Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got good news and bad news for those of the misguided perception that Linux is somehow impervious to attack or compromise. The bad news is that it turns out a vast collection of Linux systems may, in fact, be pwned. The good news, at least for IT administrators and organizations that rely on Linux as a server or desktop operating system, is that the Trojan is in a download that should have no bearing on Linux in a business setting.
Unreal IRC is an Internet relay chat platform. I don't have any numbers on the total downloads since November of 2009, but it seems safe to assume there are a lot of Linux systems out there compromised by a backdoor Trojan.
Basically, because of the false sense of security provided by Linux it simply never occurred to anyone to check if the software might be compromised. Combining that false sense of security with the security by obscurity factor that Linux makes up less than two percent of the overall OS market and isn't a target worth pursuing for attackers, means that many Linux owners have zero defenses in place.
To be fair, Linux experts are aware that the operating system is not bulletproof. You can pick any flavor of Linux, and its accompanying tools and applications and find hundreds of vulnerabilities. The difference--according to the many lectures I have received in the comments of articles I have written on Windows security--is that the way the Linux OS is written makes it harder to exploit a vulnerability, and that because its open source vulnerabilities are fixed in hours rather than months.
The lesson for IT Admins managing Linux is to be more vigilant. Linux is not impervious to attack. Hopefully the Linux systems in a business environment aren't running Unreal, but it's quite possible that Unreal is not the only compromised software available.
Linux does not have the vast array of threats facing it that Windows systems do, but there are still threats. Even if those threats aren't exploited through a quickly-spreading worm, they are still there and represent a potential Achilles heel in your network security if not monitored and protected.
Don't make the mistake of simply assuming Linux systems are safe because they're Linux systems. Implement similar security controls and policies for Linux as you have in place for Windows systems and you can prevent being pwned by a backdoor Trojan for months without even knowing about it.
There is nothing ANY operating system can do to prevent the installation of software by the user. The supposed "false sense of security provided by Linux" has no bearing on this case, and in any event, there was absolutely nothing that a user or even an experienced admin could have done to avoid this issue.
Other than reading the source, there was no way of knowing that this software had been compromised, unless the backdoor was actually in use and you picked up the activity in network logs, or noticed things changing on your machine.
The software provided by the official vendor was compromised on their download server. The vendor did not provide any way of checking the veracity of that software.
So how is the user supposed to defend against that ?
Here's a tip. Disconnect your pc from the network and never download or install anything. That way you are guaranteed to be safe from malware.
Unless the malware is part of the install of course.
There is nothing ANY operating system can do to prevent the installation of software by the user... So how is the user supposed to defend against that ?
Install and actually USE a good AntiVirus. There are quite a few antivirus programs for Linux that will detect installed malware and offer to quarintine or delete it when you run the scanner.
That's what the article is about... Never assume you're safe just because you use Linux.
Cheers
Last edited by DragonSlayer48DX; 06-17-2010 at 04:47 PM.
Again, I would like to apologize about this security breach.
We simply did not notice, but should have.
We did not check the files on all mirrors regularly, but should have.
We did not sign releases through PGP/GPG, but should have done so.
I rarely use a virus scanner, and I will continue to rarely use it. Instead I will check packages using gpg, or md5sum if gpg is not available.
Yes, but did you know that GNOME scanned all the files using clamav, and clamav missed the trojan. Or maybe that was the FF trojan ? I don't remember.
Actually, IIRC, it was both: The Gnome Project and Mozilla relied solely on ClamAV until it missed the trojans they were distributing. (I'd forgotten about the one from Mozilla. I believe it was in a third-party FF extension that they were hosting.)
Sadly, ClamAV has been getting a bad rep, of late. My personal favorite is AVGFree. I've used it for years with Windows, and now I also use the Linux version. While it's not Open Source, it consistently receives better marks than many commercial models during the Internet Storm Center's periodic malware detection tests.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.