LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-04-2007, 11:44 PM   #76
okos
Member
 
Registered: May 2007
Location: California
Distribution: Slackware/Ubuntu
Posts: 609

Rep: Reputation: 38

The reason I ask the question:

I have been a microsoft user since before windows 95. I had a virus in windows and had trouble removing it a while ago.

I have Slackware 12 and wanted to install check install. I went to the website and found that there are problems with using check install in Slackware 12. An older version had reportedly worked better. I googled checkinstall 1.5.3 and found a ftp site with that version. I downloaded, untarred, and installed. Nothing happened. It was not working. I could not locate any of the installed files. It made me quite concerned. I deleted the tgz file and actually found the older version on the check install website. Installed it and it worked.

I started to wonder if I had a virus from the first installation of so called checkinstall.

What is it about linux that makes it relatively impervious to viruses or malware?
 
Old 10-05-2007, 01:42 AM   #77
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,734
Blog Entries: 12

Rep: Reputation: 463Reputation: 463Reputation: 463Reputation: 463Reputation: 463
Quote:
Originally Posted by okos View Post
The reason I ask the question:

What is it about linux that makes it relatively impervious to viruses or malware?
God runs Linux . (pretty sure its either Slack or Debian)
 
Old 10-05-2007, 03:19 AM   #78
DOTT.EVARISTI
Member
 
Registered: Jan 2007
Location: La spezia ( Italia )
Distribution: Fedora 9 amd 64, Gnome,PCLOS 2007,OpenSuse 11 amd 64,Sabayon 3.4,Xp,Vista
Posts: 248

Rep: Reputation: 31
Unhappy Be Carefull and DON'T INSTALL ANTIVIR PE FOR LINUX

use clamav and DON'T INSTALL ANTIVIR PE FOR LINUX...i tried this in OpenSuse 10.2 and DESTROYED grub and it wasn't possible to reinstall it !

I was lucky i had done a partimage backup so i restored it
so be carefull !

Bye
 
Old 10-05-2007, 06:24 AM   #79
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.2
Posts: 7,809
Blog Entries: 58

Rep: Reputation: Disabled
"Indians? There are no Indians round here!"
zzzzziiiiipp.THUD!
"Uuuughhh!"

http://en.wikipedia.org/wiki/List_of...mputer_viruses
 
Old 10-05-2007, 10:58 PM   #80
okos
Member
 
Registered: May 2007
Location: California
Distribution: Slackware/Ubuntu
Posts: 609

Rep: Reputation: 38
Thanks Brian for the link.

So clamav works? There is a free windoze version but I don't care for it. It is included in the ultimate boot cd 4 win (UBCD4win) Besides clamav, Benjamin Burrows has done great work by the way!
http://www.ubcd4win.com/

I still have not found out why Linux is less susceptible then windows. Is is because Linux has a much smaller market?

On the other hand, linux seems to be a crackers haven.

So why is there less focus on av for linux?

As a newbie I would like to know what makes linux more secure.
 
Old 10-05-2007, 11:16 PM   #81
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552
Hi Okos

The question "Why is Linux more secure than Windows?" is asked here on LQ on a regular basis.
If you use the "Search" button atop the page, and enter a query like "Linux virus" or "Linux Windows virus" or something like this, you should find LOADS of threads about this very question.
After perusing several of these threads, you should have a pretty good idea about the security differences inherent in the 'average' installations of Linux vs. Windows.

Through its history, Windows has for the most part installed itself and been operated in 'Admin' mode so to speak, like running as root on Linux. While Linux, to the contrary, is generally run (by anyone who follows basic recomendations) as a USER most of the time, and not as root. This scenario, over time, has contributed to the ridiculous number of ways and means for malicious code to be used against the average Windows installation, while trying to do the same thing to a properly run Linux installation results in little or no damage, because the core of the system is for the mot part 'off-limits' to any malicious code that it might encounter.

With Linux, the practice of downloading your software from trusted sources, and using such tools as GPG signature verification and Checksum verification, make for a FAR SAFER software procurement scenario on Linux.
Generally speaking, for malicious code to have the ability to ruin a Linux system, it must pretty much be knowingly (or unknowingly) installed onto the system by some means with root priveleges. This isn't necessarily an easy feat on a well admin'd Linux machine, while on 98% of Windows machines, the system is ready and willing to executa pretty much anything that comes in contact with it.

The layered security model of Linux is much different than in Windows, where the core of a Windows machine (besides the kernel) is "Internet Explorer". This piece of crap is woven into the very fabric of everything that comprises a Windows system. When you consider this, you can imagine how easy it is for a malicious piece of code to enter a Windows machine through IE, and rapidly compromise every other area of the operating system freely, until the machine is rendered useless (as though it weren't useless to begin with )

Anyhow, do some searching on LQ, and you will find scores of info on the same subject. People will probably add to what I've said, or make other comparisons, but whatever gets said in THIS thread, has already been posted in dozens more.

