Linux Spyware
 

I have received several messages saying i have spyware on my system and i am using linux RH9. These are not the same kinds of scare tactic messages you get to buy software while surfing the web. I thought there was no spyware for Linux??? I dont trust linux it being open source and I have already had my system hacked once and had to format and reinstall RH9. How do i get rid of spyware in linux???

thanks

How are you receiving these messages? Thru a browser or another app? I've never heard of spyware within Linux and to tell you the truth, opensource is your friend as it allows you to see the code being used. That makes it easier actually to find out if there is some kind of security threat, etc in the apps your using. It would be very hard for someone creating apps under the GPL to make backdoor's, spyware, etc.

hmm spyware in linux would only be able to spy on the user that had it installed, plus I do not think there is any, but if there were it would be on redhat

if you are hacked that much you need to work on security, and redhat default will not cut it

if you are hacked to where you need to reformat than you are eather using chmod 777 / -R (Stupid) or running everything as root (almost as stupid)

if you want security without effort (worthless) go with debian or slack.

open source may allow a hacker to find a vulnerability faster true, but it also alows for anyone to fix that vulnerability and very fast.

all in all if things are correct you would not have this problem. as for spyware popup sounds like it is eather in web browser (use mozilla and enable popup protection) or using root user for everything + other stupidity allowed a hacker to mess with you.

however do not get me wrong, I am not calling you stupid, I am calling the above actiosn you may or may not have done stupid, you have 786 posts (at time of reading) and that counts for a lot.

When you post a question, please be specific. The above question is so open-ended and vague it's impossible to tell what the issue might be (or if there's even a legitimate issue). Please post a copy of the error/warning message you're receiving along with any supporting log entries. Make a clear-cut case for why you think there's spyware on your system and describe how/what it's effecting. Remember: Be specific.

I doubt that redhat is anymore vulnerable to spyware than most distros. In fact, most of them are going to include the same versions of Mozilla and other applications.

Very few distros are going to be secure with a default setup and most of those will be security-centric hardened distros. Personally, I didn't find the default slackware setup to be much better. The key to security isn't really which distro you use, it's how much effort you're going to put into learning about it and applying it.

Re: Linux Spyware
 

care to explain that? i dont trust proprietary software because i dont have the source and i have no idea what the program is actually doing. i trust open source because the source is out in the public and if there is anything fishy i would have heard of it.

Capt_Caveman
my point is that redhat being lead linux distro do to undue popularity would make it the prime linux target, just as it is prime for companies supporting linxu and just as the popularity of windows makes it a target for viruses (though evn if people did target linux for viruses they would nto get very far) so if someone was goign to make spyware chances are they would do it for/on redhat. and as for default security I do think slacks os stronger than redhats, but not much stronger.

No i dont run as root all the time actually never, I always just su - and do what i need then end priveledges and no I dont chmod 777, I dont even know what that does. LOL.

True that closed source is secretive and noone knows whats going on but i feel open source is just an invitation to crackers as they can see everything thats going on and that gives them and advantage.

I received a a popup. It showed my IP address, my physical location (Los Angeles) and it also showed me my ISP name and the time and date of my current connection and it was not like any other popup i have received before, It didnt seem to want to sell me anything like the usual ones it was just there with no other information, it was kind of freaky.

that stuff is easy to get when you request data froma w eb site, if you have ever been on irc and seen what it shows as well as your ip, it is easy to then place it in a popup, you have no spyware it is harrasment to get you to buy something.

This is all readily available data when you connect to any website check here http://privacy.net/analyze/

so if someone was goign to make spyware chances are they would do it for/on redhat.
Rise of spyware, in the original Windows sense of the word, was AFAIK caused by changes in how some companies thought they could increase revenue. I'm not saying it's impossible to *run* that type of spyware on Linux, but because of the difference in business models, companies that milk Linux cannot benefit from shipping spyware, and because of cultural differences, Linux users will nuke the company that tries it.


An OT remark for exodist
As for your opinionating "redhat being lead linux distro do to undue popularity would make it the prime linux target" and "slacks os stronger than redhats" I am asking you, as moderator, to please leave those out.
Favouring one distro over another should always be backed up with facts, the rest is useless and irritating. Flamewars and trolls belong in /General.
The Linux - Security forum needs facts, not opinions.

I am sorry, I did not intend it that way unSpawn, usually I make note of such things being my opionion or experiance, this time I was not paying attention, I will remember next time.

So as expected, this was a particularly devious ad, not spyware. Almost by definition spyware will not announce it's presence (it's spying, after all!).

As for distro wars I don't really think of anyone one distro as "better" than another, but there are certainly some categories where some distros might be more focused than others. I do tend to agree that Red Hat will be a specific target for all the types of attacks we've seen on Windows (spyware, trojans, remote exploits, etc). This is due to the fact that people who go to the trouble of writing automated tools will want them to work against as many machines as possible. Red Hat is by far and away the most popular Linux distro used in corporate America, and many home users at least start with Red Hat because to a large degree the "branding" has worked and new users equate Linux == Red Hat (it's only later when they get involved in the community that they realize their options).

I started on Red Hat myself back with 5.2 because it was the only one I could find in stores and I had no idea that I could download and burn to CD (the sad thing was I had one of the fatest broadband connetions available at the time, and a CD burner). Now I buy Linux or BSD when I'm impressed with the work and want to support the developers.

Any way I'm getting off track. The point is that Windows is a massive target right now because in one flavor or another, it runs on about 95% of computers out there. Yes the security model is a lot different in Windows and it makes things easier, but really it's about the wealth of targets. There have been Linux worms already, it's just that they didn't make much progress because Linux wasn't being used nearly as widely.

Chort, I have seen the argument before, it is true that A reason linux has less worms and viruses is because the attackers want more targets, but linux really hasn't been tested aganst a majior virus flood like windows has, I personaly believe that the layout of a linux system would protect it and prevent the kind of mass-failure and mass-hysteria like a few eeeks ago n windows.

You won't have as many mass-worms perpetuated by users (and I say "as many" because there are always undiscovered buffer overflows that can lead to privilage escalation), but think about how many Internet services run as root. Sendmail is infamous for this and it's certainly not the only one. I'll again cite the Morris Worm and remind everyone that it was the most successful worm of all times in terms of percentage of Internet-attached hosts that were infected. The Morris Worm affected UNIX and BSD systems via Sendmail and fingerd. In many implementations named runs as root, generally POP/IMAP daemons run as root, and a lot of times ntpd runs as root.

you make a good point. I never thaught about sendmails running as root, thank god sendmail only relays/recieves/send mail, and does not otpen it :-P but perhapse a message os a specific size can screw something

firefox security
 

I thought spyware programs had to be installed. Program installation is a little more involved than in Windows where you just double click. Linux has package managers.
*
I use root for moving files between my two 'user' accounts and my Windows partition which is required as some of my hardware is not Linux compatible. There are the administrative chores such as updates plus the occasional install of a program that passes the 'smell' test of a trusted friend.
*
Anyone surfing in root is nuts.
*
Firefox/Mozilla comes with it's own bag of security. They've a list of plug-ins that aid the user in choosing what content they want and what they want blocked.
*
I do use root for my virus checking program. It allows me to check the whole disk with out going into each 'user' account and Windows partition which would take time...
*
Linux viruses are scarce as hen's teeth. However, I've deleted a good many Window's viruses from my email box and saved friends from pesky or ruinous infections from bugs that would just sit in my system.

Welcome to LQ!

While your contribution is nicely done, did you realize you were replying to a nearly 4 year old thread?

lol I got the email notification for this thread and it was like I went back in time! :)

Part of the problem, IMO, is that the OP is using RH9. That distribution is OLD...very old. Old enough to where he'd have issues with updating software packages. Based on that fact and the fact that the OP seems to be rather new to the Linux arena, I suggest something more supported...Fedora 7 or the latest version of CentOS, since he/she appears to hold RH in favor.

Other than that, the OP should offer more of the who/what/when/where so we can offer better support.

Just my .02...

BajaNick, you mention you are running RH9, that distribution is several years old.. Are security updates still available for it ? While this latest event appears to be nothing more than a pop up advertising gimmick, you might want to ensure you have the latest security updates for your system, or better yet, update your distribution to something more current and better supported.

The last update I see available for RH9 is over a year old... 2006-07-27 http://www.fedoralegacy.org/updates/RH9/


[edit] Sigh I guess I should read Page 2 before replying with yet another redundant post. nothing like saying what's already been said. :)

Ouch! I didn't notice that! I feel dumb for even responding!

BajaNick was posting in '03, RH9 lasted until April 30, 2004. So it was quite current at the time.

The last zero-reply thread started by him was on 04-10-06 and the latest thread was This is A great online movie (sic) posted 08-22-07.

But you'd think he'd know better than to leave a thread dangling...

The reason I responded to the thread was that I thought the OP created the thread in the last few days. In retrospect, anyone could've made the same mistake (and did), irregardless of the OP using RH9, which was current back in 2004. At this point, and after I acknowledged my mistake, I don't think it matters when RH9 was current...the post is WAYYY old and I shouldn't have responded at all.

Whoops
 

(Gets hit with a stupid stick LOL!)