Is Linux secure enough?
I am sure you guys heard the news about that huge hacker attack that locks peoples personal fines and demands ransom. Is Linux secure enough to protect against such attacks? I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again.
|
Quote:
There's at least a couple of points to make here: * There's no system in the world that is 100% secure - if it's made by us humans, it's probably never going to be perfect. * Malware exists for all major systems, including Linux distributions. In fact the first virus that was written was a Unix virus. * The same precautions apply to Linux as much as Windows (or any other system); turn off whatever services you don't need, use strong passwords and this is the important bit: don't goto dodgy websites or download stuff you don't know anything about in terms of it's author. But once again, there's never a 100% guarantee with ANY system, unless you unplug from any and all networks - particularly the Internet. |
Quote:
To pull of these hacks requires someone to actually execute code on the victim's computer. The step to execute it might just be visiting a hacked website and loading an infected ad, but the point is the same. The only files that the malware could do anything to, are the files that that user account have write access to. If you set up your OS so that each user account's write access permissions are appropriately locked down (say, but not giving a user account write access to anyone else' files, and by using the root account only when you need to,), then you've greatly mitigated your risk from this type of attack. This is the security model that the designers of *nix had in mind. |
Just one more thing, you should remember that a "virus" is still a computer program. Short of AI, the computer does what it's told, it can't think for itself and make it's own decisions. In any Linux distribution I've ever used, files outside of your "home" folder are normally protected with permissions - that you will not have "write" permissions to. You would have to be the "root user" or use "sudo" to get the necessary permissions - so whatever you do, don't run things as root unless it absolutely has to be run under that account.
|
a ransomware virus wants to reach as many people as possible.
preferably thos that are used to paying for software. it's essentially still a windows program in most cases, and thus cannot run on linux. linux is definitely safer. maybe not absolutely safe, but much safer than windows. Quote:
|
When we think about security, we often speak about technology/technicalities and so on... but one must not forget that an attacker always strikes the *weakest link* and it's very often the human being behind his keyboard. That's called social engineering.
So a very good start in security begins with a good IT hygiene. |
Windows 10's kernel is more secure than Linux, at least by default (without additional patches like grsecurity). It has almost as many exploit mitigations built-in and enabled by default as OpenBSD has.
That said, malware won't just magically appear on your computer. The most common backdoor for malware are dumb users clicking on stuff. |
Quote:
As for avoiding "dodgy" sites, that would then include a lot of mainstream sites because they are sometimes spreading malware. It's darn hard to find old articles in the search engines but if you try enough you can go back 10 to 15 years and find it to be the case that major sites been responsible for spreading malware surprisingly often. Many of the more famous cases of non-M$ malware spread via unchanged (or unchangeable) default login credentials. As for the original question, I'd sum up the answer as "yes", GNU/Linux is much better. Much of the advantage is the layers. However, there is a lot of work needed to be done with X and with sandboxing other applications. The biggest weak point of all is the crappy software we have for browsers. I suppose the strongest option would be to use Brave which is sandboxed already and then make an AppArmor profile for it to confine it to just its own directory and ~/Downloads/ and /tmp/ because just trying to avoid "dodgy" sites won't help much. |
Quote:
You may find these links interesting; https://www.wired.com/2009/11/1110fr...omputer-virus/ http://all.net/books/virus/part5.html Quote:
|
Good articles. Thanks.
Quote:
But on the topic of third-party problems, one fairly common threat would be the advertising. The word to search for on that topic is malvertising, especially if javascript has been enabled. Malware via advertisements happens so frequently it has its own name, "malvertising". |
This comes back to the difference (thin line) between local and remote holes.
When you have a massive piece of code, such as a web browser executing javascript on the fly, local holes become important and should not be played down (as they often are). |
Quote:
Quote:
Quote:
I think depending on your definition of "malware" and/or "ransomware", you might be able to almost call some of that advertising itself "malware" or "ransomware". An example would be YouTube, in that: you have to watch/let the ad play before you can actually watch the video you actually wanted to watch in the first place (without having any addons to get around it). Other than it doesn't ask for money in return for playing the video, it still fits the "ransomware" definition. So like with what cynwulf was talking about, there seems to be a very thin line there too. Perhaps a better is example is the Sony BMG copy protection rootkit scandal, there you had a well known company (as you were saying before) that deliberately put a rootkit onto their media sold to customers. |
Quote:
I was thinking, rather, more of stuff spread directly by the web sites. The Sony rootkit was a relevant example of a shipped product and there have been a lot of other cases of products shipping pre-infected. However, I recall malware (virus, trojans, worms) spread directly via the "clean" sites. I'm not sure I can dig up some good examples, both my memory and the search engines seem to have gone down hill. What I do see daily with browsers is many apparent attempts at XSS, coming from sites high and low. I expect that a few are false positives, but not all. |
Quote:
|
It is not.
|
All times are GMT -5. The time now is 01:32 AM. |