LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-11-2018, 08:07 AM   #1
williambhopal
LQ Newbie
 
Registered: Oct 2018
Posts: 1

Rep: Reputation: 0
Is Linux secure enough?


I am sure you guys heard the news about that huge hacker attack that locks peoples personal fines and demands ransom. Is Linux secure enough to protect against such attacks? I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again.

Last edited by williambhopal; 11-12-2018 at 12:40 PM.
 
Old 11-11-2018, 08:18 AM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,071

Rep: Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575
Quote:
Originally Posted by williambhopal View Post
I am sure you guys heard the news about that huge hacker attack that locks peoples personal fines and demands ransom. Is Linux secure enough to protect against such attacks? I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again
I think you are thinking about the question with the Windows mentality.

There's at least a couple of points to make here:

* There's no system in the world that is 100% secure - if it's made by us humans, it's probably never going to be perfect.
* Malware exists for all major systems, including Linux distributions. In fact the first virus that was written was a Unix virus.
* The same precautions apply to Linux as much as Windows (or any other system); turn off whatever services you don't need, use strong passwords and this is the important bit: don't goto dodgy websites or download stuff you don't know anything about in terms of it's author.

But once again, there's never a 100% guarantee with ANY system, unless you unplug from any and all networks - particularly the Internet.
 
4 members found this post helpful.
Old 11-11-2018, 09:23 AM   #3
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,144

Rep: Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968Reputation: 3968
Quote:
Originally Posted by williambhopal View Post
I am sure you guys heard the news about that huge hacker attack that locks peoples personal fines and demands ransom. Is Linux secure enough to protect against such attacks? I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again
I'm pretty sure the correct answer is: it can be, but so can Windows.

To pull of these hacks requires someone to actually execute code on the victim's computer. The step to execute it might just be visiting a hacked website and loading an infected ad, but the point is the same. The only files that the malware could do anything to, are the files that that user account have write access to.

If you set up your OS so that each user account's write access permissions are appropriately locked down (say, but not giving a user account write access to anyone else' files, and by using the root account only when you need to,), then you've greatly mitigated your risk from this type of attack.

This is the security model that the designers of *nix had in mind.

Last edited by dugan; 11-11-2018 at 09:24 AM.
 
Old 11-11-2018, 09:31 AM   #4
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,071

Rep: Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575
Just one more thing, you should remember that a "virus" is still a computer program. Short of AI, the computer does what it's told, it can't think for itself and make it's own decisions. In any Linux distribution I've ever used, files outside of your "home" folder are normally protected with permissions - that you will not have "write" permissions to. You would have to be the "root user" or use "sudo" to get the necessary permissions - so whatever you do, don't run things as root unless it absolutely has to be run under that account.
 
Old 11-11-2018, 10:00 AM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,471
Blog Entries: 9

Rep: Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375Reputation: 3375
a ransomware virus wants to reach as many people as possible.
preferably thos that are used to paying for software.
it's essentially still a windows program in most cases, and thus cannot run on linux.

linux is definitely safer. maybe not absolutely safe, but much safer than windows.

Quote:
Originally Posted by williambhopal View Post
I thought I was safe on Windows in Lithuania where such attacks are very rare but saw this hack also hit Lithuania pretty hard too, so it makes me contemplate Linux again
since the internet is global, just like these attacks, i don't really think it matters where you are.
 
1 members found this post helpful.
Old 11-12-2018, 03:44 AM   #6
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: Debian
Posts: 854

Rep: Reputation: 286Reputation: 286Reputation: 286
When we think about security, we often speak about technology/technicalities and so on... but one must not forget that an attacker always strikes the *weakest link* and it's very often the human being behind his keyboard. That's called social engineering.
So a very good start in security begins with a good IT hygiene.
 
Old 11-12-2018, 04:05 AM   #7
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 557

Rep: Reputation: 210Reputation: 210Reputation: 210
Windows 10's kernel is more secure than Linux, at least by default (without additional patches like grsecurity). It has almost as many exploit mitigations built-in and enabled by default as OpenBSD has.

That said, malware won't just magically appear on your computer. The most common backdoor for malware are dumb users clicking on stuff.
 
