LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-26-2004, 11:22 PM   #1
unixfreak
Member
 
Registered: Jul 2004
Distribution: Linux 2.4.21-0.13mdk, W2K
Posts: 412

Rep: Reputation: 30
Linux vs Mac question (Virus vulnerability related)


Just wondering about this. I know that Linux and Mac is stable (both are) but is the Mac more secure than Linux or, there are equal in regards to LESS Virus vulnerability or Spyware???
 
Old 08-27-2004, 12:00 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
They're more or less the same. There have been far more vulnerabilities discovered for Linux thus far, but Linux has a lot more "hype" right now and all of the code base is open, so the combination of attention and easily reviewable code has meant more vulnerabilities found in Linux. It's quite probable the Mac OS has a similar number of vulnerabilities to most other OSs, they just haven't been found yet.
 
Old 08-27-2004, 12:11 AM   #3
unixfreak
Member
 
Registered: Jul 2004
Distribution: Linux 2.4.21-0.13mdk, W2K
Posts: 412

Original Poster
Rep: Reputation: 30
OS like FreeBSD, Solaris, Mac are less vuln than Linux. I just have the feeling.
 
Old 08-27-2004, 09:38 AM   #4
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Rep: Reputation: 30
Quote:
Originally posted by unixfreak
OS like FreeBSD, Solaris, Mac are less vuln than Linux. I just have the feeling.
Nothing like unsupported opinion to build up a fit of mass-hysteria.
 
Old 08-27-2004, 11:02 AM   #5
atom
Member
 
Registered: Feb 2004
Location: Slovenia
Distribution: archlinux
Posts: 271

Rep: Reputation: 31
Well, considering more vulnerabilities have been found in linux, there are less to be fixed in my opinion

Linux is as secure as it currently gets, but mainly it depends on the system folders permissions...

A virus in linux can not do any demage to the system other than delete a couple of files that the person who ran it has. (plus linux has the x bit that should pretty much stop any virus from being executed mwahahaha )


It still stands: security in linux stands on the hands of the user.

I humbly exclude Lindows from this post, as (moronically), in Lindows, you are always root. (correct me if i'm wrong, that was a while ago, it may have been fixed by now, i sure hope so)
 
Old 08-27-2004, 11:47 AM   #6
hp46168
Member
 
Registered: Jun 2004
Location: Indiana
Distribution: Suse 9.0
Posts: 120

Rep: Reputation: 15
Re: Linux vs Mac question (Virus vulnerability related)

Quote:
Originally posted by unixfreak
Just wondering about this. I know that Linux and Mac is stable (both are) but is the Mac more secure than Linux or, there are equal in regards to LESS Virus vulnerability or Spyware???
Spyware is typically written for Winblows boxen.

Viruses, tend to coincide with the size of the target base.

Windows has a lot of viruses.

Mac has some.

Linux may have 1 or 2 viruses specifically written for linux.

As far as security exploits go, I think the time has come to recognize that good computer security isn't about using a specific operating system, a specific antivirus program, a specific firewall, but it's more about developing an information security mind set.

True,

Linux and other open source projects have had their share of security exploits.

It all boils down to whether or not you operate your computer securely or not.

Some operating systems may make this easier than others. If you believe that the best way of dealing with security exploits is to only have a few people in charge of the code who can look at the code and fix the code, rather than having the code out there so people can look at it, and fix it for themselves... Then that's your opinion, and you're certainly entitled to it. This is the Microsoft way, and, to a lesser extent with the software but mroeso about the hardware, the Apple way.
 
Old 08-27-2004, 12:02 PM   #7
unixfreak
Member
 
Registered: Jul 2004
Distribution: Linux 2.4.21-0.13mdk, W2K
Posts: 412

Original Poster
Rep: Reputation: 30
Thanks for these polls.

Same opinion goes for me:

It ALL comes to common sense. You could make Windows as secure as Linux/UNIX if you do not do stupid things like open attachments, read email in HTML code, etc....

When I "use to" run Windows, I never even ran an Antivirus software (Firewall yes). Because I knew what to open and not to open. Common sense is the key to security.

And it sure beats the best AV software or whatever out there
 
Old 08-27-2004, 12:09 PM   #8
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Rep: Reputation: 30
I guess itís worth expanding on a few points. I think the original poster has inadvertently massed the selected OS and their software together. Linux is a kernel only. The simple fact is a Linux kernel is pretty darn solid security wise. The software is usually what holds the security vulnerabilities. I think one thing that gets overlooked with MS security is that usually the issues are directly related to the base OS itself and not its programs. Linux unfairly gets all lumped together. A buffer overflow in Linux program XYZ gets tallied as a Linux vulnerability, but a buffer overflow vulnerability in say your favorite XP information manager isn't. That distorts the true numbers significantly.

Secondly, many of the open source OSís use roughly the same software, so most of the time a security issue in a Linux program that has been ported to BSD usually has the same problem. That basically makes it a wash when you look at the numbers.
 
Old 08-27-2004, 01:18 PM   #9
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally posted by atom
Well, considering more vulnerabilities have been found in linux, there are less to be fixed in my opinion
Complete fallacy. There's new code being added contantly which can and does introduce new vulnerabilities (there was just recently one with MySQL for instance that only affected a few versions of post 4.0).

Quote:
Linux is as secure as it currently gets, but mainly it depends on the system folders permissions...
Also complete fallacy. For one thing, the Linux kernel does not natively have any kind of stack protection, although there are several third-party patches for that. Most distributions ship with absolutely no native protection against buffer and heap overflows. Also, Windows NTFS file system has file permissions (in fact, much more granular than UNIX file permissions) and that is a native capability, so by your argument you could say that Windows is more secure than Linux. Also, specifically as it relates to Mac OS it also uses UNIX file permissions the same as Linux (it's built on FreeBSD), but it adds it's own special Apple restrictions on top so it actually has more file system protection than most Linux and BSD systems do by default.

Quote:
A virus in linux can not do any demage to the system other than delete a couple of files that the person who ran it has.
This question has been hashed and rehashed in numerous posts, but I'll point out the key facts again:
1.) The user data is the most important part of the system! You can quickly reinstall your OS if that gets damaged, but all the "stuff" that you're working on is what cannot be replaced.
2.) Suppose an exploit compromises a service rather than a user process. Now the attacker has the same permissions that service had. Most services in Linux (and Mac OS) still run as root, so that would give root access. Other OSs (again, OpenBSD) have extensive privilege revoking, but you could still do nasty things like delete e-mail (if you compromised the mail daemon), etc.

Quote:
(plus linux has the x bit that should pretty much stop any virus from being executed mwahahaha )
Incorrect. The NX bit only exists on certain CPUs, right now the AMD64 family, Sparc64 family, and a few others (it does not exist on Intel x86 or any PPC CPU). Certain OSs (such as OpenBSD) emulate this in software. Linux, currently does not emulate W^X, to the best of my understanding.

Even for the OSs with W^X, this does not prevent viruses from executing (dispite AMD's stupid marketing gibberish about "Enhanced Virus Protection"). W^X attempts to prevent buffer overflow attacks, but that does not prevent viruses which rely on some scripted method of executing the actual viral code (such as emulating user manipulation without actual manual actions).

As for the other poster who said there are several Mac viruses, they're correct if they're talking about versions prior to OS X. If you consider only OS X (which is from scratch totally new and different than previous Mac OS), then there has only been one "virus" and it was in fact widely believed to have been invented by an anti-virus firm so they could sell more A-V software for the Mac (sales are really bad when there aren't any viruses for the platform that you sell A-V protection for).

Last edited by chort; 08-27-2004 at 01:23 PM.
 
Old 08-27-2004, 06:09 PM   #10
hp46168
Member
 
Registered: Jun 2004
Location: Indiana
Distribution: Suse 9.0
Posts: 120

Rep: Reputation: 15
Quote:
Originally posted by chort
Complete fallacy. There's new code being added contantly which can and does introduce new vulnerabilities (there was just recently one with MySQL for instance that only affected a few versions of post 4.0).



Also complete fallacy. For one thing, the Linux kernel does not natively have any kind of stack protection, although there are several third-party patches for that. Most distributions ship with absolutely no native protection against buffer and heap overflows. Also, Windows NTFS file system has file permissions (in fact, much more granular than UNIX file permissions) and that is a native capability, so by your argument you could say that Windows is more secure than Linux. Also, specifically as it relates to Mac OS it also uses UNIX file permissions the same as Linux (it's built on FreeBSD), but it adds it's own special Apple restrictions on top so it actually has more file system protection than most Linux and BSD systems do by default.



This question has been hashed and rehashed in numerous posts, but I'll point out the key facts again:
1.) The user data is the most important part of the system! You can quickly reinstall your OS if that gets damaged, but all the "stuff" that you're working on is what cannot be replaced.
2.) Suppose an exploit compromises a service rather than a user process. Now the attacker has the same permissions that service had. Most services in Linux (and Mac OS) still run as root, so that would give root access. Other OSs (again, OpenBSD) have extensive privilege revoking, but you could still do nasty things like delete e-mail (if you compromised the mail daemon), etc.



Incorrect. The NX bit only exists on certain CPUs, right now the AMD64 family, Sparc64 family, and a few others (it does not exist on Intel x86 or any PPC CPU). Certain OSs (such as OpenBSD) emulate this in software. Linux, currently does not emulate W^X, to the best of my understanding.

Even for the OSs with W^X, this does not prevent viruses from executing (dispite AMD's stupid marketing gibberish about "Enhanced Virus Protection"). W^X attempts to prevent buffer overflow attacks, but that does not prevent viruses which rely on some scripted method of executing the actual viral code (such as emulating user manipulation without actual manual actions).

As for the other poster who said there are several Mac viruses, they're correct if they're talking about versions prior to OS X.

I stand corrected. But, if a machine is running in classic mode, is it still vulnerable to the same (for want of a better term) legacy mac os viruses?
Quote:
If you consider only OS X (which is from scratch totally new and different than previous Mac OS), then there has only been one "virus" and it was in fact widely believed to have been invented by an anti-virus firm so they could sell more A-V software for the Mac (sales are really bad when there aren't any viruses for the platform that you sell A-V protection for).
OS X, is closer to *nix world than windows ever will be. Probably because it was based on BSD!

Interesting tidbits about this "X" bit.

I still say, the technology that one uses isn't as important (in terms of computer security) than how one uses it.

Kyle
 
Old 08-27-2004, 07:25 PM   #11
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
But, if a machine is running in classic mode, is it still vulnerable to the same (for want of a better term) legacy mac os viruses?
It probably depends on the virus and the infection method. There's a good chance most of them work in classic mode, but it depends on what underlying weakness the virus exploits and whether that's actually emulated in classic-mode or not. Personally, I would expect that at least some of them still work--but only if you interacted with the virus carrier with an application that was running in classic-mode. There certainly wouldn't be any way for a previous virus to auto-start classic mode or jump between contexts.

Quote:
I still say, the technology that one uses isn't as important (in terms of computer security) than how one uses it.
Well there are two aspects. One is how secure the default posture of an OS is after typical install, since this is the mode many users will operate in. If the default posture is very secure, that OS is unlikely to ever have significatn or wide-spread security problems regardless of how insecure the non-default components are.

The second consideration is the knowledge of the user running the system and how they're using it. If many users consider a secure default too restrictive, they're likely to modify it to be "full-open" so it won't get in the way of what they try to do. For instance, many Linux users completely disabled their firewalls (rather than figuring out how to properly configure them) because they interfered with P2P applications by default.

Another side of that is that knowledgeable users of a particular system are always likely to be able to secure it better than they would a different OS, even if the other OS was slightly more secure by default. If you're dealing with two systems that have default vulnerabilities, than the more secure system is nearly always going to be the one with administrator who best knows that system.

The goal is to take the administration requirement out of the picture and have the OS always install to a state completely free of vulnerabilities, yet usable enough that users are motivated to deactivate some of the security measures. A more realistic approach realizes that a completely secure default installation will require all external services to be turned off. That means if your OS is meant to be a server platform, all your external services will need to be built to default to secure configurations at startup as well.
 
Old 08-28-2004, 04:40 AM   #12
atom
Member
 
Registered: Feb 2004
Location: Slovenia
Distribution: archlinux
Posts: 271

Rep: Reputation: 31
You convinced me out of my "linux virus free" beliefs, though i still believe that you missed my point on this one:

"Well, considering more vulnerabilities have been found in linux, there are less to be fixed in my opinion."

I of course know that new voulnerabilities are added to the code each day. The problem is that new voulnerabilities are spotted much sooner (and reported) on open-source software and that way easily and quickly eradicated.

I was not refering to the relative number of voulnerabilities which is computed by total-fixed, but rather the "fixed" only. Imagine if no voulnerabilities were fixed... that would mean that the ratio fixed/total would rapidly decline.

I hope you get what I mean now.



And what do you mean by the different x bits? I read about hardware execution controll, but I understood that the kernel emulates the behaviour by simply dissalowing to try and execute the program in the 1st place. I believe that I am wrong here, but could you explain?
 
Old 08-28-2004, 04:40 AM   #13
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
Quote:
For instance, many Linux users completely disabled their firewalls (rather than figuring out how to properly configure them) because they interfered with P2P applications by default.
yea .. firewalls are hard to set up, all they can really do is block invalid ports/addresses and keep open all server ports so that p2p and another app will still work, and regulate what is allowed in/out of certain interfaces

anyways

Quote:
Also, Windows NTFS file system has file permissions (in fact, much more granular than UNIX file permissions) and that is a native capability, so by your argument you could say that Windows is more secure than Linux. Also, specifically as it relates to Mac OS it also uses UNIX file permissions the same as Linux (it's built on FreeBSD), but it adds it's own special Apple restrictions on top so it actually has more file system protection than most Linux and BSD systems do by default.
if you want a more complex permission system use RSBAC , or something like it (grsec i think using something like rsbac it looks like), tho for the most people i think it would only be good for letting programs run as root, but no be able to write to part of the system they don't need to write to (useful to prevent daemons that have been compromised from killing the entire system)

Quote:
1.) The user data is the most important part of the system! You can quickly reinstall your OS if that gets damaged, but all the "stuff" that you're working on is what cannot be replaced.
it might be important .. but if you don't use a normal system setup (say you installed programs .. and that requires modifications in the /etc directory .. the system becomes a bit more valuable ...) users files can be replaced without too much pain, but the system requires a person siting at the keyboard reinstalling, reconfiguring ... and don't forget that kernel!
 
Old 08-28-2004, 04:28 PM   #14
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
SciYro:
users files can be replaced without too much pain
Huh? I don't follow you. Suppose you're working on a long document, like a book or a very large legal contract. You get a virus and it's wiped out. How is that "not too much pain" to replace? If there's no backup, it's gone forever unless you take the hard drive to a data recovery shop and pay them a couple hundred dollars, and even then it's not gauranteed. You could say "well they should have a backup", sure, but 99%+ of desktop/workstations have no backups.

Quote:
but the system requires a person siting at the keyboard reinstalling, reconfiguring ... and don't forget that kernel!
Most OSs take less than 2 hours to reinstall and then a little bit of additional configuration time. I fail to see how that's worse than losing data forever that might have taken weeks, or months to create.

Quote:
atom:
And what do you mean by the different x bits? I read about hardware execution controll, but I understood that the kernel emulates the behaviour by simply dissalowing to try and execute the program in the 1st place.
The X bit refers to pages in memory being marked as "executable". This depends on the CPU having a page structure that actually has separate Write and eXecute bits. As I mentioned, only a few of the 64 bit CPUs actually have this configuration. Most of them, like x86 and PPC do no differentiate between Write access and eXecute access.

So there are two different types of protection. One is very straightforward, which is to take advantage of the CPUs ability to mark pages as being Writable but not eXecutable. This is what Win XP SP2 does. It's also what has been added to the 2.6 Linux kernel.

The second type of protection is to actually separate where different pages are stored in memory based on whether they're Writable or eXecutable. This is what OpenBSD does and what the Openwall patch for Linux does.

Now, even on OSs with W^X protection (reads as Write exclusively or eXecute, i.e. write not execute or execute not write) this does not stop viruses. What it does do is stop a buffer overflow attack from being able to arbitrarily execute code. Even if you overwrite the stack, you can't execute the byte code that you just overflowed it with (it's writable, but not executable) so crafting a buffer overflow attack that will arbitrarily execute codes is incredibly difficult if not impossible.

Viruses usually don't require any buffer overflow to execute. Viruses work by tricking users into executing them, or by using active scripting capabilities in a user's application to execute themselves, or by attaching to another executable so that the code is run along with the normal program. W^X won't stop any of those attacks, since the virus is executing like a normal program. You would need something like systrace that won't allow programs to do unusual things.

For a good explanation of exploitation mitigation techniques, such as W^X, see this paper from OpenBSD.

Last edited by chort; 08-28-2004 at 04:36 PM.
 
Old 08-29-2004, 07:05 AM   #15
atom
Member
 
Registered: Feb 2004
Location: Slovenia
Distribution: archlinux
Posts: 271

Rep: Reputation: 31
Chort, that was enlightening .

You have my thanks. I really hate to be wrong without learning from it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question related to Linux filesystems, and XP kylere Linux - Newbie 5 08-01-2005 03:05 PM
virus question on Linux ako Linux - Security 2 05-06-2004 10:30 PM
Linux OS and file format related question. tusher Linux - Newbie 13 03-15-2004 02:48 PM
Not really Linux related memory question Aerlock Linux - Hardware 2 10-18-2003 09:10 PM
Linux Virus/Distro Question rvijay Linux - Security 7 08-24-2003 05:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration