Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I guess Linux is inherently more secure than Windows because the Administrator or root can only make changes to the system. Since everybody is root in Windows, viruses and spyware can make system changes without any problem. What's to prevent the administrator from unknowingly downloading and installing malicious software that's included with a program or file?
Originally posted by jacatone
What's to prevent the administrator from unknowingly downloading and installing malicious software that's included with a program or file?
You're not supposed to (nor do distributions ever encourage you to--except Linspire) ever run as root. Sometimes distributions (like Ubuntu) will disable root altogether. Usually people log in as root only to make system changes. Then, they log right back in as user (or should). And most of the installation you do is actually through your user account, only temporarily assuming root privileges to install the software.
Could you download and install malicious software? Well, it wouldn't be unknowingly, because you're prompted for a password when it tries to install. And most software created for Linux is not malicious (however, a ton of stuff for Windows on Download.com is malicious). Usually if you stick the repositories, you're pretty safe.
I'm just learning Linux and I guess I don't quite understand the whole administrator/user system. Obviously no one installs malicious code knowingly. What protects a user from doing so if they're able to gain temporary administrator privileges?
You are correct that, if an administrator (or someone who gains that privilege) installs a program that contains malware, the system is in deep doo-doo. In fact that's always how it happens.
One way that package authors prevent this is by generating MD5 checksums of the package and by signing them using public-key cryptography. This prevents the package from being unknowingly modified. But in any case, packages do need to come only from trusted sources.
It is wise to install packages as a non-root user, designated for the sole purpose of system maintenance, unless the package modifies core files such as those in /bin or /lib. Some packages are lazy on this score. But the effort is worth it.
And it's all a big step forward from the usual status quo on Windows, in which everyone's an Administrator (too often...) and malware gets loaded, deep into the heart of the system, without anyone knowing it was done!
The real reasons that Linux is more resistent to viruses/spyware is that there are no automatic execution vectors for this stuff to infect you through. For example Linux has no equivalent of the ridiculously insecure ActiveX (which is probably responsible for most spyware infections) nor have any of the Linux email clients had anywhere near the security problems surrounding Outlook Express (and Outlook as well), which for a time was probably responsible for most virus infections in Windows.
So to get an infection you would have to manually download, change the permissions on and then run something. Combine this with the fact that most Linux software is distributed by repositories of packages built by trusted people (ie. the company that makes your distribution isn't going to insert malware - it'd kill their business) and the fact that most Linux users are pretty computer-literate and you have an environment where viruses and spyware get nowhere, they simply don't spread.
This may change somewhat if more computer-illeterate people start using it, but it'll never be as bad as its been on Windows the last few years.
The root account in Unix/Linux systems is more powerful than the Administrator used by Windows, and it is because of the flexibility that lets you control almost any aspect of hardware/software interaction.
So, "Unix/Linux security" means comprehension of the model used to make programs run and things work.
To protect yourself against accidentally deleting data, you must know what you're doing everytime, and to apply the correct measures when bad things happen...
To protect yourself against unknown malware, you must know what they do (and what they can possibly do, and what they can't definitely do).
Security is an ever dynamic process. There are no "tricks". No final state.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.