Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I do not know any windows users that say that linux is not secure. most windows users i know don't even know what linux is. i know people that say linux sucks but 90% of them have never used linux and once they do they change there mind. windows just sees stuff that linux or bsd does and tries to copy it but they always do a shit jobs of it.
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).
A good practice can protect Linux System very well, but there is quite many way to compromise Linux OSes as well. It may not the fault of Linux but it nobody know. In Ms. Windows there is so many existing 'all in 1' tools to secure, monitor the entire OSes, in Linux there is some tools but decentralize and hard to use. The worst thing is, a lot of people don't know it, included myself.
*please don't think I'm putting fire, 99.9% of my time in Linux desktop environment and I found that it's hard for me to maintain the good practices. Unless I want to sacrify my time to build many thing from the source.
At the end, Windows sucks, Linux sucks too, probably apple become better choice.
*Suddent I have some ideal, If there is some plugin for package manager or source code analysis tools to help us analyse the source code (whether got any poison code or virus component) or some rpm/deb packages before we install it that will be very good for Linux administrators.
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).
A good practice can protect Linux System very well, but there is quite many way to compromise Linux OSes as well. It may not the fault of Linux but it nobody know. In Ms. Windows there is so many existing 'all in 1' tools to secure, monitor the entire OSes, in Linux there is some tools but decentralize and hard to use. The worst thing is, a lot of people don't know it, included myself.
*please don't think I'm putting fire, 99.9% of my time in Linux desktop environment and I found that it's hard for me to maintain the good practices. Unless I want to sacrify my time to build many thing from the source.
At the end, Windows sucks, Linux sucks too, probably apple become better choice.
*Suddent I have some ideal, If there is some plugin for package manager or source code analysis tools to help us analyse the source code (whether got any poison code or virus component) or some rpm/deb packages before we install it that will be very good for Linux administrators.
Whats your opinion everybody?
Regards,
Ks
Linux is one of the most secure by default. If you use fedora or suse then you should be pretty good to go.
Windows is no where near secure. Vista is supposed to be "More Secure" but it still is not. Same with mac. Here is an article some may have missed about mac. http://www.zdnet.com.au/news/securit...9241748,00.htm
Linux is not the most secure thing on the planet but it is secure when compared to windows or OSX.
FWIW, I hear a lot of Windows users all the time saying how Linux sucks. But honestly, I don't recall any of them ever using security as a reason for the suckage. Usually it's more multimedia pointy-clicky reasons, many of which I agree with sometimes as far as the desktop is concerned. But...
Quote:
Originally Posted by kstan
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).
The problem I see with this logic is that "a newbie who want to install many thing without sufficient security knowledge or concern" would be just as bad (or worse) of a security problem on Windows. But you only raise the concern for Linux, which in my book means you are using a double standard.
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).
A good practice can protect Linux System very well, but there is quite many way to compromise Linux OSes as well. It may not the fault of Linux but it nobody know. In Ms. Windows there is so many existing 'all in 1' tools to secure, monitor the entire OSes, in Linux there is some tools but decentralize and hard to use. The worst thing is, a lot of people don't know it, included myself.
*please don't think I'm putting fire, 99.9% of my time in Linux desktop environment and I found that it's hard for me to maintain the good practices. Unless I want to sacrify my time to build many thing from the source.
At the end, Windows sucks, Linux sucks too, probably apple become better choice.
*Suddent I have some ideal, If there is some plugin for package manager or source code analysis tools to help us analyse the source code (whether got any poison code or virus component) or some rpm/deb packages before we install it that will be very good for Linux administrators.
Whats your opinion everybody?
Regards,
Ks
why would apple become the better choice?, if you haven't been paying attention to the news, there was actually a 0SX worm, I belive, and OSX is based on unix as well, so if anything its just as secure as linux or less, its alot harder to make an exploit in something thats open-source then closed-source software because people are constantly reviewing the code and so the holes are fixed alot sooner then closed source products so that means OSX is probably less secure then Linux
why would apple become the better choice?, if you haven't been paying attention to the news, there was actually a 0SX worm, I belive, and OSX is based on unix as well, so if anything its just as secure as linux or less, its alot harder to make an exploit in something thats open-source then closed-source software because people are constantly reviewing the code and so the holes are fixed alot sooner then closed source products so that means OSX is probably less secure then Linux
I mean, I always stay at Linux environment, so I found I got a lot of constraint make me hard to maintain the good security practices. The reason is sometimes I need to use some softwares from several party. Why this happend I guess everybody already know. Once we install particular softwares it can compromise the Desktop and no any software in Linux can detect it.
I Microsoft Windows or Apple, a complete suite of softwares is ready to use, they are stable and people pay for it's high quality product(In Linux we need to dig arround in internet and probably we can find any suitable software). Except commercial supported product, we can have pretty simple GUI security suit which able to help us detect abnormal inside the computer (I mean Windows+personal computer security suit). The wonderful thing is administrator can deploy same setting to entire network easily, either enforce Kerberos, IpSec, ticket and etc.
Finally, I know Linux is good in some sense, but the security features is not sufficient yet. I work in a manufacturing company and I responsible for entire company, from security, productivity and etc. For myself Linux is good enough for most of the thing, just no softwares for me to enforce and make sure security is proper implemented at every client pc. Centralize management is current trend. Lets imagine in Desktop market share Windows and Linux share is 50% x 50%, the kind of viruses for Linux will suddenly increase dramatically, then you will find that Linux got more thing to improve in security portion.
You should only install software from trusted sources anyways, and if you install stuff in windows or mac the desktop would be compromised as well so your point is? and you can get avast and avg for linux so I have no idea what you are trying to say
Last edited by AceofSpades19; 09-21-2007 at 10:06 PM.
again, i mean desktop environment. it involve a lot of thing to concern, user friendly, less headache, easy installation and etc. Ip tables, clamav, phishing and etc bring a lot of trouble for user who don't know it. If you familiar it then you will think find. but fot those not familiar with security, they will have trouble. avg scan virus, but its no a full suit of security toolkit to secure the desktop environment.
all moderen browsers have anti-phishing built into them. I don't see how having an anti-virus can secure a machine when the person in control doesn't have common sense because if they don't have common sense not to just go and download anything and install then they will break their system many other ways alot faster then getting a virus
Reading this thread I would like to make a few remarks for Kstan's benefit.
First of all the emphasis on viruses is typically the mindset of Windows users, and using "popularity" as a starting point for a discussion with respect to GNU/Linux doesn't work, because due to the OS architecture being different, the threat set for Unices is different: piggybacking malware, rootkits, exploits and whatever else due to not hardening the system, lack of maintenance, misconfiguration, lack of auditing. For example the incidents this forum has dealt with over the past years could be classified somewhat like this: 95 percent "malware" (think PHP includes loading spam bots), 4 percent exploit/rootkits and 1 percent "other". Now the "other" stash does not include viruses. Why not? Because, as I said before in other threads, there are only 10 and all but one are proof of concept. A worm is not a virus, an exploit is not a virus and a log wiper is not a virus and a rootkit is not a virus. Still AV engines will happily classify worms, exploits, about anything as "virus" because of marketing value: instilling fear in uneducated users always works. (I use multiple AV engines and my prime reason is quick determination of files for incident handling purposes.)
Secondly (Kstan having admitted this already) a lot of this discussion evolves around a lack of knowledge and a perception that's "malformed" because of using Windows. Lack of knowledge is nothing to be ashamed of but you should fill that void one way or the other. If you do so you won't have to ask some questions and it should rid you from the idea that "because Windows does it that way GNU/Linux should too" (basic UNIX architecture, privilege separation, DAC rights). That GNU/Linux does not have "one centralised tool to rule them all" should not be seen as a hiatus but as an advantage (single point of failure, modularity).
Finally please do not use *your* lack of time (or anything else that clearly is a problem of you, not the OS) as an excuse for saying "Linux sucks". It doesn't help the discussion, it only shows *you* being the "problem" (with all due respect).
That said maybe we should turn this thread (or a new one) into a basic "from the ground up" install/config fest showcasing the things GNU/Linux does have and how using those can mitigate threats?
kstan linux is not lacking security tools as many people have stated. Linux is also not lacking GUI all-in-one security. Mcafee and Syamantec make enterprise security suites for linux just like they do windows. The one thing that linux is missing is a "FREE" all-in-one GUI security tool. But then again so is windows. The tools that you are talking about are commerical products that you have to pay for in windows so why would you not have to pay for those same applications in linux? I dont believe that the problems is that they dont exist but the problem is you are comparing commerical windows application to linux free applications. The programs are there for linux but you just have to pay for them just like windows.
PS. If you want to find them google "Linux Enterprise Security"
The tools that you are talking about are commerical products that you have to pay for in windows so why would you not have to pay for those same applications in linux?
This forum tries hard to stay away from discussing commercial solutions unless there's no realistic alternative. The reasons for that are similar to those for chosing any other OSS products: interoperability based on open standards, the relative security of being able to audit and enhance the source, the ability to fix bugs, the "right" licensing and a lack of problems due to vendor lockin. That you have to pay for proprietary software on one platform itself is no valid reason to pay for it in GNU/Linux as well.
Quote:
Originally Posted by slimm609
PS. If you want to find them google "Linux Enterprise Security"
Even though I'd like this forum to stay away from discussing commercial solutions, in this case I'd like to invite you to post the exact URI's of the products you had in mind. I admit I'm curious since I've looked at one commercial enterprise suite and for some of the applications in that suite there wheren't even GNU/Linux versions available.
linux is not lacking security tools as many people have stated. Linux is also not lacking GUI all-in-one security. Mcafee and Syamantec make enterprise security suites for linux just like they do windows. Seems good, I think they realize Linux need it.
The one thing that linux is missing is a "FREE" all-in-one GUI security tool. But then again so is windows. The tools that you are talking about are commerical products that you have to pay for in windows so why would you not have to pay for those same applications in linux? Who say not? I agree to pay for it.
I dont believe that the problems is that they dont exist but the problem is you are comparing commerical windows application to linux free applications. The programs are there for linux but you just have to pay for them just like windows.
PS. If you want to find them google "Linux Enterprise Security"
Quote:
Originally Posted by unSpawn
This forum tries hard to stay away from discussing commercial solutions unless there's no realistic alternative. The reasons for that are similar to those for chosing any other OSS products: interoperability based on open standards, the relative security of being able to audit and enhance the source, the ability to fix bugs, the "right" licensing and a lack of problems due to vendor lockin. That you have to pay for proprietary software on one platform itself is no valid reason to pay for it in GNU/Linux as well.
Even though I'd like this forum to stay away from discussing commercial solutions, in this case I'd like to invite you to post the exact URI's of the products you had in mind. I admit I'm curious since I've looked at one commercial enterprise suite and for some of the applications in that suite there wheren't even GNU/Linux versions available.
If read from initial post from this topic, the objective of this topic is what is the pattern of Linux viruses, discuss all commercial tool is not my purpose at all. I feel innocent because the the topic go the the direction I not indent to talk about(We write many thing something is or isn't a virus as well). Again, the purpose of this topic is what will happend when people want to write an virus for Linux. What the virus look like? How it going to effect the the Linux, if all I'd mentioned is not virus, then linux viruses exist in the world(Please refer initial post)?
It's hard to say, as GNU/Linux likely has some really unconventional positioning on their SWOT analysis. Sure, GNU/Linux could be considered an opportunity for them - but it's a much bigger threat. Also, keep in mind that they are corporations, so their goal isn't to satisfy any OS's needs - it's maximizing shareholder wealth. My guess is they don't wanna leave any bases uncovered, and they wanna have their foot in the door if there is some sort of significant rise in market demand for that type of software.
But because of the reasons already mentioned by unSpawn (lack of open standards compliance, non-ability for users to audit the source code, vendor lock-in, etc), it would be quite an endeavour for them. Personally, I'd never buy their desktop products, and I know none of my GNU/Linux-using friends would either. I'm sure these corporations are aware of this mentality, as it must be reflected in their GNU/Linux user surveys, so it would make sense to assume their target is mainly gonna be Windows users and IT managers who just made the switch (or just got some GNU/Linux boxes dropped on their laps) and don't know any better.
It's hard to say, as GNU/Linux likely has some really unconventional positioning on their SWOT analysis. Sure, GNU/Linux could be considered an opportunity for them - but it's a much bigger threat. Also, keep in mind that they are corporations, so their goal isn't to satisfy any OS's needs - it's maximizing shareholder wealth. My guess is they don't wanna leave any bases uncovered, and they wanna have their foot in the door if there is some sort of significant rise in market demand for that type of software. I agree
But because of the reasons already mentioned by unSpawn (lack of open standards compliance, non-ability for users to audit the source code, vendor lock-in, etc), it would be quite an endeavour for them. Personally, I'd never buy their desktop products, and I know none of my GNU/Linux-using friends would either. I'm sure these corporations are aware of this mentality, as it must be reflected in their GNU/Linux user surveys, so it would make sense to assume their target is mainly gonna be Windows users and IT managers who just made the switch (or just got some GNU/Linux boxes dropped on their laps) and don't know any better.
I think another way, corporate environment the security and safety always the top priority. assume we are Linux consultant, we need guarantee our customer who'd switch to linux desktop environment. Its very too late when customer accidently run some virus in their network. So, the commercial AV vendor estimate Linux Desktop is increasing and they realize they need to provide customer necessary solutions. For me this is a good start.
I think another way, corporate environment the security and safety always the top priority. assume we are Linux consultant, we need guarantee our customer who'd switch to linux desktop environment. Its very too late when customer accidently run some virus in their network. So, the commercial AV vendor estimate Linux Desktop is increasing and they realize they need to provide customer necessary solutions. For me this is a good start.
Yeah, that sounds exactly like something the companies' marketing departments would say. Except for the "guarantee" part, of course. There are never any guarantees in these matters, as is clearly explained in the legal documentation on any of these companies' websites.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.