1 members found this post helpful.
Old 11-12-2018, 04:16 AM   #8
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,161
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Quote:
Originally Posted by jsbjsb001 View Post
* Malware exists for all major systems, including Linux distributions. In fact the first virus that was written was a Unix virus.
* The same precautions apply to Linux as much as Windows (or any other system); turn off whatever services you don't need, use strong passwords and this is the important bit: don't goto dodgy websites or download stuff you don't know anything about in terms of it's author.
There were various examples of malware, trojans specifically, earlier on but the first actual virus appears to have been made in 1986 and that was Brain. It was for -- wait for it -- MS-DOS, an M$ product. So trojans may be older but viruses proper appeared first on M$ products.

As for avoiding "dodgy" sites, that would then include a lot of mainstream sites because they are sometimes spreading malware. It's darn hard to find old articles in the search engines but if you try enough you can go back 10 to 15 years and find it to be the case that major sites been responsible for spreading malware surprisingly often. Many of the more famous cases of non-M$ malware spread via unchanged (or unchangeable) default login credentials.

As for the original question, I'd sum up the answer as "yes", GNU/Linux is much better. Much of the advantage is the layers. However, there is a lot of work needed to be done with X and with sandboxing other applications. The biggest weak point of all is the crappy software we have for browsers. I suppose the strongest option would be to use Brave which is sandboxed already and then make an AppArmor profile for it to confine it to just its own directory and ~/Downloads/ and /tmp/ because just trying to avoid "dodgy" sites won't help much.
 
2 members found this post helpful.
Old 11-12-2018, 04:49 AM   #9
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,071

Rep: Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575
Quote:
Originally Posted by Turbocapitalist View Post
There were various examples of malware, trojans specifically, earlier on but the first actual virus appears to have been made in 1986 and that was Brain. It was for -- wait for it -- MS-DOS, an M$ product. So trojans may be older but viruses proper appeared first on M$ products.
Just because a virus may not actually do damage to the system per se, it doesn't mean it's not malware/a virus. There were "proof-of-concept" viruses well before the more "traditional" virus that wipes the system, etc. The Brain virus appears to be the first one written for MS-DOS, but not the first virus written in general. But yes, it's a bit of a grey area and different "types" of malware too.

You may find these links interesting;

https://www.wired.com/2009/11/1110fr...omputer-virus/
http://all.net/books/virus/part5.html

Quote:
As for avoiding "dodgy" sites, that would then include a lot of mainstream sites because they are sometimes spreading malware. It's darn hard to find old articles in the search engines but if you try enough you can go back 10 to 15 years and find it to be the case that major sites been responsible for spreading malware surprisingly often. Many of the more famous cases of non-M$ malware spread via unchanged (or unchangeable) default login credentials.
...
While as I said before, there's no 100% guarantee that nothing (bad) will happen; I've only ever had one problem with a reputable site and it wasn't even my system, and yes, it was running Windows too. I've never had a problem with any other reputable site before, but that doesn't mean that they don't have any links on them that could take you to a dodgy site, and that's a good point to make.
 
1 members found this post helpful.
Old 11-12-2018, 05:03 AM   #10
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,161
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Good articles. Thanks.

Quote:
Originally Posted by jsbjsb001 View Post
I've never had a problem with any other reputable site before, but that doesn't mean that they don't have any links on them that could take you to a dodgy site, and that's a good point to make.
It is not the sites' links that take you from the "reputable" site to the "dodgy" site. The "reputable" sites themselves can host malware. This happens from time to time even to Fortune 500 companies' sites. Just because a site has a fancy name or respected company behind it does not mean it is clean. Too bad. Again, layered security, also called or defense in depth, helps a bit. There GNU/Linux wins hands down over Windows. However, again, the browsers are not properly isolated and X11 itself needs replacement. Recent developments in OpenBSD are pretty good at isolating the browser but even they still run X11 ...

But on the topic of third-party problems, one fairly common threat would be the advertising. The word to search for on that topic is malvertising, especially if javascript has been enabled. Malware via advertisements happens so frequently it has its own name, "malvertising".
 
1 members found this post helpful.
Old 11-12-2018, 05:14 AM   #11
cynwulf
Senior Member
 
Registered: Apr 2005
Location: /dev/planet2
Distribution: OpenBSD
Posts: 2,330
Blog Entries: 6

Rep: Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628Reputation: 1628
This comes back to the difference (thin line) between local and remote holes.

When you have a massive piece of code, such as a web browser executing javascript on the fly, local holes become important and should not be played down (as they often are).

Last edited by cynwulf; 11-12-2018 at 05:20 AM.
 
1 members found this post helpful.
Old 11-12-2018, 06:53 AM   #12
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,071

Rep: Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575Reputation: 1575
Quote:
Originally Posted by Turbocapitalist View Post
Good articles. Thanks.
You're welcome.

Quote:
It is not the sites' links that take you from the "reputable" site to the "dodgy" site. The "reputable" sites themselves can host malware. This happens from time to time even to Fortune 500 companies' sites. Just because a site has a fancy name or respected company behind it does not mean it is clean. Too bad. Again, layered security, also called or defense in depth, helps a bit. There GNU/Linux wins hands down over Windows. However, again, the browsers are not properly isolated and X11 itself needs replacement. Recent developments in OpenBSD are pretty good at isolating the browser but even they still run X11 ...
I can see what you're saying. I probably could have been more clear in my last post, sorry about that. I do agree with your points.

Quote:
But on the topic of third-party problems, one fairly common threat would be the advertising. The word to search for on that topic is malvertising, especially if javascript has been enabled. Malware via advertisements happens so frequently it has its own name, "malvertising".
Once again, I do agree with you.

I think depending on your definition of "malware" and/or "ransomware", you might be able to almost call some of that advertising itself "malware" or "ransomware". An example would be YouTube, in that: you have to watch/let the ad play before you can actually watch the video you actually wanted to watch in the first place (without having any addons to get around it). Other than it doesn't ask for money in return for playing the video, it still fits the "ransomware" definition. So like with what cynwulf was talking about, there seems to be a very thin line there too.

Perhaps a better is example is the Sony BMG copy protection rootkit scandal, there you had a well known company (as you were saying before) that deliberately put a rootkit onto their media sold to customers.
 
Old 11-12-2018, 07:07 AM   #13
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,161
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Quote:
Originally Posted by jsbjsb001 View Post
I think depending on your definition of "malware" and/or "ransomware", you might be able to almost call some of that advertising itself "malware" or "ransomware".
Using another Wired article, malvertising is third party. As long as the ads are allowed to ship with javascript, that kind of attack is going to be too easy for some to avoid the temptation.

I was thinking, rather, more of stuff spread directly by the web sites. The Sony rootkit was a relevant example of a shipped product and there have been a lot of other cases of products shipping pre-infected. However, I recall malware (virus, trojans, worms) spread directly via the "clean" sites. I'm not sure I can dig up some good examples, both my memory and the search engines seem to have gone down hill.

What I do see daily with browsers is many apparent attempts at XSS, coming from sites high and low. I expect that a few are false positives, but not all.
 
Old 11-13-2018, 12:52 PM   #14
zeebra
Member
 
Registered: Dec 2011
Distribution: Mageia, Slackware
Posts: 816
Blog Entries: 7

Rep: Reputation: 201Reputation: 201Reputation: 201
Quote:
Originally Posted by YesItsMe View Post
Windows 10's kernel is more secure than Linux, at least by default (without additional patches like grsecurity). It has almost as many exploit mitigations built-in and enabled by default as OpenBSD has.

That said, malware won't just magically appear on your computer. The most common backdoor for malware are dumb users clicking on stuff.
Well, most people don't simply use a Kernel. Your claim however is questionable. Just like my claim to say GNU userland is more secure than Windows userland.
 
Old 11-13-2018, 02:10 PM   #15
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 557

Rep: Reputation: 210Reputation: 210Reputation: 210
It is not.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I Am Now the Product... Enough is Enough IntrepidExplorer Linux - Distributions 26 07-24-2017 08:42 PM
LXer: Enough is Enough. Higher Education...? Wake Up LXer Syndicated Linux News 0 01-17-2009 06:00 PM
New case causes concern (enough ventilation? grounded well enough?) wilsonsamm Linux - Hardware 1 06-11-2006 11:11 AM
enough is enough... >:( b0uncer Linux - Security 4 05-20-2004 01:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration