Windows?

No - Windows has too much crap piled into system space to be secure.
Quote:
Besides the underlying base of the OS there are some other things to consider that lead to less malware on Linux systems. In contrary to Windows systems most Linux distributions use repositories to install software from, read: trusted and tested sources. Those that do not use repositories usually get their software directly from the developers (like in Slackware's case, for example). I deal with many Windows users and usually they install their software from the source that has the highest page rank on Google, not even looking if the site may be suspicious. It seems that Linux users in general (of course there are as always exceptions) are better educated in basic security than Windows users.
Also, nowadays malware doesn't target OSes directly anymore, they tend to use common and known as insecure entry points to your system, like security holes in browser plugins (the Java plugin from Oracle is infamous for this, for example).

Only that Fedora 8 has not seen any patch for years, so systems running that are wide open to any script kiddie out there.
Depends on what you are doing. Services can patched externally and/or replaced by the administrator. So Fedora 8 would/could be just as secure as any other linux system - in fact, it is more secure than Fedora 18 - which has a builtin denial of service that can't easily be fixed.
Quote:

Windows XP does get security patches until 8th of April 2014, so it is still supported.

In fact they are much more fine grained than Linux/Unix users and groups, the problem is that most people in the consumer environment just don't use them.
Modern Windows systems use a sudo like system, you aren't Administrator by default.

In short, any OS is as secure as the administrator (which in the consumer area is the user himself) sets it up, security is not something that is just there, it is a process.
As long as users open mail attachments from unknown sources, click on links in spam mails or just click on OK when warning dialogs appear without even reading them it doesn't really matter which OS you are using.
That assumes the mail reader/browser is vulnerable or automatically gives execute privilege to files downloaded.

The old pine mail reader was quite secure... and still is.
 
Old 03-09-2013, 08:38 AM   #20
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by TobiSGD View Post
Only that Fedora 8 has not seen any patch for years, so systems running that are wide open to any script kiddie out there.
Actually I can still get and download updates for Fedora 8. Often times it will show a message saying that there are more packages and updates to be installed on the system. It also has SElinux which I keep running.
 
Old 03-09-2013, 10:17 AM   #21
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886
Quote:
Originally Posted by Nbiser View Post
Actually I can still get and download updates for Fedora 8. Often times it will show a message saying that there are more packages and updates to be installed on the system. It also has SElinux which I keep running.
If you do a fresh install of fedora 8 you will get patches, to that point where support for Fedora 8 ended, which means there should be no patch after 2009-01-07 and all security wholes that where discovered after that are still unfixed, if you, as jpollard mentioned, don't generate your own patches.

Quote:
Originally Posted by jpollard
Is that why a simple font file is or could be a vulnerability in Windows?
Do you assume that there are no vulnerabilities in Linux that can be caused by simple file types? No OS is 100% secure, neither Windows nor Linux nor any other OS.

Quote:
Depends on what you are doing. Services can patched externally and/or replaced by the administrator. So Fedora 8 would/could be just as secure as any other linux system
True, but I doubt that many people really do that, so IMHO most Fedora 8 (or other unsupported versions of any distro) servers out there are potentially compromised.
 
Old 03-09-2013, 10:18 AM   #22
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by Nbiser View Post
Actually I can still get and download updates for Fedora 8.
No you can't. The Fedora 8 release is no longer supported or maintained.
It does not receive bug fixes or security updates.
Fedora does not recommend using obsolete releases.

There an only be two reasons for running F8: either 0) you (have been forced to) run it in a professional setting as admin for supporting legacy applications or 1) you have an alternative reason that does not have any bearing on the fact you're still running an obsolete release. In the first case you have my sympathy, in the latter case you must install F18 or move to a Linux distro with a more agreeable release scheme RSN (as in Yesterday). Continuing to run F8 practically speaking means you are a risk, a liability, for the rest of the 'net and makes me question any response you post in any security or security-related threads.
 
Old 03-09-2013, 11:58 AM   #23
Mr. Alex
Senior Member
 
Registered: May 2010
Distribution: No more Linux. Done with it.
Posts: 1,238

Rep: Reputation: Disabled
Quote:
why linux OS is so secure than other in regard to anti-virus!
Because you need to find a virus, download it, compile and install. Unlikely you will do that accidentally.

Last edited by Mr. Alex; 03-10-2013 at 06:23 AM.
 
Old 03-09-2013, 06:59 PM   #24
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by unSpawn View Post
No you can't. The Fedora 8 release is no longer supported or maintained.
It does not receive bug fixes or security updates.
Fedora does not recommend using obsolete releases.

There an only be two reasons for running F8: either 0) you (have been forced to) run it in a professional setting as admin for supporting legacy applications or 1) you have an alternative reason that does not have any bearing on the fact you're still running an obsolete release. In the first case you have my sympathy, in the latter case you must install F18 or move to a Linux distro with a more agreeable release scheme RSN (as in Yesterday). Continuing to run F8 practically speaking means you are a risk, a liability, for the rest of the 'net and makes me question any response you post in any security or security-related threads.
I stand corrected. I have never really looked into the packages that it tells me are available for download because untill this week I have had dial-up. It doesn't really matter though. most of the time my F8 machine is off-line. (I also use F17 and F18).

Last edited by Nbiser; 03-09-2013 at 07:09 PM.
 
Old 03-09-2013, 07:41 PM   #25
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by Nbiser View Post
I also use F17 and F18
Well that's a relief...
 
Old 03-11-2013, 09:03 AM   #26
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by unSpawn View Post
Well that's a relief...
Yes, for the most part, all of my operating systems are new. The only old ones that I use are Fedora 8 (doesn't get used too much) Knoppix live cds (once again, they don't get used too much), and helix. My OpenSuse, Mandriva, Ubuntu, Fedora, debian, linux mint, and snowlinux are all new or almost new.
 
Old 03-11-2013, 01:40 PM   #27
codergeek
Member
 
Registered: Dec 2012
Posts: 52

Rep: Reputation: 7
My linux OS is also current. However, I said earlier in the thread I've been using linux for six years and sometimes people, not all, think I've been using the same distro and kernel from six years ago. No, it means I started using linux six years ago and continue on with linux with upgrades and newer installs.

I do agree running an old distro on a public server is not wise and they should be upgraded ASAP.

Last edited by codergeek; 03-11-2013 at 02:29 PM.
 
Old 03-11-2013, 03:15 PM   #28
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,937

Rep: Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619
The only good way to run an out of date OS is to run it air gapped. I mean you can run all the automation systems you want as long as you don't connect it to any network where some hacker may have access. I have been to many companies where they run some very old out of date software and OS's. I can only point out so many issues. One is the false issue with linux being somehow more secure. Firewalls are only a small part of best practices. Antivirus is only a small part of best practices. Best practices are as many things as you can to prevent data issues. One of the most important may be to keep internet connected systems as up to date as possible. Reduce or eliminate any external issues by use of firewalls, I mean layer 7+ firewalls, reduce ALL users to minimum permissions. Find any un-needed services and stop them. The list goes on. It took linux users forever to accept that running as root is a problem.

No matter what you call it, the issue is more than a virus. It is all data security.
 
1 members found this post helpful.
Old 03-11-2013, 03:45 PM   #29
codergeek
Member
 
Registered: Dec 2012
Posts: 52

Rep: Reputation: 7
I'm no security expert but I know enough to keep my OS as secure as possible. OF course that doesn't guarantee I will never be hacked. People should be proactive in security and learn as much as possible. If not, the old cliche applieds PEBCAC

Problem
Exists
Between
Chair
And
Computer

A little techie humor

Last edited by codergeek; 03-11-2013 at 03:48 PM.
 
Old 03-11-2013, 05:58 PM   #30
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
Always hear that one as "PEBCAK" - "...Between Chair And Keyboard".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Anti-spam anti-virus dovecot + postfix mail system xuta Linux - Server 7 06-08-2012 05:31 PM
dual boot without anti-virus, virus now in linux gardner Linux - Security 7 03-09-2009 01:01 PM
Anti Virus/ Anti Spam for Linux? Sp@rticus Linux - Software 3 11-18-2005 02:17 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
Creating an ultimate anti-virus and anti-spam email gateway markcc Linux - Networking 2 10-08-2003 03:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration