LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-11-2013, 07:23 PM   #31
freebsd_Rules_All_OSes
LQ Newbie
 
Registered: Mar 2013
Posts: 19

Rep: Reputation: Disabled

Quote:
Originally Posted by Nbiser View Post
Since linux isn't used by many people the makers of viruses concentrate on windows; after all, 95% of PC users use windows.
Well, if this is a matter of percentages. The chances of my freebsd getting a computer virus is almost null since there are more linux users than BSD users.

Don't know the statistics of freebsd servers catching viruses since I use freebsd as a desktop.

Last edited by freebsd_Rules_All_OSes; 03-11-2013 at 07:40 PM.
 
Old 03-12-2013, 07:36 AM   #32
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
Quote:
Originally Posted by TobiSGD View Post

Do you assume that there are no vulnerabilities in Linux that can be caused by simple file types? No OS is 100% secure, neither Windows nor Linux nor any other OS.
Do you assume a vulnerability in third party applications is a vulnerability of the OS?

Simple file types cause kernel vulnerabilities in NT because of the way MS embedded XML/HTML/whatever into the kernel functions. Linux doesn't do that (well, not yet at least). The kernel is totally separated from userspace. Such font handling is part of X, but it is NOT part of kernel processing.

And that is why one of the more recent patches to NT had to apply to the entire line of NT...

The original DESIGN of NT wasn't too bad - VMS was a decent model to start with, as was the microkernel additions. Unfortunately, it wasn't followed, with more and more crap pushed into the kernel bypassing the security design. A microkernel design even prevents drivers from crashing the system... Not true with NT, so that part of the design was discarded.

VMS design separated kernel operation from privileged user services (the system calls), preventing user services from crashing the kernel... Not true with NT, so that part of the design was also discarded.

Linux doesn't interpret fonts. Loads them into the GPU, yes. But the kernel doesn't process fonts. Thus simple string handling by the kernel can't cause kernel crashes. The only strings handled by the kernel anyway are from "printk" (or the kernel boot parameters), not from user space. The other string handling is in the various virtual filesystems - but again, no font handling.

Privilege escalation errors - yes, those can exist. Most of the ones I've seen are actually bugs in user space applications granted special privilege (even sudo has problems - it can't vet the applications/commands it executes, that is up to the administrator). I've seen many such errors (and even written a few) in parameter handling that permits such escalation.
 
Old 03-12-2013, 09:47 AM   #33
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853
Quote:
Originally Posted by jpollard View Post
Do you assume a vulnerability in third party applications is a vulnerability of the OS?
Yes, because in Linux anything that isn't the kernel is a third party application. The OS can only be as secure as its weakest link and it doesn't matter at all by whom that link is developed.
 
Old 03-12-2013, 10:33 AM   #34
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
Quote:
Originally Posted by TobiSGD View Post
Yes, because in Linux anything that isn't the kernel is a third party application. The OS can only be as secure as its weakest link and it doesn't matter at all by whom that link is developed.
Ok.

In that case, windows is the most vulnerable, as it claims to have more applications than Linux, and since it doesn't matter where the applications come from, that includes the operating environment of windows itself.

But the Linux OS permits each application to potentially be compartmented away from the system, which is why apache on fedora can do so little damage. It can't even execute anything or access anything unless what it is accessing has the proper security labels.

Can apache itself be penetrated via bugs - yes. But it doesn't damage the system. The same applies to databases.

Windows? not so much. Limited sandboxing, but the implementation is very high level, and has been broken out of before. I'm not even sure the sandboxing even includes the kernel.

One of the interesting things with linux is the "no root account" configuration. Very difficult to deal with still, but as a research project it works better than expected. Privilege escalation attacks are very difficult to implement, but isn't used much because administration is still difficult.
 
Old 03-12-2013, 11:29 AM   #35
mddnix
Member
 
Registered: Mar 2013
Distribution: Redhat, Ubuntu
Posts: 525

Rep: Reputation: 141Reputation: 141
No Execute by default: By default if you download any file, it doesn’t have the execute permission, making your system more secure. The app cannot execute unless you go and change the permissions.

No write access to applications: By default users cannot install applications unless they change their permission or login as a supervisor. This ensures that any virus or malicious code cannot go and write to your application folder.

Many Windows "features" require execute and other priviledges on the machine. This means that, by default, Windows security is set up to be looser. These priviledges can be taken advantage of by people with malicious intentions against users that have not made adequate security adjustements on their machines.

Most "hackers" want to get the most bang for their effort. Since Windows is used on far more computers than Linux, they focus their efforts on creating hacks or viruses that effect Windows systems.
 
Old 03-12-2013, 12:23 PM   #36
manu-tm
Member
 
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343

Rep: Reputation: 43
Quote:
Originally Posted by PTrenholme View Post
Microsoft products were developed from DOS, an OS designed to be used by a single user on a system with no network connectivity. So "security" was not a consideration in that base OS, and, as the hardware and networking became available, Microsoft worked harder to maintain "backward compatibility" then they did to improve security. (That was actually a very good strategy for MS to follow at that time.)

