LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-21-2007, 05:12 AM   #46
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31

Quote:
Originally Posted by slimm609 View Post
I do not know any windows users that say that linux is not secure. most windows users i know don't even know what linux is. i know people that say linux sucks but 90% of them have never used linux and once they do they change there mind. windows just sees stuff that linux or bsd does and tries to copy it but they always do a shit jobs of it.
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).

A good practice can protect Linux System very well, but there is quite many way to compromise Linux OSes as well. It may not the fault of Linux but it nobody know. In Ms. Windows there is so many existing 'all in 1' tools to secure, monitor the entire OSes, in Linux there is some tools but decentralize and hard to use. The worst thing is, a lot of people don't know it, included myself.

*please don't think I'm putting fire, 99.9% of my time in Linux desktop environment and I found that it's hard for me to maintain the good practices. Unless I want to sacrify my time to build many thing from the source.

At the end, Windows sucks, Linux sucks too, probably apple become better choice.


*Suddent I have some ideal, If there is some plugin for package manager or source code analysis tools to help us analyse the source code (whether got any poison code or virus component) or some rpm/deb packages before we install it that will be very good for Linux administrators.

Whats your opinion everybody?

Regards,
Ks
 
Old 09-21-2007, 07:39 AM   #47
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
Quote:
Originally Posted by kstan View Post
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).

A good practice can protect Linux System very well, but there is quite many way to compromise Linux OSes as well. It may not the fault of Linux but it nobody know. In Ms. Windows there is so many existing 'all in 1' tools to secure, monitor the entire OSes, in Linux there is some tools but decentralize and hard to use. The worst thing is, a lot of people don't know it, included myself.

*please don't think I'm putting fire, 99.9% of my time in Linux desktop environment and I found that it's hard for me to maintain the good practices. Unless I want to sacrify my time to build many thing from the source.

At the end, Windows sucks, Linux sucks too, probably apple become better choice.


*Suddent I have some ideal, If there is some plugin for package manager or source code analysis tools to help us analyse the source code (whether got any poison code or virus component) or some rpm/deb packages before we install it that will be very good for Linux administrators.

Whats your opinion everybody?

Regards,
Ks
Linux is one of the most secure by default. If you use fedora or suse then you should be pretty good to go.

Windows is no where near secure. Vista is supposed to be "More Secure" but it still is not. Same with mac. Here is an article some may have missed about mac. http://www.zdnet.com.au/news/securit...9241748,00.htm
Linux is not the most secure thing on the planet but it is secure when compared to windows or OSX.
 
Old 09-21-2007, 09:51 AM   #48
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
FWIW, I hear a lot of Windows users all the time saying how Linux sucks. But honestly, I don't recall any of them ever using security as a reason for the suckage. Usually it's more multimedia pointy-clicky reasons, many of which I agree with sometimes as far as the desktop is concerned. But...
Quote:
Originally Posted by kstan View Post
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).
The problem I see with this logic is that "a newbie who want to install many thing without sufficient security knowledge or concern" would be just as bad (or worse) of a security problem on Windows. But you only raise the concern for Linux, which in my book means you are using a double standard.
 
Old 09-21-2007, 07:52 PM   #49
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 58
Quote:
Originally Posted by kstan View Post
I'll say Linux is not secure enough for Desktop users (I mean, a newbie who want to install many thing without sufficient security knowledge or concern).

A good practice can protect Linux System very well, but there is quite many way to compromise Linux OSes as well. It may not the fault of Linux but it nobody know. In Ms. Windows there is so many existing 'all in 1' tools to secure, monitor the entire OSes, in Linux there is some tools but decentralize and hard to use. The worst thing is, a lot of people don't know it, included myself.

*please don't think I'm putting fire, 99.9% of my time in Linux desktop environment and I found that it's hard for me to maintain the good practices. Unless I want to sacrify my time to build many thing from the source.

At the end, Windows sucks, Linux sucks too, probably apple become better choice.


*Suddent I have some ideal, If there is some plugin for package manager or source code analysis tools to help us analyse the source code (whether got any poison code or virus component) or some rpm/deb packages before we install it that will be very good for Linux administrators.

Whats your opinion everybody?

Regards,
Ks
why would apple become the better choice?, if you haven't been paying attention to the news, there was actually a 0SX worm, I belive, and OSX is based on unix as well, so if anything its just as secure as linux or less, its alot harder to make an exploit in something thats open-source then closed-source software because people are constantly reviewing the code and so the holes are fixed alot sooner then closed source products so that means OSX is probably less secure then Linux
 
Old 09-21-2007, 09:44 PM   #50
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
Quote:
Originally Posted by AceofSpades19 View Post
why would apple become the better choice?, if you haven't been paying attention to the news, there was actually a 0SX worm, I belive, and OSX is based on unix as well, so if anything its just as secure as linux or less, its alot harder to make an exploit in something thats open-source then closed-source software because people are constantly reviewing the code and so the holes are fixed alot sooner then closed source products so that means OSX is probably less secure then Linux
I mean, I always stay at Linux environment, so I found I got a lot of constraint make me hard to maintain the good security practices. The reason is sometimes I need to use some softwares from several party. Why this happend I guess everybody already know. Once we install particular softwares it can compromise the Desktop and no any software in Linux can detect it.

I Microsoft Windows or Apple, a complete suite of softwares is ready to use, they are stable and people pay for it's high quality product(In Linux we need to dig arround in internet and probably we can find any suitable software). Except commercial supported product, we can have pretty simple GUI security suit which able to help us detect abnormal inside the computer (I mean Windows+personal computer security suit). The wonderful thing is administrator can deploy same setting to entire network easily, either enforce Kerberos, IpSec, ticket and etc.

Finally, I know Linux is good in some sense, but the security features is not sufficient yet. I work in a manufacturing company and I responsible for entire company, from security, productivity and etc. For myself Linux is good enough for most of the thing, just no softwares for me to enforce and make sure security is proper implemented at every client pc. Centralize management is current trend. Lets imagine in Desktop market share Windows and Linux share is 50% x 50%, the kind of viruses for Linux will suddenly increase dramatically, then you will find that Linux got more thing to improve in security portion.

Regards,
Ks
 
Old 09-21-2007, 10:01 PM   #51
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 58
You should only install software from trusted sources anyways, and if you install stuff in windows or mac the desktop would be compromised as well so your point is? and you can get avast and avg for linux so I have no idea what you are trying to say

Last edited by AceofSpades19; 09-21-2007 at 10:06 PM.
 
Old 09-21-2007, 11:33 PM   #52
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
again, i mean desktop environment. it involve a lot of thing to concern, user friendly, less headache, easy installation and etc. Ip tables, clamav, phishing and etc bring a lot of trouble for user who don't know it. If you familiar it then you will think find. but fot those not familiar with security, they will have trouble. avg scan virus, but its no a full suit of security toolkit to secure the desktop environment.
 
Old 09-21-2007, 11:38 PM   #53
AceofSpades19
Senior Member
 
Registered: Feb 2007
Location: Chilliwack,BC.Canada
Distribution: Slackware64 -current
Posts: 2,079

Rep: Reputation: 58
all moderen browsers have anti-phishing built into them. I don't see how having an anti-virus can secure a machine when the person in control doesn't have common sense because if they don't have common sense not to just go and download anything and install then they will break their system many other ways alot faster then getting a virus
 
Old 09-22-2007, 03:47 AM   #54
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Reading this thread I would like to make a few remarks for Kstan's benefit.

First of all the emphasis on viruses is typically the mindset of Windows users, and using "popularity" as a starting point for a discussion with respect to GNU/Linux doesn't work, because due to the OS architecture being different, the threat set for Unices is different: piggybacking malware, rootkits, exploits and whatever else due to not hardening the system, lack of maintenance, misconfiguration, lack of auditing. For example the incidents this forum has dealt with over the past years could be classified somewhat like this: 95 percent "malware" (think PHP includes loading spam bots), 4 percent exploit/rootkits and 1 percent "other". Now the "other" stash does not include viruses. Why not? Because, as I said before in other threads, there are only 10 and all but one are proof of concept. A worm is not a virus, an exploit is not a virus and a log wiper is not a virus and a rootkit is not a virus. Still AV engines will happily classify worms, exploits, about anything as "virus" because of marketing value: instilling fear in uneducated users always works. (I use multiple AV engines and my prime reason is quick determination of files for incident handling purposes.)


Secondly (Kstan having admitted this already) a lot of this discussion evolves around a lack of knowledge and a perception that's "malformed" because of using Windows. Lack of knowledge is nothing to be ashamed of but you should fill that void one way or the other. If you do so you won't have to ask some questions and it should rid you from the idea that "because Windows does it that way GNU/Linux should too" (basic UNIX architecture, privilege separation, DAC rights). That GNU/Linux does not have "one centralised tool to rule them all" should not be seen as a hiatus but as an advantage (single point of failure, modularity).


Finally please do not use *your* lack of time (or anything else that clearly is a problem of you, not the OS) as an excuse for saying "Linux sucks". It doesn't help the discussion, it only shows *you* being the "problem" (with all due respect).


That said maybe we should turn this thread (or a new one) into a basic "from the ground up" install/config fest showcasing the things GNU/Linux does have and how using those can mitigate threats?
 
Old 09-22-2007, 09:04 PM   #55
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
kstan linux is not lacking security tools as many people have stated. Linux is also not lacking GUI all-in-one security. Mcafee and Syamantec make enterprise security suites for linux just like they do windows. The one thing that linux is missing is a "FREE" all-in-one GUI security tool. But then again so is windows. The tools that you are talking about are commerical products that you have to pay for in windows so why would you not have to pay for those same applications in linux? I dont believe that the problems is that they dont exist but the problem is you are comparing commerical windows application to linux free applications. The programs are there for linux but you just have to pay for them just like windows.

PS. If you want to find them google "Linux Enterprise Security"
 
Old 09-23-2007, 04:14 AM   #56
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by slimm609 View Post
The tools that you are talking about are commerical products that you have to pay for in windows so why would you not have to pay for those same applications in linux?
This forum tries hard to stay away from discussing commercial solutions unless there's no realistic alternative. The reasons for that are similar to those for chosing any other OSS products: interoperability based on open standards, the relative security of being able to audit and enhance the source, the ability to fix bugs, the "right" licensing and a lack of problems due to vendor lockin. That you have to pay for proprietary software on one platform itself is no valid reason to pay for it in GNU/Linux as well.


Quote:
Originally Posted by slimm609 View Post
PS. If you want to find them google "Linux Enterprise Security"
Even though I'd like this forum to stay away from discussing commercial solutions, in this case I'd like to invite you to post the exact URI's of the products you had in mind. I admit I'm curious since I've looked at one commercial enterprise suite and for some of the applications in that suite there wheren't even GNU/Linux versions available.
 
Old 09-23-2007, 07:19 AM   #57
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
Quote:
Originally Posted by slimm609
linux is not lacking security tools as many people have stated. Linux is also not lacking GUI all-in-one security. Mcafee and Syamantec make enterprise security suites for linux just like they do windows.
Seems good, I think they realize Linux need it.

The one thing that linux is missing is a "FREE" all-in-one GUI security tool. But then again so is windows. The tools that you are talking about are commerical products that you have to pay for in windows so why would you not have to pay for those same applications in linux?
Who say not? I agree to pay for it.

I dont believe that the problems is that they dont exist but the problem is you are comparing commerical windows application to linux free applications. The programs are there for linux but you just have to pay for them just like windows.
PS. If you want to find them google "Linux Enterprise Security"

Quote:
Originally Posted by unSpawn View Post
This forum tries hard to stay away from discussing commercial solutions unless there's no realistic alternative. The reasons for that are similar to those for chosing any other OSS products: interoperability based on open standards, the relative security of being able to audit and enhance the source, the ability to fix bugs, the "right" licensing and a lack of problems due to vendor lockin. That you have to pay for proprietary software on one platform itself is no valid reason to pay for it in GNU/Linux as well.

Even though I'd like this forum to stay away from discussing commercial solutions, in this case I'd like to invite you to post the exact URI's of the products you had in mind. I admit I'm curious since I've looked at one commercial enterprise suite and for some of the applications in that suite there wheren't even GNU/Linux versions available.

If read from initial post from this topic, the objective of this topic is what is the pattern of Linux viruses, discuss all commercial tool is not my purpose at all. I feel innocent because the the topic go the the direction I not indent to talk about(We write many thing something is or isn't a virus as well). Again, the purpose of this topic is what will happend when people want to write an virus for Linux. What the virus look like? How it going to effect the the Linux, if all I'd mentioned is not virus, then linux viruses exist in the world(Please refer initial post)?


Regards,
Ks
 
Old 09-23-2007, 12:41 PM   #58
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by kstan View Post
Seems good, I think they realize Linux need it.
It's hard to say, as GNU/Linux likely has some really unconventional positioning on their SWOT analysis. Sure, GNU/Linux could be considered an opportunity for them - but it's a much bigger threat. Also, keep in mind that they are corporations, so their goal isn't to satisfy any OS's needs - it's maximizing shareholder wealth. My guess is they don't wanna leave any bases uncovered, and they wanna have their foot in the door if there is some sort of significant rise in market demand for that type of software.

But because of the reasons already mentioned by unSpawn (lack of open standards compliance, non-ability for users to audit the source code, vendor lock-in, etc), it would be quite an endeavour for them. Personally, I'd never buy their desktop products, and I know none of my GNU/Linux-using friends would either. I'm sure these corporations are aware of this mentality, as it must be reflected in their GNU/Linux user surveys, so it would make sense to assume their target is mainly gonna be Windows users and IT managers who just made the switch (or just got some GNU/Linux boxes dropped on their laps) and don't know any better.

Last edited by win32sux; 09-23-2007 at 07:55 PM.
 
Old 09-23-2007, 10:31 PM   #59
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
Quote:
Originally Posted by win32sux View Post
It's hard to say, as GNU/Linux likely has some really unconventional positioning on their SWOT analysis. Sure, GNU/Linux could be considered an opportunity for them - but it's a much bigger threat. Also, keep in mind that they are corporations, so their goal isn't to satisfy any OS's needs - it's maximizing shareholder wealth. My guess is they don't wanna leave any bases uncovered, and they wanna have their foot in the door if there is some sort of significant rise in market demand for that type of software.
I agree

But because of the reasons already mentioned by unSpawn (lack of open standards compliance, non-ability for users to audit the source code, vendor lock-in, etc), it would be quite an endeavour for them. Personally, I'd never buy their desktop products, and I know none of my GNU/Linux-using friends would either. I'm sure these corporations are aware of this mentality, as it must be reflected in their GNU/Linux user surveys, so it would make sense to assume their target is mainly gonna be Windows users and IT managers who just made the switch (or just got some GNU/Linux boxes dropped on their laps) and don't know any better.
I think another way, corporate environment the security and safety always the top priority. assume we are Linux consultant, we need guarantee our customer who'd switch to linux desktop environment. Its very too late when customer accidently run some virus in their network. So, the commercial AV vendor estimate Linux Desktop is increasing and they realize they need to provide customer necessary solutions. For me this is a good start.

Regards,
Ks
 
Old 09-23-2007, 11:09 PM   #60
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by kstan View Post
I think another way, corporate environment the security and safety always the top priority. assume we are Linux consultant, we need guarantee our customer who'd switch to linux desktop environment. Its very too late when customer accidently run some virus in their network. So, the commercial AV vendor estimate Linux Desktop is increasing and they realize they need to provide customer necessary solutions. For me this is a good start.
Yeah, that sounds exactly like something the companies' marketing departments would say. Except for the "guarantee" part, of course. There are never any guarantees in these matters, as is clearly explained in the legal documentation on any of these companies' websites.

Last edited by win32sux; 09-23-2007 at 11:11 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: GNU/Linux and freedom: non-free software hidden in your GNU/Linux distribution LXer Syndicated Linux News 0 04-02-2010 11:21 PM
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 03:22 PM
2008 US General Election Megathread XavierP General 205 11-07-2008 12:37 PM
Ubuntu - ALL FINE NOW! - Megathread FreeDoughnut Ubuntu 41 07-24-2006 08:53 AM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 07:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration