LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Linux Antispyware and Antivirus (http://www.linuxquestions.org/questions/linux-security-4/linux-antispyware-and-antivirus-483655/)

SBN 09-15-2006 01:42 AM

Linux Antispyware and Antivirus
 
-I have a windows unit connected to the internet in 30 minutes i surf the web and download a lot of stuff and when i scanned my windows unit for virus and spywares there more 10 trojan, backdoor, cookie, keylogers and other shits! that detected.
-i also surf the web and download a lot of stuff in the internet from my linux unit. and my concern is will i have the same problem regarding virus and spywares like my windows unit.
-Does linux require an antivirus and antispyware?

Nathanael 09-15-2006 02:03 AM

nope
if you desperatly want to - you could run viruses in wine but that might be more work than worth...

you will not get infected on a linux pc as all (or all circulating) viruses are layed out for windows. windows apps don't run under linux (nativly). same thing for spyware: these apps are windows executables or something similar

the only time you should watch out is when you pass files on to others which you got from some windows pc - either your own or somebody elses.

zhangmaike 09-15-2006 02:43 AM

As far as Linux goes, viruses and spyware are generally considered a non-issue. This is more because of a good security model and modular design than the lack of Linux malware in general.

Just use common sense...
  1. Use the all-powerful root account ONLY for system administration.
  2. Use other low-priveleged users for web browsing and everything else.
  3. Run/install programs from untrusted sources only with an unpriveleged user.
...and any "successful" attack will not be able cripple your system.

The mechanisms viruses and malware require to function simply don't exist under Linux unless you intentionally put them there.

SBN 09-15-2006 03:16 AM

-ok thats good news. so viruses and spywares are not an issue in linux. then why there are some linux antivirus built.
what are the mechanisms viruses and malwares require to function.

carcam 09-15-2006 03:24 AM

Well, you have antivirus in Linux because lots of Linux systems are used as servers for other windows machines, so you need an antivirus to make sure that your network system is trustable.

Nathanael 09-15-2006 03:59 AM

you also run anti spam and anti virus on mail servers, file servers, proxy servers - lagrly these are run on linux systems

win32sux 09-15-2006 04:06 AM

Quote:

Originally Posted by SBN
-I have a windows unit connected to the internet in 30 minutes i surf the web and download a lot of stuff and when i scanned my windows unit for virus and spywares there more 10 trojan, backdoor, cookie, keylogers and other shits! that detected.

i assume you are over-dramatizing your situation, right?? cuz if this is *literally* happening to you then something is terribly wrong - either with your windoze system or your administration/usage habits...

Quote:

-i also surf the web and download a lot of stuff in the internet from my linux unit. and my concern is will i have the same problem regarding virus and spywares like my windows unit.
no, you won't have the *same* problem on linux... that's basically the answer to the question... but that does not mean you should feel immune to malware... you still should practice common sense and take as many security precautions as you are able to... in other words, the general security concepts on desktop linux are pretty much the same as on windows, or mac, or any other desktop OS...

as a practical (and not so general) *example*, the NoScript firefox extension has been recommended by many experts, as it significantly lowers the potential for disaster while surfing the web...

Quote:

Does linux require an antivirus and antispyware?
it depends on what you are refering to... but since you are talking about desktop linux, the answer is "NO, not yet at least"... the basis for this is that there are so many linux desktop users without anti-virus etc. who have never had any virus or spyware problems... so we can say for sure that they are not *required*... keep in mind that technically they aren't "required" on windows either, ahem...

but security isn't about only doing required stuff, it's about adding layers - so if you feel that your linux box will be much safer by having anti-virus/spyware then by all means go ahead and run them... as a bonus, you'll have a head-start if viruses/malware for desktop linux ever get to the point where we all need to start seriously considering all the anti-whatever software...

Quote:

Originally Posted by Nathanael
you will not get infected on a linux pc as all (or all circulating) viruses are layed out for windows.

this is the type of feeling of immunity i was referring to in my post above... linux is not immune to anything, and we need to stop acting like it is... yes, linux is very secure, and in the hands of a good admin, it's EXTREMELY secure... but to say that "you will not get infected" is simply irresponsible IMHO - even though it might in fact be true for many admins...

there have been many linux boxes infected and/or taken-down by viruses/worms/etc in the past... this is in itself proof that these things DO happen - and we should always be prepared for them... it's true that there are currently no linux viruses/worms running around in the wild, but don't let that give you a false feeling of security...

Quote:

windows apps don't run under linux (nativly). same thing for spyware: these apps are windows executables or something similar
this is a dangerous over-generalization... if what you are saying was true, then one would be able to install firefox extensions on linux like crazy and from anywhere without ever having to worry about malware... this is definitely not the case... malware is not limited to any particular platform...

Quote:

the only time you should watch out is when you pass files on to others which you got from some windows pc - either your own or somebody elses.
this is IMHO not the type of advice we should be giving-out here on LQ... once again, your comment assumes that linux is immune to this kinda stuff... my advice is that you scan any file that gets sent to you... clamav, for example, will pick-up not only windoze viruses, but also many types of exploits and rogue code - some of which will indeed run on linux, at the very least in a multi-platform manner... as an (PoC) example, i could use firefox exploits which would DoS you no matter if you were on linux or windows or whatever...

Quote:

Originally Posted by zhangmaike
As far as Linux goes, viruses and spyware are generally considered a non-issue.

i agree that this is the way many (if not most) linux users feel - unfortunately...

Quote:

This is more because of a good security model and modular design than the lack of Linux malware in general.
if you are referring to why people tend to consider viruses and spyware non-issues on linux, i would disagree... i would instead argue that it's because those users are over-confident in linux's security from the start, or perhaps they base themselves on the statistics which show HUGE differences in infection rates between linux and windoze boxes...

if on the other hand you are referring to the low incidence rate of these things on linux, i would argue that it's a little of both (good design but also lack of malware)...

Quote:

Just use common sense...
common sense isn't so common!!! :)

Quote:

[*]Use the all-powerful root account ONLY for system administration.
[*]Use other low-priveleged users for web browsing and everything else.
this is good advice... i would add that your first point (and consequently the second) is one of the most common mistakes linux newbies make - often with catastrophic consequences...

Quote:

[*]Run/install programs from untrusted sources only with an unpriveleged user.
or better yet, NEVER run programs from untrusted sources...

Quote:

...and any [...] attack will not be able cripple your system.
unless the attacker is using a privilage-escalation exploit - because in that case, it wouldn't matter which account you used... what could save you in such a case is if you did some system hardening, like with grsecurity or something like that which might prevent the attacker from exploiting the vulnerability even while unpatched...

Quote:

The mechanisms viruses and malware require to function simply don't exist under Linux unless you intentionally put them there.
could you please elaborate a little on this?? it sounds kinda strange IMHO...

Quote:

Originally Posted by SBN
so viruses and spywares are not an issue in linux.

that is false... viruses and spyware are an issue on any desktop OS... yes, on linux you have to do a LOT less worrying about these things, i'll give you that much... but to say they aren't an issue is way too far-fetched... as a linux desktop system administrator, it is your responsibility to make sure that that viruses and spyware are ALWAYS an issue...

Quote:

then why there are some linux antivirus built.
mainly for detecting windows viruses - but not exclusively for that... virus scanners will also pick-up viruses and other evil code for all kinds of different platforms (yes, including linux)...

Quote:

what are the mechanisms viruses and malwares require to function.
my guess is things like: lazy administrators, "invincible" administrators/users, clueless users, software vulnerabilties and exploits, poor software (regarding security), misconfigurations, etc... which is why when zhangmaike posted about this it sounded strange to me, as these are things that exist on any platform... therefore, i assume he was referring to something else...

Quote:

Originally Posted by carcam
Well, you have antivirus in Linux because lots of Linux systems are used as servers for other windows machines, so you need an antivirus to make sure that your network system is trustable.

yeah, this is the *main* reason...

zhangmaike 09-15-2006 04:41 AM

Quote:

Originally Posted by win32sux
could you please elaborate a little on this?? it sounds kinda strange IMHO...

Sure.

I meant that one would have to intentionally go against one of the "common sense" practices to allow such a security breach to occur. (Though, it's certainly also possible through user ignorance or privelege escalation.) In hindsight, this could probably have been worded better. What seems purposeful to me may very well be accidental to a newbie. As long as programs run with minimum priveleges, then any successful attacks on those programs will yield minimum damage; you might lose parts of your home directory, but the system itself will remain intact and running. By today's virus standards of massive destruction and system failures, this is hardly even a scratch.

About that privelege escalation point: if all userspace programs (services, etc.) are run as low-priveleged users, then the only potential for such a disastrous exploit is at the kernel level... and such holes are incredibly rare (I can't remember the last time I heard of a potential root-privelege exploit for the Linux kernel, let alone one that could be performed remotely). :twocents:

Correct me if I'm wrong, though.

Quote:

i assume you are over-dramatizing your situation, right?? cuz if this is *literally* happening to you then something is terribly wrong - either with your windoze system or your administration/usage habits...
Personally, I believe him. I've connected a spare machine outside of our network firewall (directly to the outside WAN) so that I could observe the traffic that would be hitting our network if the firewall were not in place. The vast majority of packets logged were attempts to exploit a windows vulnerability (such as file sharing or the messenger service). These packets were literally arriving in the dozens every second.

Nathanael 09-15-2006 04:53 AM

Quote:

Originally Posted by win32sux
this is the type of feeling of immunity i was referring to in my post above... linux is not immune to anything, and we need to stop acting like it is... yes, linux is very secure, and in the hands of a good admin, it's EXTREMELY secure... but to say that "you will not get infected" is simply irresponsible IMHO - even though it might in fact be true for many admins...

yes, linux is imune to quite a bit of stuff... it always depends what you are looking at and stating that linux is not imune to anything is simply wrong!
windows viruses and windows executable will not affect linux systems - simply because they are not designed to run on linux but on windows - hence a lot of people use wine or a vm to run apps designed for windows.
considering that the member is asking if his linux system is safe when being concerned after checking his windows client, the answers provided are all perfectly valid!

I do agree however that there are a lot of exploits for linux services. though if one keeps software up to date and does not install root-kits danger of that nature is not all to close (at least not for simple desktop users)

network and server admins do have more to do here (i agree again), but, keeping software up to date and running a well setup firewall and intrusion detection systems even here does a pretty good job of keeping one closer to the safe side as running similar services on windows servers.

the availability of viruses and tojans for windows is a lot higher and anything else.

win32sux 09-15-2006 04:56 AM

Quote:

Originally Posted by zhangmaike
Sure.

I meant that one would have to intentionally go against one of the "common sense" practices to allow such a security breach to occur. (Though, it's certainly also possible through user ignorance or privelege escalation.) In hindsight, this could probably have been worded better. As long as programs run with minimum priveleges, then any successful attacks on those programs will yield minimum damage; you might lose parts of your home directory, but the system itself will remain intact and running. By today's virus standards of massive destruction and system failures, this is hardly even a scratch.

agreed... then again, if you didn't have a backup of the destroyed /home/* dir it could indeed be considered 1,000 times more serious than if your operating system itself was trashed... :)

Quote:

About that privelege escalation point: if all userspace programs (services, etc.) are run as low-priveleged users, then the only potential for such a disastrous exploit is at the kernel level... and such holes are incredibly rare (I can't remember the last time I heard of a potential root-privelege exploit for the Linux kernel, let alone one that could be performed remotely). :twocents:

Correct me if I'm wrong, though.
you're not wrong... they are indeed not common... but keep in mind that since we are talking spyware and viruses, remote exploitability isn't really a requirement, as the user himself will be doing the execution of the evil binary - locally...

i'm sure you'll agree that the incidence of locally-exploitable privilage escalation vulnerabilities has been MUCH higher than remote ones... of course i'm not basing myself on raw numbers, i'm just using vague recollection...

Quote:

Personally, I believe him. I've connected a spare machine outside of our network firewall (directly to the outside WAN) so that I could observe the traffic that would be hitting our network if the firewall were not in place. The vast majority of packets logged were attempts to exploit a windows vulnerability (such as file sharing or the messenger service). These packets were literally arriving in the dozens every second.
i see what you mean... the thing is i had assumed for some reason the OP was talking about a firewalled machine... i guess it was cuz of the spyware context of the thread maybe... it sounded to me like he was referring to web surfing as the only infection vector... needless to say, if that were the case, then i would indeed be shocked (even considering how ridicuously weak windoze is)... but if incoming connections were also a vector, then i have no problem believing... :)

win32sux 09-15-2006 05:16 AM

Quote:

Originally Posted by Nathanael
yes, linux is imune to quite a bit of stuff... it always depends what you are looking at and stating that linux is not imune to anything is simply wrong!

you are right... my comment about linux not being immune to anything is *technically* wrong (of course there are things linux is indeed immune to)...

but my point still remains - linux is not immune to things like viruses, malware, worms, etc. which is what i was referring to... this is a common and growing misconception which i have been observing in many people when they talk to potential newcomers about linux's benefits...

Quote:

windows viruses and windows executable will not affect linux systems - simply because they are not designed to run on linux but on windows - hence a lot of people use wine or a vm to run apps designed for windows.
yes, i agree...

Quote:

considering that the member is asking if his linux system is safe when being concerned after checking his windows client, the answers provided are all perfectly valid!
i think i understand where you are coming from now... basically, you were assuming he was asking about the threat to his linux box from the windows-specific malware... right?? that would explain your posts...

i, on the other hand, was assuming he was asking about *equivalent* threats on his linux box - as is typical of these oh-so-common anti-virus/spyware threads... i made the (perhaps wrong) assumption that it's common knowledge that windows-specific malware will only run on windows (unless of course you use wine, yada yada yada)...

Quote:

I do agree however that there are a lot of exploits for linux services. though if one keeps software up to date [...] danger of that nature is not all to close (at least not for simple desktop users)
yup... and sometimes getting OWNED will be out of our control even if we are as up to date as possible... zero-day exploits are not as uncommon as people think IMHO... which is why extra security measures should always be welcome - even on desktops...

Quote:

and does not install root-kits
usually the person who has cracked your box will kindly (and quitely) install this for you... :)

what you can do is use a rootkit scanner to see if anyone has "been so kind" to you lately:

http://www.rootkit.nl/

http://www.chkrootkit.org/

NOTE: i'm posting this rootkit stuff for any newbies reading this...

Quote:

network and server admins do have more to do here (i agree again), but, keeping software up to date and running a well setup firewall and intrusion detection systems even here does a pretty good job of keeping one closer to the safe side as running similar services on windows servers.
i agree... i'd also suggest that anybody running a server use some type of system or kernel-level hardening... grsecurity, AppArmor, SElinux, etc... any of those is usually better than nothing at all...

Quote:

the availability of viruses and tojans for windows is a lot higher
indeed... there's no question about that...

the controversy begins when people start coming-up with reasons for this... on one side you'll have those that say it's because linux is more secure... on the other side you'll have those that say it's because linux is a smaller target (referring to the desktop)...

like i said before, i personally feel it's a little of both - but whatever - it's beside the point...

zhangmaike 09-15-2006 05:47 AM

Quote:

but keep in mind that since we are talking "spyware" and the like, remote exploitability isn't really a requirement, as the user himself will be doing the execution of the evil binary - locally...
In the end, regardless of how secure the structure of the OS is, the user always has the ability to render it moot. In my opinion, this is a Good Thing. The operating system should inherently protect the user and the system from intrusion, but it should not protect the user from himself - the user controls the system, not the other way around. When the user loses control of the operating system, it ceases to be an operating system.

Quote:

i'm sure you'll agree that the incidence of locally-exploitable privilage escalation vulnerabilities has been MUCH higher than remote ones...
Definitely true.

In fact, if all else fails, all you need is a boot disk. :) Unless you're one of the few that encrypts their hard drives, physical access is all anyone needs with your typical computer system.

It all comes down to personal preference; find your own reason to use what you want. Regardless of how much more secure/stable a modular OS structure is compared to a monolithic one, it's always possible to shoot yourself in the foot. There's a favorite C vs. C++ quote of mine (shamelessly copied from fortune) that could easily be applied here if you replace the languages with operating systems:
Code:

C makes it easy for you to shoot yourself in the foot.  C++ makes that
harder, but when you do, it blows away your whole leg.
                -- Bjarne Stroustrup


win32sux 09-15-2006 05:58 AM

Quote:

Originally Posted by zhangmaike
In the end, regardless of how secure the structure of the OS is, the user always has the ability to render it moot. In my opinion, this is a Good Thing. The operating system should inherently protect the user and the system from intrusion, but it should not protect the user from himself - the user controls the system, not the other way around. When the user loses control of the operating system, it ceases to be an operating system.

this is great stuff, man!!! quite inspirational... :)

Quote:

Definitely true.

In fact, if all else fails, all you need is a boot disk. :) Unless you're one of the few that encrypts their hard drives, physical access is all anyone needs with your typical computer system.
exactly! which brings us to our next topic: information security policies and procedures...

hehe... j/k...

Quote:

It all comes down to personal preference; find your own reason to use what you want. Regardless of how much more secure/stable a modular OS structure is compared to a monolithic one, it's always possible to shoot yourself in the foot. There's a favorite C vs. C++ quote of mine (shamelessly copied from fortune) that could easily be applied here if you replace the languages with operating systems:
Code:

C makes it easy for you to shoot yourself in the foot.  C++ makes that
harder, but when you do, it blows away your whole leg.
                -- Bjarne Stroustrup


that is so true... keep in mind since i don't know how to program, i replaced it like:
Code:

Windows makes it easy for you to shoot yourself in the
foot. GNU/Linux makes that harder, but when you do,
it blows away your whole leg.



All times are GMT -5. The time now is 11:13 PM.