Best wishes,
--Sasha
 
Old 10-06-2007, 01:18 AM   #82
townie
Member
 
Registered: Oct 2007
Distribution: Ubuntu 8.10 beta and Debian etch
Posts: 75

Rep: Reputation: 15
even though linux has a differnt layout to windows operating system thats not the main reason there arnt many viruses for linux if a hacker wanted to make deadly virues for linux they would soon get around the whole non root privilages and differnt layout. also one of the major reasons there are less virues for linux then there are for windows due to teh fact that linux is n't run by evil money making origanisatation like microsoft, this factor makes MS a target
 
Old 10-06-2007, 08:18 AM   #83
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Arrow GNU/Linux Antivirus Megathread

Welcome to the GNU/Linux Antivirus Megathread!

I've created this megathread as an attempt to stabilize the ever-increasing amount of "Do I need an antivirus/antispyware program on GNU/Linux?" type threads which keep popping up over and over again. It seems to be an extremely common question posed by people coming-over from the Windows world. Most of the discussions in those threads follow quite similar, repetitive patterns. This makes it a topic well-suited for a megathread IMHO. One thing you need to understand if you are the one asking these type of questions is this: There is no consensual answer. What we do have is a lot of varied opinions and passionate discussion regarding the matter, and this megathread will serve as the place for that.
 
Old 10-06-2007, 08:21 AM   #84
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552
Quote:
Originally Posted by townie View Post
even though linux has a differnt layout to windows operating system thats not the main reason there arnt many viruses for linux if a hacker wanted to make deadly virues for linux they would soon get around the whole non root privilages and differnt layout. also one of the major reasons there are less virues for linux then there are for windows due to teh fact that linux is n't run by evil money making origanisatation like microsoft, this factor makes MS a target
I do agree with the evil corporation angle on the thing, that's a good point

However, as for circumventing root privileges, well, the virus then would again only be able to target whose-ever privileges it had assumed.

E.g. if a 'virus' does not have "root:root" priveleges then there is simply no way (that I'm aware of) for it to totally bork a system to the point of total destruction.

E.g.2 - If the 'virus' let's say has elevated itself to "user:group" whatever, then it may only bork stuff associated with these user & group priveleges. This is akin to targeting a single user account on a system. On my home machine, if I were to acquire a virus that ran with my USER account's full priveleges, I would be looking at risking my user account, my home folder, my desktop, etc. But the virus would not be able to render my whole SYSTEM inoperable, because my USER account does not have enough priveleges.

When files & folders are of the "root:root" level, and the permissions of these items are rwx-rx-rx or less, and there is NO OTHER USER on the machine who has the group :root, then it's simply not possible to corrupt the running system, unless there's an overlooked hole in the security model or an unckecked SUID binary to take advantage of.

I'm definitely no expert on this, but this is the best I know about how this concept works. Feel free to correct or add to (or point out glaring oversights on my part) what I've said.

_sasha

Last edited by GrapefruiTgirl; 10-06-2007 at 08:23 AM. Reason: Win32sux - EXCELLENT IDEA! A MegaThread for this has been a long time coming. Can you merge the rest of the threads??
 
Old 10-06-2007, 01:39 PM   #85
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Do I need Anti-Virus software on Linux?

Hello!

preamble:
I've been using Slackware linux as my primary operating system since March of 2007. Right now I'm using Slackware 12 (of course I've added several packets not included in distribution - MPlayer, for example. Most of them I've compiled myself.) Since the first time I've tried to use Linux I believed that this OS doesn't need anti-virus software - because :
1) every distribution is different.
2) every installation can be different even on same distribution.
3) well-behaved linux user have a good habit of working as a non-root user, and most programs he uses won't be writable during working session - there is no way to infect executable unless virus uses some kind of rootkit.
4) Also, there is no easy way for virus to get into system - unless user will download binaries from untrusted sources.

situation:
Right now there are folks on some of my local forums, that claim "linux became popular, there are new viruses appearing for Linux, so now you need Anti-Virus software for Linux!". For me it looks like an attempt to trick me into buying useless software, a marketing move of AV software develpers, etc. And, by the way, the fact that my information about Linux doesn't match with what they say, really puzzles me. I didn't find an english mentions about huge Linux virus epidemias, for example.

So, the question:
Do I really need an antivirus for my Linux system or not ?(taking in account that I'm behind proxy, ISP-provided packet filter, ADSL router and simple ip-tables-based packet filter and rarely download binaries?) And should I trust? My knowledge, or their information? (those guys doesn't seem to be professionals, anyway...)

Thanks.
 
Old 10-06-2007, 01:43 PM   #86
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Umm... I"m really sorry, looks like there is another thread for those kind of questions, which I didn't notice.

Can some attach this thread to http://www.linuxquestions.org/questi...thread-589866/ (if my question fits that theme)?

Last edited by ErV; 10-06-2007 at 01:45 PM.
 
Old 10-06-2007, 01:44 PM   #87
larkl
Member
 
Registered: Sep 2007
Distribution: Puppy 5.2.8
Posts: 69

Rep: Reputation: 15
You're probably fine, but of course, some may argue with that. I've been using various Linux versions for almost 10 years and never a problem. Not many could say that running WIndows with no AV protection.

Last edited by larkl; 10-06-2007 at 01:45 PM.
 
Old 10-06-2007, 02:00 PM   #88
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552Reputation: 552
1 - No, you probably don't need one.
2 - Use and administer your system properly. Don't run as root just on a usual basis, use a user account.
3 - If they're trying to sell you AV software for Linux, don't buy it.
4 - do some reading about "chkrootkit" and "rkhunter" and install a half decent firewall.
4.5 - download trusted sourcecode with md5 checksums and/or GPG signatures, and USE them.
5 - Please contribute to the MEGATHREAD which you found and help us make it HUMUNGOUS so people can't possibly miss it in the future
 
Old 10-06-2007, 03:29 PM   #89
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Thanks a lot for the answers.
I've just finished reading
Quote:
Originally Posted by http://www.linuxquestions.org/questions/linux-security-4/gnulinux-antivirus-megathread-589866/
MEGATHREAD
, most of the answers were found in links posted in there. Problem solved, now I'm really sure that I don't need AV-software on Linux, if I follow safety procedures listed by GrapefruiTgirl (and, thanks to the links, I now have good arguments to prove that). I'll try to add some thoughts/clarification in the Megathread.

Quote:
Originally Posted by GrapefruiTgirl View Post
4 - do some reading about "chkrootkit" and "rkhunter" and install a half decent firewall.
5 - Please contribute to the MEGATHREAD which you found and help us make it HUMUNGOUS so people can't possibly miss it in the future
Will do. Thanks for useful security tips.
 
Old 10-06-2007, 03:53 PM   #90
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Thanks a lot for useful information (I've initially posted same question here, all problems were solved using links posted in this thread). There are several thoughts (to summarize everything):

What about making this thread sticky? (that's the only reason why I haven't noticed it)

The most useful link for me was this link to Linux mafia article. The article was updated recently (other links were dated by 2003..2004), and it certainly worth reading from the beginning, because it explains why Linux viruses have never spread, and also gives a lot of info about "secure" behaviour of user on the system.

Reading all the information above, I think that AV-software isn't needed on Linux, if user doesn't use untrusted software, doesn't use root account for ordinary tasks, and updates system with security fixes. I thinks that same scheme can be useful on other operating systems as well. Of course, AV-software can be useful if WINE is used on the system, and to check windows-related files (on other machine, for example).

Concerning discussions about injecting "rm -rf /" into source code (several pages before). This is not a virus. "virus" is a computer program (or script), that modifies other programs to make them produce virus or infect other programs. So, "rm -rf /" isn't a "virus", but a script that will infect other programs is a virus. (i.e. if the script will modify program to make it infect other programs and execute rm -rf /, it is a virus, otherwise it is something else).

This kind of virus is easy to create, but it won't do anything on linux, unless started under root privilegies - because all system-wide binaries are write-protected for ordinary users, or unless some system-wide files are world-writeable (which certainly means, that system administrator should be replaced). With those restrictions virus must have built-in rootkit, or exploit a know vulnerability. Article on linux mafia mentions several attempts to create virus that uses vulnerability, and all those attempts have failed, because security hole was fixed before the day the virus was released. Of course, there are some programs, that (for some reason) stil doesn't support multi-user installation - they can become infected.
So, the only enterance left for viruses and malware is user (social-ingenering, etc).

It looks like in some cases mounting /home as noexec is a good practice, but it isn't possible to do in all cases (for example, I'm developing software on my PC, and I have to run several scripts from within my home directory).

Last edited by ErV; 10-06-2007 at 04:00 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: GNU/Linux and freedom: non-free software hidden in your GNU/Linux distribution LXer Syndicated Linux News 0 04-02-2010 11:21 PM
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 03:22 PM
2008 US General Election Megathread XavierP General 205 11-07-2008 12:37 PM
Ubuntu - ALL FINE NOW! - Megathread FreeDoughnut Ubuntu 41 07-24-2006 08:53 AM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 07:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration