Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hi guys, I'm not brand spanking new but still a booby in gnu/Linux. before switching, on windows I used several malware scanners and they used to always pick up addware. I had no idea how managed to find its way onto my system, but I wanted to know if this stuff gets on Linux systems too?
Click here to see the post LQ members have rated as the most helpful post in this thread.
Adware can get on Linux, but it generally takes more deliberate action by the user to do so on most distributions. It's also easier to find and remove if that adware didn't get root permissions.
There are some comercial antivirus programs on Linux (Avast, Kaspersky, AVG, etc.) and open source ClamAV (I don't known if it detect adware too), but really, if you use only applications from official repositories and open source code (or proprietary drivers from nVidia or ATI) from trusted sites, there should not be any malware inside them.
And if you install something from untrusted source, then I believe no antivirus can secure you totally, especially when you give him root access (which is usually done during installation).
other that some tracking cookies i have never found any on my systems . And it has been many years .
now there are a few BUT YOU have to install them .
then there a few that ONLY run in the ram so to uninstall you reboot .
A apple mac virus was found to do this - it did not really install but ran in the ram ,and was deleted on the next reboot .
i think at last count there was about 12 or so linux viruses
now compare that to the ? what ? 750,000 to 1.5 million windows viruses
ClamAV is perfectly able to detect malware. It is my recommended antivirus, as it offers better integration with the system and is free software.
You must realize that, unlike with other Operating Systems, most software installed under Linux will be obtained from authenticated and trusted sources. A typical attack vector for malware in other proprietary systems is the installation of pirated or distrusted software, and this increases the chances of being attacked by some kind of trouble. As long as you obtain your apps from official places (original source code, the official repositories) you are 99.5% safe.
I had no idea how managed to find its way onto my system
Contamination can for example happen through adware / spyware / malware piggy-backing installation of other applications (recently: download-dot-com inserting adware / malware in Nmap and other downloads), drive-by targeted exploitation of vulnerabilities (search for "Dancho Danchev" and web malware exploitation kits like Eleonore and Zeus) and tight integration between applications and the OS (like MsIE).
Quote:
Originally Posted by Knightron
, but I wanted to know if this stuff gets on Linux systems too?
GNU/Linux as an OS is architecturally different. Separation of privileges for instance, to some degree, ensures unprivileged users are not able to contaminate a system on their own. Open Source Software is philosophically different as usage is free of cost and the source can be scrutinized by all. This does not mean that Linux is free from malicious activity (crackers piggy-backing spam-sending software, FTP or IRC daemons or botnet agents on a machine, web farms running Linux were abused to target Microsoft-running users) but when you install Linux your OS is complete and hits the ground running: there's no mandatory registration process to complete. There's no party checking if you run your kernel on a UNI or SMP machine (per processor licensing). There's no party checking if you run multiple instances of the same distribution (per seat licensing). There's no party begging you to "upgrade" the procutils package to the "pro" version (nagware). When you run say IceWM it doesn't show any adverts (adware).
Linux does not suffer from the excesses that are common in the commercial marketplace, especially when we're talking about the shady tactics of semi-legally operating bottom feeders, or in short: there's no money to be made from "infecting" Linux users in the adware sense, there is no commercial market that targets Linux users in this way.
I've run Linux for over some time now. I have encountered (or have been given) virus-infected files (very rare), trojans, malicious LKMs and whatever else. And at times I am not (or can not be) that careful about the places I visit. I am careful about what I install and from where though. My distribution's repositories carry GnuPG-signed packages, it has package content verification, I can diff two source packages to check for changes or ask a developer for confirmation and anything else gets scanned and run in a virtualization guest.
thanks for the very informative posts guys. is it possible to get any type of malware by just browsing the internet? ill add that I use noscript on Firefox too
is it possible to get any type of malware by just browsing the internet? ill add that I use noscript on Firefox too
It is possible. There are some web sites that will try to exploit known vulnerabilities in your browser in order to execute malicious programs on your computer, steal your bookmarks, sniff your passwords, etc. If your browser is outdated, it will likely have known unfixed vulnerabilities that could be used against you.
Luckily, if you are using the browser provided by your distribution and update often your system, this is less a problem, but it still exists. You have to be careful with what you do in the Internet. That said, many Firefox vulnerabilities I have seen applied to Windows only.
NoScript is an amazing piece of software. If you are interested, you can try Request Policy too. Request Policy is an extension designed to protect your browser from cross-site requests and other harmful redirections, while NoScript protects you from many ways of code execution.
Hi thanks for that blackrider. I'm still new to security and all i did in the past was run a virus scanner every now and then. I'm trying to learn a little more so i can secure my computer properly. I just attempted to install that extension after educating my self on cross sight requests. The extension failed, can anyone verify the extensions compatibility with ice weasel?
Could you please post some examples / past known cases that apply to GNU/Linux please?
Quote:
Originally Posted by BlackRider
There are some web sites that will try to exploit known vulnerabilities in your browser in order to execute malicious programs on your computer, steal your bookmarks, sniff your passwords, etc.
Same goes for you: please post examples that apply to GNU/Linux.
Other than browser exploits and tracking cookies, which can be a problem on any platform, any adware that contains executable code is likely to be written in code that works only on Windows.
I've followed alt.comp.virus for years because I find this stuff interesting and have not yet seen anything regarding live malware targeting Linux in the wild.
Still, it's wise to surf the net with reasonable paranoia, because there are folks out there who want to get you.
Same goes for you: please post examples that apply to GNU/Linux.
The first example I think of is the BEAST attack, which could be performed against any mayor web browser in order to break SSL/TLS encryption with a chosen plaintext attack.
I have not investigated it very deeply, but I think it depends on you running malicious JavaScript code. Ok, the attack mechanism is clumsy and can be avoided by a healthy paranoid person, but it exists.
There are some vulnerabilities around. CVE-2011-3660 is marked as having and Impact Subscore of 10, for example. You can have more fun here:
The first example I think of is the BEAST attack, which could be performed against any mayor web browser in order to break SSL/TLS encryption with a chosen plaintext attack.
IIGC Opera patched version 10.x in 2011 for it and it seems Chrome did too.
Quote:
Originally Posted by BlackRider
I have not investigated it very deeply, but I think it depends on you running malicious JavaScript code. Ok, the attack mechanism is clumsy and can be avoided by a healthy paranoid person, but it exists.
You need:
- a known user and target the browser to load the Javascript,
- a MitM position to sniff and
- a web server you control.
To me that spells PoC, not clear and present threat. (Let alone it adheres to the concept of "adware" this thread seems to be about.)
Quote:
Originally Posted by BlackRider
There are some vulnerabilities around.
Vulns, around they always will be, yes.
Quote:
Originally Posted by BlackRider
You can have more fun here:
No thanks. You confirmed it is possible to "get any type of malware by just browsing the internet" so you must know. I don't. So that's why I'm asking you for examples.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.