Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
my harddisk is partitioned into two partitions, one holding linux, the other windows. if my linux is hit by a virus or spyware or trojan, then when i connect to the net using windows, will my system be exposed to these malicious wares? (my windows has both antivirus and firewall in place).
Thanks in advance for answer my queries.
There are no Linux viruses in the wild, due to the extreme difficulty of creating them. Linux has a far better security model than windoze and, while not perfect, makes viruses very difficult to implement. As for Trojans & Spyware, just don't so anything stupid and nothing will happen.. I don't know if there are any for linux, but i've certainly never come across any. But anyway, if by some freak chance linux got infected, it would not affect windoze, as linux binaries cannot be run on windoze and vice-versa.
As for windoze, don't rely on firewalls and antivirus to protect you, they sure help, but there are so many critical flaws in the OS itself you're screwed anyway. All I can say is good luck with windoze...
Just make sure your Windows machine can't connect to your Linux machine as a privledged user to keep from getting your Linux hacked via Windows if Windows is infected or is connected to the web. If it's the other way around (Linux on the web) you can probably get full control of your Windows machine with the Linux user owning the VNC, but it shouldn't be any less safe than just connecting to the web with a Windows machine by itself.
I set up a vnc server on my remote linux, and i use another linux (client) to access this vnc server. If my remote linux is infected, will my linux(client) be affected?
Infected with what? As infinity said there are almost no viruses for Linux and none of them have spread widely. A virus would actually require your manual intervention to infect you, ie you'd have to download it, save it to the hard drive, change the permissions on it and then execute it from a terminal. There is also currently no known spyware targetting Linux (it simply isnt a big enough market and has no equivalent of the easily hackable activex on its web browsers) and the equivalent of trojans, which are generally called rootkits in Linux, are things which have to be manually installed by the hacker after they've already compromised your box.
The only way that you could get infected through VNC like that is if some massive vulnerability where discovered in VNC and someone managed to hack the box you are vnc'ing into to get it to send something bad down the connection at you. Such a vulnerability doesn't exist and nothing like it has ever been discovered in VNC.
Really all you need to do is get your firewall settings right and use your distro's update check mechanism every day. Don't run suspicious files or scripts (you'll likely be sticking to packages built for your distro by relatively trusted people anyway) and you should be secure.
Even Windows (yeech... ) is not "the poor kid at school who picks up every cold that comes within a hundred miles of the schoolhouse." Windows malware is uncommonly-successful due to a combination of two reasons:
There are millions of Windows machines out there, all connected to the Internet.
On a substantial number of those machines, the logged-on user is an Administrator, with carte blanche access to the machine.
A "rogue program" is nothing magical: it's simply a program, having malicious intent, that manages to execute on your machine, under your user-id, without your knowledge or consent. It proceeds to wreak havoc by doing things that your user-id is authorized to do, but that you (and no one in their right mind) would actually choose to do. If your user-id is authorized to do "anything," then if the rogue says, "Kill yourself!" your computer will say, "yes, master..." (And Linux would equally-well obey a command sequence like "cd /;rm -rf *" if issued by root. Same suicide, same reason, different language.)
If you take the very simple precaution, as a Windows user, of ensuring that you daily login account is a "Limited User," not "Administrator," then you will find that most of the things a rogue program will attempt to do will fail. Anything truly-nasty that the rogue might do will be limited in scope to "only that user's files." (And if, say, the Windows system simply had a once-daily scheduled task that copied all of a user's home-directory to a backup directory, owned by a separate user-ID and thus enforceably "read-only" to the original user, even those files would be quite securely and painlessly protected!)
The majority of Windows installations, at least home and small-business installations, simply do not bother to do any of these things, and this is why they are continuously struck and why they suffer millions of dollars' worth of damage as a result. I'm not defending Windows here but ... It isn't Windows' fault... it's theirs!
An anti-virus program is a high-tech equivalent of a bailing-pump ... when the correct solution is to close the gate in the dam!
Last edited by sundialsvcs; 07-25-2005 at 06:01 PM.
A "rogue program" is nothing magical: it's simply a program
Exactly. If only all these people who come on messageboards like this realised that this is why there is no reason to need anti-virus or anti-spyware programs on Linux. To get infected by something in Linux you would have to manually download and execute something manually, there's no mail program that's like older Outlook/Express versions that automatically execute attachments or browsers like IE with its flawed zones security model and ActiveX. There is no need for band-aid, treat-the-symptoms-not-the-problem solutions like anti-virus scanners or spyware removers for Linux. And if you're extra careful in Windows you probably won't need it there either - I didn't get a virus or spyware infection for a couple of years running Windows 2000 and then XP before I switched to Linux.
Well, Microsoft doesn't help anyway because their programs access the secret innards of the Operating System, which is dangerous..... Their dirty tricks backfire....
You can only "secure" a Windows machine if you turn off NetBIOS, Windows Messenger, UPnP, Active-X (which a lot of sites use) and MS-"RPC" (used by many services) and block their own programs to protect their own OS.
NTFS permissions, too, are ugly... How can most people ever use them effectively?
Their patches are all faulty... How can you trust them?
Also, you must update the antivirus almost everyday. Your box is not only insecure while it's being online: it is too if it was turned off some time
You can secure a Linux machine without the need to reboot (unless you update your kernel)
To get infected by something in Linux you would have to manually download and execute something manually, there's no mail program that's like older Outlook/Express versions that automatically execute attachments or browsers like IE with its flawed zones security model and ActiveX.
This is not entirely true, because vulnerable image formats may contain shellcode that do something to your box. The best way to be secure is not to use the root account for browsing the web and/or play multimedia... Not even uncompressing archives from a known source, if you're paranoid and the machine is a sensitive server. And of course, you must update your browser and the vulnerable libraries from time to time, but it is not as critical as it is currently on Windows
This is not entirely true, because vulnerable image formats may contain shellcode that do something to your box
All of which will currently be patched on up to date Linux installs. But my point was that on a properly setup up-to-date Linux box, there is no reason that viruses will 'just execute', you would have to manually intervene to make them do this. You can think up any number of potential vulnerabilities that may be discovered in future, eg 'what if the kernel has a bug that allows remote execution of code.. etc etc.' but this is a seperate issue to wether you should have AV software to protect against the execution of viruses. If a serve remote-execution flaw is found in the OS then its extremely unlikely that AV software would be able to protect you, so its a seperate issue.
I am not willing to say that "Linux cannot get viruses," because that statement really is not true. Any operating-system can be penetrated, particularly if the user can obtain surreptitious access to a shell-prompt or its equivalent. Exploits, including very serious ones, do exist for Linux.
The Windows OS is complicated ... unnecessarily so, in many cases ... and it is often difficult to know what is or is not enabled. But the overwhelming principal cause of the reasons for its growing reputation of insecurity is, simply, the fact that it has become popular. The rest is simple probability. The odds that "of a sample of X IP-addresses, Y vulnerable systems will be found" are exploitably-large.
The flaw is not so much "the system," but how that system is deployed and used. The simple fact that Linux users probably aren'troot ... is an unexpectedly large factor in reducing that probability. This, by itself, is enough to produce the popular notion that "Windows is vulnerable and Linux is not." Linux users should alsobe vigilant.
Last edited by sundialsvcs; 07-25-2005 at 07:50 PM.
Originally posted by sundialsvcs
But the overwhelming principal cause of the reasons for its growing reputation of insecurity is, simply, the fact that it has become popular. The rest is simple probability. The odds that "of a sample of X IP-addresses, Y vulnerable systems will be found" are exploitably-large.
You're mixing things. Popularity doesn't mean vulnerability (this only happens to Hollywood stars) because one thing is the number of machines infected per OS, and another is (in)secure design.
The number of infected Windows machines is greater because there are more Windows boxes out there, this is clear. But you can't mix this with the design approach used by each OS...
The odds of finding exploitable vulnerabilities in Windows is higher too, and it is not because of its popularity... it's because of its bad design...
Unix is a developer-oriented OS. All programmers may find things that may be improved. On Windows, you will only find bugs
The flaw is not so much "the system," but how that system is deployed and used. The simple fact that Linux users probably aren'troot ... is an unexpectedly large factor in reducing that probability. This, by itself, is enough to produce the popular notion that "Windows is vulnerable and Linux is not." Linux users should alsobe vigilant. [/B]
Mmmm. Not true. Many Unix and Windows servers run with root privileges. Is there something like chroot(2) in Windows?
The problem here is that computer users don't really want to be vigilant. Most computer users have two modes--complacent and paranoid.
Come to think of it, that mindset goes beyond computing; just look at America and terrorist attacks. Pre-9/11: complacent. Post-9/11: paranoid.
Do you need to worry that every little thing you do in Linux could possibly let in a virus? Is your computer likely to be infected by a virus in Linux without anti-virus software (is there anti-virus Linux software?)? Probably not. Does that mean you can do whatever the hell you want in Linux and not have to worry about security? No.
Nothing's ever 100% fullproof. I was reading in Newsweek a little while back an article about identity theft. Some of the people they profiled as victims did everything they were "supposed" to do. They checked their credit reports regularly. They never gave out unnecessary information. They shredded documents. Still, they got their identities stolen.
So, you can't ever be invulnerable against malware or security breaches, no matter what your operating system, but you also should realize that sometimes you're safer than other times.
When I used to live in the suburbs as a kid, I knew scary things could happen. I could be kidnapped. My parents' house could burn down. None of these things happened, but I didn't harbor illusions that we were invincible. Now that I live in the city, I've had my car broken into three times in three years. Was I safer in the suburbs? Yes. Was I invincible in the suburbs? No.
Same with Linux. Will anything bad happen to your computer if you run Linux as user, not root? Probably not. But you can never be sure. It's still better than running Windows as administrator, though.