Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You don't have to believe me... But I'm not the one with a vested interest in your money.
And please remember we're strictly talking Desktops.
The point Happydog500 made IS valid. How do you know that you have had no malware issue on your desktop machine? If the only reason is that you have not NOTICED one, and you have no software DETECTING malware, you only mean that you did not NOTICE. It is very possible that you have never had a problem, but you have no PROOF.
Personally, I suspect that you have had no malware problem. Without running something that can TELL us, we cannot be 100% sure.
That question avoids this issue: have you no friends that run Microsoft Operating Systems? IF you have even one friend that you communicate with running something as vulnerable as MS Windows, you run malware detection to protect THEM at least as much as to protect yourself. That also is valid.
Log into Klamav update then click on scan click on home. Then scan if you have never done this you will never know if you have a virus. You could also use Clamtk.
The point Happydog500 made IS valid. How do you know that you have had no malware issue on your desktop machine? If the only reason is that you have not NOTICED one, and you have no software DETECTING malware, you only mean that you did not NOTICE. It is very possible that you have never had a problem, but you have no PROOF.
Personally, I suspect that you have had no malware problem. Without running something that can TELL us, we cannot be 100% sure.
That question avoids this issue: have you no friends that run Microsoft Operating Systems? IF you have even one friend that you communicate with running something as vulnerable as MS Windows, you run malware detection to protect THEM at least as much as to protect yourself. That also is valid.
Schroedinger's virus?? Hahaha!!
Well I say that the proof is in the pudding. The simple fact is that nothing has taken any of my desktops down in more than 17 years of use.
And that's really the point: There are still no viruses in the wild which can really target Linux desktops. I'd be happy to be corrected on that point, but with one caveat: any link you provide must not be sponsored by an AV company in any way.
Also: My outgoing emails are plain text, never html.
The fallacy of malware is to use any sort of "biological metaphor," such as "virus" or "immune" or "infect." All of these terms imply what is simply not true: that your computer can "catch" a malicious program. It cannot.
As a biological creature, you can, indeed, "catch" a variety of diseases, just by wandering into the wrong elevator at the wrong time ... unless your "ever-pro-active" immune system pro-actively protects you. But this analogy doesnot in any way apply to digital equipment.
Windows machines are often plagued by malware because, by default, users run as Administrators. There isn't even a password-challenge when a program attempts to use elevated privileges. Worse yet, Windows still(!) ships with a "Home Edition" that omits (or suitably buries ...) the fundamental administrative tools that one needs to properly secure a Windows machine. Microsoft Corporation has very-obviously had a long, cozy relationship with McAfee and other security-snake-oil vendors.
The fundamental solution to malware is to use "the principle of least privilege." Disable any and all "guest" accounts. Your everyday Windows user-id should be a "Limited User." Your Linux/Unix user should not be a member of the wheel group. Wear your "Clark Kent" outfit 99.9% of the time and don your "Superman" suit only when you actually need to fly. Make sure that all setuid programs owned by root are read-only to everyone but root. And, so on.
Your computer system is ... a machine. Nothing more, and nothing less.
Last edited by sundialsvcs; 10-03-2016 at 08:40 PM.
I discontinued Malwarebites and it trashed the machine. I discontinued Kaspersky and my program was trashed.Windows certified spam companies put trash with downloads that are very difficult to remove. I have a self booting linux program that will wipe the harddrive.
Well I say that the proof is in the pudding. The simple fact is that nothing has taken any of my desktops down in more than 17 years of use.
Ahh, but DDOS malware does not do ANYTHING to your desktop. IT only steals a little CPU and network bandwidth to help shut down someone ELSES site. And, you have no idea (or do not care) if your machine has been so used!
If you compare the number of active viruses targeting Linux as opposed to those targeting MS systems, that scale is heavily weighted, I agree. But to say that
Quote:
There are still no viruses in the wild which can really target Linux desktops.
is interesting. Clearly it may be true, but irrelevant. Almost NOTHING targets a desktop, except as a vulnerability vector target the security of the underlying OS. There ARE malware families specifically targeting Linux.
I have had to recover, rebuild, or replace client Linux WEB servers that were broken into and 'owned' (installation of at least six rootkits, a few back doors, and one DDOS agent THAT I COULD IDENTIFY, who knows what else. I advised against even trying to find out (and to stop changing the secure passwords to short, variations of the company name) and just scrapping the infected machines (quickly) and starting over clean and secure. The simplest ID software, clamav, and rootkithunter, and reaction script package would have trapped out the activity and prevented the damage, and saved a LOT of downtime. (And, I would have made less money. I will gladly take that hit to prevent the client downtime.)
There was nothing specific to that server that made it more vulnerable than your desktop except the owner. He made one bad choice for convenience, and had decided against any additional protection. He learned the hard way, but he is a smart guy that will never make the same mistake twice. Those of who have not learned, have just been lucky.
Nothing wrong with luck, but I will add a little insurance, thank you. Not only insurance to protect MY machines, data, and time, but to prevent MY unwilling participation in DDOS attacks on my community.
I discontinued Malwarebites and it trashed the machine. I discontinued Kaspersky and my program was trashed.Windows certified spam companies put trash with downloads that are very difficult to remove. I have a self booting linux program that will wipe the harddrive.
I seriously doubt if that is really what happened. I have used both of these programs without issues. (Though, I will admit that it can be challenging the remove all of the Kaspersky traces from a Windows system. They really do infiltrate a lot, and a normal uninstall does not get all of it.) I have never had either program do harm to either Windows or Linux unless there was a malware agent infecting system files.
I like your "burn the bridges" approach to cleaning, and use something not terribly different myself. I use malwarebytes to recover to protect data, but a total and clean reload is the surest virus removal project.
Almost NOTHING targets a desktop, except as a vulnerability vector target the security of the underlying OS.
Remember Blaster, Welchia, Sasser, etc? They specifically targeted Windows desktops. The original edition of Windows XP could not stay connected to the internet for more than a few minutes without being infected. You must be too young to remember that, because it was almost 15 years ago.
Quote:
Originally Posted by wpeckham
There ARE malware families specifically targeting Linux.
More specifically, services which run on Linux.
Quote:
Originally Posted by wpeckham
I have had to recover, rebuild, or replace client Linux WEB servers
I'm going to stop you right there and remind you that I'm not talking about servers. This is about desktops, as mentioned in the thread title.
Who runs a web server on their desktop? That's asking for trouble.
Quote:
Originally Posted by wpeckham
There was nothing specific to that server that made it more vulnerable than your desktop except the owner.
... And the fact that he was running an INTERNET-FACING SERVICE with port 80 (and possibly others) wide open.
That is simply not necessary on a desktop.
There are a stack of other services which are not necessary on desktops either. If you disable the ones you don't need to run (and on a desktop there are very few which you actually do), then the chance of an attack can become low to none.
Quote:
Originally Posted by wpeckham
Nothing wrong with luck, but I will add a little insurance, thank you.
Remember Blaster, Welchia, Sasser, etc? They specifically targeted Windows desktops. The original edition of Windows XP could not stay connected to the internet for more than a few minutes without being infected. You must be too young to remember that, because it was almost 15 years ago.
Well actually, in Windows there is not difference between the desktop and the OS, so I am not sure your point is valid, but you are correct to a point. And I remember when boot sector floppy viruses were the only ones we had to deal with (there WAS no 'internet' yet), and our 'desktops' were text based. (CP/M and CP/M-86, IBM-DOS 1.0) None of which applies strongly to the threats faced today, which are orders of magnitude more sophisticated.
I take your other points, though I do not believe that they actually refute any of mine. I did not go into what SPECIFIC steps I take as 'insurance' on my networks and systems, and will not now. I will only add that any single factor approach is probably not enough to be completely effective. CLAMAV is one single factor which MAY help avoid malware issues. If you do not accept that, go your own way and do your own thing. No one is coercing you to agree.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.