Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was just wondering how if there was a way to make sure that the software that I am using does not contact a server without me knowing (eg. isn't spyware). I'm referring mostly to applications in which you are not given the source code (ex. Realplayer). I heard somewhere that you can set up an out-going file that monitors this (I read this on comp.os.linux.advocacy) but there were no details and the author could not be contacted. Thanks for your time...
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802
Rep:
How about not using RealPlayer or any other program where the source is not provided???
There are alternatives to most of that stuff.
Besides, monitoring of hacking and spyware is mostly a function of setting up the proper security protocols, and monitoring log files to search for suspicious activity. I personally don't bother. My machine is a home machine that isn't too susceptible to outside attack. It's not like Linux is Windoze or anything!!!
If you have just a user access on a system ( ie no root access) and say a spyware is installed by the admin then there is nothing much you can do but shout. For instance on a office desktop a spyware may be installed depending on a company's policy.
On a system where you have root access and you have installed it and maintain it, even if a sypware is installed you take a shot at detecting it and removing it.
There can be 2 kinds of sypywares:
1. one that sends information from your system to a remote one. This will have to open a socket connection to a remote system. Ypu can do the following things to detect/protect yourself -
a. install firewall with careful rules
b. you can use netstat -a to find out if any unexpected socket is open
If you see you have a suspicious socket open or suspicious traffic going out then you can choose to sniff the packets using ethereal and see what is going on. If you think thatit is a spyware then remove that application from your system.
2. one that keeps logs("hidden") on the host system itself, so that activity on the system can be latter inspected. Linux apps have all sorts of logs, but if it a spyware then it'll put the logs in some non standard place. This kind of spyware can be difficult to detect if cleaverly written. The spyware may not be even keeping the logs locally but say on a nfs mounted storage. The only foolproof way of detecting this is using "top" watch out for any suspicious( some program that you do not know of) program that is running.
Lets hear what other people have to say on this issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
