Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Apparently, you open an innocuous seeming email, and bam, some program takes control of your computer! To install anything that can affect the system in Linux you would need to know the root password, right??
I just wondered if this kind of thing only affects Windows, or if it can also affect Linux computers? (not that I have any secrets to keep hidden)
Apparently, you open an innocuous seeming email, and bam, some program takes control of your computer! To install anything that can affect the system in Linux you would need to know the root password, right??
If it needs local libraries yes. But if it runs alone in your home directory there is no need.
Quote:
I just wondered if this kind of thing only affects Windows, or if it can also affect Linux computers? (not that I have any secrets to keep hidden)
Malware and/or intrusions affect all disk operated systems. But generally these threats cannot easily run under Gnu/Linux/Unix.
Can a program be downloaded in Linux as executable? Could it do things like send information without my knowledge or consent? Wouldn't it have to get sudo permission?
Can a program be downloaded in Linux as executable?
Yes there are some. In linux community some popular programs are offered in a pre-built binary; examples to these are Firefox and Seamonkey browsers; indeed almost all browsers are offered with following options: source (you will need build it yourself), configuration with sources (like slackBuilds) and binary form (e.g. firefox-bin). But don't think the way M$oft users think of binaries (*.exe) because it is far from that concept. There is no exe here; if ever a binary file lies in your system it wouldn't execute itself unless you own it or unless its permission allows you to.
In short an .exe file cannot run here.
Quote:
Could it do things like send information without my knowledge or consent?
Less likely, unless you are running as root, or you intentionally run it your self. \
Some known safety habits are ---
a) Do not download anything you do not understand;
b) Do not login to X and go out to the internet as *root* because by doing this you are acting like a poor M$Windows user who doesn't know he is running to the internet as root. Login rather as an ordinary user.
c) Any malicious java script can lie in your cache, visit these folders often and delete anything undesirable:
$USER/.cache
/var/tmp
/tmp
d) Do not install things you do not trust.
e) Do not run *wine*.
Quote:
Wouldn't it have to get sudo permission?
You alone has the sudo power.
Hope that helps. Good luck and enjoy.
m.m.
Last edited by malekmustaq; 08-23-2016 at 07:28 AM.
Thanks for the comments and links. Very interesting.
I'm wondering, if I run Windows 8.1 in Virtual Box, will that prevent malware?
I have to use Windows for my online bank, it will not work with anything else, I have to download the banking program from icbc.com.cn. That's the only thing I use Windows for, but Windows is excruciatingly slow to start and stop. I never timed it, but it seems to need about 5 to 10 minutes to get going or stop. I suppose it has a lot of crapware connecting to things I will never know about. My Ubuntu needs about a minute to start and about 5 seconds to shutdown. Luckily, I don't need to go to my online bank very often.
You would be wise to assume that security holes exist in Linux as well. Professional hackers have been successful at gaining access to almost every system.
Generally, phishing and other attacks are designed to attack Windows computers, because Windows is the majority of computers. The hunters hunt where the game is most plentiful; the shotgun is loaded for Windows, not for Linux.
For grins and giggles, I once clicked one of those "Your computer is infected with viruses" pop-ups on a website and watched the dialog claim to be scanning my C:\ drive. I was using Linux and I had no C:\ drive.
Those attacks could be easily be re-engineered to attack Linux computers. Because the Linux security model is inherently more secure than that of Windows (user does not have default administrative privileges), they would likely do less damage. Damage would probably be restricted to user's home directory, all other factors being equal.
Linux is inherently more secure, but that does not relieve user from the obligation to practice safe HEX.
I have to use Windows for my online bank, it will not work with anything else, I have to download the banking program from icbc.com.cn.
Gladly I share to you my similar situation. I am pure blooded OSS user/votary/activist but how did I solve the situation where the bank and/or government make their services through M$ dominated methods? Of course I cannot give up my business nay my duties to the State. This I did.
a) I have to isolate my signals. Must be landline --definitely NO wi-fi in these transactions.
b) No way to run wine or virtual --it is dangerous to weaken Unix implementation under Gnu/Linux by running a M$ over it. So I bought a cheap machine solely for that purpose; the other location is by way of hosting a M$Win7 in a separate partition, dual booted.
c) I called the bank to try to implement solution when the client is running Firefox. They soon replied after two months that particular version of Firefox is qualified.
d) I run that machine only for that exclusive purpose.
e) I always monitor clean up the internet\temp folder.
I think that is the only way to be secured the least possible.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by ondoho
malekmustaq & pedroski, why can't you just change your bank?
Drastic as this sounds I think I would do this if my bank decided to become part of Microsoft's marketing department. Well, first I would send them a communication (possibly physical letter) asking them nicely to explain how to use Linux to access things, if they didn't reply with such I would likely ask them to help me move my money to another bank not owned by Microsoft. I'd also send the correspondence to somebody like www.theregister.co.uk also in order to warn others that the bank was a Microsoft marketing outfit.
These people need to be stopped. So, if it's possible (and I know it's not always) then, yes, move banks.
Well, the other banks in China are no better, so changing banks would not be a step forward. Also I'm a poor man, so they probably would not notice if I left. ICBC is very big, I don't know that even MS could 'own' ICBC! I don't think that is the motivation for the use of Win.
I've often thought that, although MS complains about 'illegal copies' of Windows circulating here in China, I'm sure some people are quite happy to see Win on Govt. computers and Universities all over China. I know it is only the evil Chinese who hack other countries' computers, but if, just if, hypothetically, an American agency wanted to hack just one computer in China, wouldn't that make life easier for said agency?
malekmustaq & pedroski, why can't you just change your bank?
That would be a shortcut solution ondoho. But as you see in capitalist countries camaraderie to bank manager and board members can override minor decisions if there are quiet workable solutions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.