Linux, on the other hand, was developed from the way the UNIX system was designed. UNIX was a "reduced functionality" system based on the MIT Multics operating system. Multics was designed "from the ground up" as a multi-user system, with security "built in." Basically, to use the newer MS terminology, "root" was the only "Administrator" who could make changes to the system as a whole, with a whole lot of other "users" with more restricted access for specific tasks.

Thus Linux/GNU distributions (and others like BSD, etc.) were designed with some security considerations in mind.

By the way, Apple's OS is based, IIRC, on BSD, and that may have as much to do with the "99.44% of viruses target MS systems" assertion, above as the proliferation of MS systems. (That "proliferation" is, of course, why the decision to maintain "backward compatibility" I mentioned, above, was a "good thing" - at the time - for MS.)
Totally agree, Windows was and still is unsecure by design. And the file permissions sytem that was implemented as an afterthought was/still is a holy mess. You can be logged in as 'Administrator' and still be denied doing certain things, whereas you can very easily mess things up when logged in as a non-privileged user. Sorry but Windows security is a joke.

Last edited by manu-tm; 03-12-2013 at 12:38 PM.
 
Old 03-12-2013, 02:12 PM   #37
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853
Quote:
Originally Posted by jpollard View Post
Ok.

In that case, windows is the most vulnerable, as it claims to have more applications than Linux, and since it doesn't matter where the applications come from, that includes the operating environment of windows itself.

But the Linux OS permits each application to potentially be compartmented away from the system, which is why apache on fedora can do so little damage. It can't even execute anything or access anything unless what it is accessing has the proper security labels.

Can apache itself be penetrated via bugs - yes. But it doesn't damage the system. The same applies to databases.

Windows? not so much. Limited sandboxing, but the implementation is very high level, and has been broken out of before. I'm not even sure the sandboxing even includes the kernel.

One of the interesting things with linux is the "no root account" configuration. Very difficult to deal with still, but as a research project it works better than expected. Privilege escalation attacks are very difficult to implement, but isn't used much because administration is still difficult.
Running an application with security flaws is a risk on any system, that is all what I wanted to point out, together with saying to people that Linux is not somehow magically more secure as Windows, it depends on the way the system is set up and how it is used. Often quoted, but still not known to many users: "Security is a process, not a product."

Quote:
Originally Posted by mddesai
No write access to applications: By default users cannot install applications unless they change their permission or login as a supervisor. This ensures that any virus or malicious code cannot go and write to your application folder.
My Windows 7 (and Vista before) system does the same, if i want to change something in a system folder it asks me for the permission to do that, somewhat similar to using sudo on Linux machines. Please don't compare Linux with Windows versions from 2001, this is just unfair.

Quote:
These priviledges can be taken advantage of by people with malicious intentions against users that have not made adequate security adjustements on their machines.
And here you get to the main issue. The weakest link in this case is neither the OS nor the application, it is the user. You can't fix that with giving a different OS to that user, you have to teach how security works to fix that.

Quote:
Originally Posted by manu-tm
And the file permissions sytem that was implemented as an afterthought was/still is a holy mess.
File permissions are an integral part of any multi-user OS and therefore integrated into the NT family from the beginning.
Quote:
You can be logged in as 'Administrator' and still be denied doing certain things,
That is right, the Administrator role is different from the root-user in Linux. While in Linux the root user is that one with ultimate rights on the system in Windows the Administrator is the one that can get ultimate rights to the system. How that is a design flaw is beyond my understanding, may be you could elaborate that a little bit.
Quote:
whereas you can very easily mess things up when logged in as a non-privileged user.
I would like to see an example for this, would be nice if you can come up with one.
 
Old 03-12-2013, 02:34 PM   #38
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
Quote:
Originally Posted by TobiSGD View Post
File permissions are an integral part of any multi-user OS and therefore integrated into the NT family from the beginning.
File permissions are part of the filesystem design and supported by the kernel. Unfortunately, NT still doesn't do this for all filesystems. The assumption that every file is executable is a major failure, and still hasn't been fixed. This problem STILL shows up with the fat/vfat filesystems, and there has been no workaround yet. Linux works around it by setting specific modes (and owner/group) - and as long as the administrator doesn't fight them, files on fat/vfat/ntfs are not executable.
Quote:
That is right, the Administrator role is different from the root-user in Linux. While in Linux the root user is that one with ultimate rights on the system in Windows the Administrator is the one that can get ultimate rights to the system. How that is a design flaw is beyond my understanding, may be you could elaborate that a little bit.
Personally, I didn't think there WAS any difference between Windows Administrator and root, other than the name. I thought an user designated as Administrator was directly equivalent to root, and due to that, it makes it hard to identify the ownership identity of a file.
Quote:
I would like to see an example for this, would be nice if you can come up with one.
I would like clarification on this one myself.
 
Old 03-12-2013, 03:42 PM   #39
manu-tm
Member
 
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343

Rep: Reputation: 43
I have a Windows XP partition (on a dual-boot machine) that I use mainly when I need to compile (with MinGW) a new version of a win32 port of a Linux app.

About the Admin user account, I've noticed that, when browsing the file system, I sometimes get a 'Your security settings don't allow you to do that' message when attempting to open some folders. As I'm already logged in as admin, what am I suppose to do?

About the unprivileged user account, I have no example at the moment, so I admit my statement is a bit gratuitous so far. All I can say is that I can remember how, years ago, I have broken my Windows system several times (logged in without privileges.) But I'll try to elaborate more on that if I can find something precise.
 
Old 03-12-2013, 05:22 PM   #40
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by manu-tm View Post
I have a Windows XP partition (on a dual-boot machine) that I use mainly when I need to compile (with MinGW) a new version of a win32 port of a Linux app.

About the Admin user account, I've noticed that, when browsing the file system, I sometimes get a 'Your security settings don't allow you to do that' message when attempting to open some folders. As I'm already logged in as admin, what am I suppose to do?

About the unprivileged user account, I have no example at the moment, so I admit my statement is a bit gratuitous so far. All I can say is that I can remember how, years ago, I have broken my Windows system several times (logged in without privileges.) But I'll try to elaborate more on that if I can find something precise.
Are you talking about linux or windows? If you're talking about windows there should be a little button somewhere that you should be able to click to view the files anyhow despite the block, its happened to me before and I've cliked a button to get around it. Of course, you can always revert to the Windows Command line...yuck!! (I think that that the Linux command line is much easier!)

Last edited by Nbiser; 03-12-2013 at 05:26 PM. Reason: typo
 
Old 03-12-2013, 05:36 PM   #41
manu-tm
Member
 
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343

Rep: Reputation: 43
I'm talking about Windows (xp). And there was no unblock button. I see this as either a bug (that has never been fixed) or an inconsistency.
 
Old 03-12-2013, 05:43 PM   #42
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by manu-tm View Post
I'm talking about Windows (xp). And there was no unblock button. I see this as either a bug (that has never been fixed) or an inconsistency.
Hmmm....... You might need to post this in a different forum (say a general computer tech forum) or maybe on a microsoft forum to get the help you need. I don't really use windows too much anymore, except for some word proccessing and note taking. Here are some that might help: http://www.computerforums.org and http://www.computerforum.com/
 
Old 03-12-2013, 05:49 PM   #43
manu-tm
Member
 
Registered: May 2008
Location: France
Distribution: Ubuntu, Debian
Posts: 343

Rep: Reputation: 43
Quote:
Originally Posted by Nbiser View Post
Hmmm....... You might need to post this in a different forum (say a general computer tech forum) or maybe on a microsoft forum to get the help you need. I don't really use windows too much anymore, except for some word proccessing and note taking. Here are some that might help: http://www.computerforums.org and http://www.computerforum.com/
Thanks but I'm not really looking for help about how to fix that . I was just trying to elaborate on how file permissions system on Windows is messy/inconsistent (IMHO and as opposed to Linux file permissions).

Last edited by manu-tm; 03-12-2013 at 05:53 PM.
 
Old 03-12-2013, 05:55 PM   #44
Nbiser
Member
 
Registered: Oct 2012
Location: Maryland
Distribution: Fedora, Slackware, Debian, Ubuntu, Knoppix, Helix,
Posts: 302
Blog Entries: 7

Rep: Reputation: 44
Quote:
Originally Posted by manu-tm View Post
Thanks but I'm not really looking for help about how to fix that . I was just trying to elaborate about how file permissions system on Windows is messy/inconsistent (IMHO).
Ahhhh......now I see!! I was wondering why you mentionioned it here.
 
Old 03-12-2013, 06:06 PM   #45
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853Reputation: 4853
Quote:
Originally Posted by manu-tm View Post
About the Admin user account, I've noticed that, when browsing the file system, I sometimes get a 'Your security settings don't allow you to do that' message when attempting to open some folders. As I'm already logged in as admin, what am I suppose to do?
As I stated before, on Windows being in the Administrator role does not mean that you have all rights, but that you can get all rights. Just open the settings dialog and give yourself the rights to access those folders. Note that you have a GUI dialog for that only on XP Professional, the Home version lacks that dialog.
This is not inconsistent with the Administrator role at all, it just isn't the same as being the root user in Linux.

But anyways, this is a Windows version from 2001, it would be fair if you would use a recent version for comparison, those got major changes when it comes to security.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Anti-spam anti-virus dovecot + postfix mail system xuta Linux - Server 7 06-08-2012 06:31 PM
dual boot without anti-virus, virus now in linux gardner Linux - Security 7 03-09-2009 02:01 PM
Anti Virus/ Anti Spam for Linux? Sp@rticus Linux - Software 3 11-18-2005 03:17 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
Creating an ultimate anti-virus and anti-spam email gateway markcc Linux - Networking 2 10-08-2003 04:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration