Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
07-25-2005, 09:27 PM
|
#16
|
Member
Registered: Jun 2005
Posts: 542
Rep:
|
Quote:
Do you need to worry that every little thing you do in Linux could possibly let in a virus?
|
No, unless you're running a sensitive server. Securing your box and updating it should be fun... The paranoid mindset ultimately undermines your health.
Another problem is that many paid "professionals" wants all things done in a hurry. Things cannot be made right that way.
Quote:
Nothing's ever 100% fullproof.
|
This is a security fact, and it may be a Zen truth... All things must evolve
Any fun in life comes from things not being 100% predictable. But this is philosophy and common sense anyway. Let's talk about computer (in)security because it's stimulating.
|
|
|
07-26-2005, 06:33 AM
|
#17
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
This virus/malware thing it quite interesting. I have a lot of Microsoft geeks telling me that they will come hunting us as soon as Linux gets popular enough. But then I start wondering. Aren't we popular enough? I mean come on, we have a part of the desktop market, that should be interesting for a virus/malware writer. And we have a lot of market share in the server area, wouldn't it be nice to spread virus or spyware to servers? Come on, we are big enough for viruses IMO, still we have not seen ANYTHING except a handful of viruses written in labs. How long do we have to wait before we are big enough to get infected? I think that it will not happen actually, maybe some few but not as much as in the M$ world.
My opinon, RFC..
|
|
|
07-26-2005, 11:35 AM
|
#18
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,911
|
I ran WindowsME for years, actually up until last November when my windows hd died. Not once did I get a virus/trojan.
I used a:
1) router with builtin firewall. My system was stealthed according to the test at grc.com with no open ports.
2) Antispyware apps like Spyblaster, winpatrol
3) Used Mozilla then Firefox as my browser
4) AVG antivirus
5) Used a host file to block a lot of bad crap
6) Spampal with a few plugins for my email (block 99% of bad/spam emails)
7) Used Xenobar and the popup blocker in Mozilla/firefox
8) didn't use java unless I needed it to play a game
9) never downloaded and install anything , unless it was from a trusted site ; no cracks, no shareware with other apps included
Never in 5 years did my windows machine get any type of infection.
|
|
|
07-26-2005, 11:36 AM
|
#19
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,091
|
The original design of the Windows-NT kernel was definitely weakened by some of the things that Microsoft did during its court-battle. They seriously compromised also in an effort to enable "old" programs to run, that shouldn't have. But still, their basic design can be securable, at least far-more securable than it turns out to be today.
Yet this is a Linux forum, and I know that.
The reason why I say "popularity" is simply that script-kiddies can create, and mass-produce and mass-deploy, attacks that are "stupid as sin," as far as computer-programs go, yet they work and cause havoc because an exploitable number of IP-addresses out there will turn out to be running Windows, and will turn out to have security (effectively) turned-off, or be an older version that has no security at all. The programs are exploiting nothing more than random chance. Your overall odds of encountering and being bedeviled by a "script kiddie" are much higher than that of being singled-out by the Kremlin or the CIA. Thus, a comparatively simple defense consisting mostly of "basic precautions" (such as running Linux  ) are extremely effective.
But enuf of this... 
|
|
|
07-26-2005, 12:57 PM
|
#20
|
Member
Registered: Jan 2005
Posts: 55
Original Poster
Rep:
|
Quote:
Originally posted by primo
Well, Microsoft doesn't help anyway because their programs access the secret innards of the Operating System, which is dangerous..... Their dirty tricks backfire....
You can only "secure" a Windows machine if you turn off NetBIOS, Windows Messenger, UPnP, Active-X (which a lot of sites use) and MS-"RPC" (used by many services) and block their own programs to protect their own OS.
NTFS permissions, too, are ugly... How can most people ever use them effectively?
Their patches are all faulty... How can you trust them?
Also, you must update the antivirus almost everyday. Your box is not only insecure while it's being online: it is too if it was turned off some time
You can secure a Linux machine without the need to reboot (unless you update your kernel)
Any Windows box is a waste of computing power
|
Thanks everyone for enlightening me =)
one more qn. how do we access those Active-X sites securely? i mean since this enabling Active-X provides security loopholes, rite? Does disabling active-x prevent the website from showing all its content?
Sorry for my ignorance. =)
|
|
|
07-26-2005, 02:37 PM
|
#21
|
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109
Rep:
|
Quote:
Originally posted by craigevil
I ran WindowsME for years, actually up until last November when my windows hd died. Not once did I get a virus/trojan.
I used a:
1) router with builtin firewall. My system was stealthed according to the test at grc.com with no open ports.
2) Antispyware apps like Spyblaster, winpatrol
3) Used Mozilla then Firefox as my browser
4) AVG antivirus
5) Used a host file to block a lot of bad crap
6) Spampal with a few plugins for my email (block 99% of bad/spam emails)
7) Used Xenobar and the popup blocker in Mozilla/firefox
8) didn't use java unless I needed it to play a game
9) never downloaded and install anything , unless it was from a trusted site ; no cracks, no shareware with other apps included
Never in 5 years did my windows machine get any type of infection.
|
This speaks for itself. Windows takes much more effort to make secure. Not many people know about securing their Windows and what do we have? A lot of zombies sending spam all over the Internet.
Why would one need to make so much effort avoiding malware/viruses? Use Linux and get rid of it. We do not have IE, and Thunderbird gets rid of all my spam at least. And we have a tougher environment for malware and viruses.
|
|
|
07-26-2005, 02:52 PM
|
#22
|
LQ Veteran
Registered: Mar 2003
Location: Boise, ID
Distribution: Mint
Posts: 6,642
Rep:
|
Quote:
Originally posted by sundialsvcs
... It isn't Windows' fault... it's theirs!
|
I think you're being far too lenient on Microsoft. Yes, it's true that many security breaches are due to the user being careless (such as opening .exe attachments in Email) but it's also an unavoidable fact that there are huge numbers of security vulnerabilities inherent within Windows, particularly with IE. Specifically, if somebody is simply using their PC to surf the Internet, these vulnerabilities expose the user to being hacked, through no fault of their own. My "favorite" (?) example of a Windows vulnerabilty is this security bulletin from last year. To quote:
Code:
Identified security issues in Internet Explorer could allow an attacker to
compromise a Windows-based system. For example, an attacker could run
programs on your computer while you view a Web page. This affects all
computers with Internet Explorer installed (even if you don’t run Internet
Explorer as your Web browser).
(bolding added for emphasis)
Lovely - so in other words if Joe Newbie happens to simply accidentally type a bad URL and ends up visiting a malicious web page, regardless of whether or not he's even using IE, his system can be compromised. This is not a hallmark of a secure OS. Granted, one could argue that Joe Newbie "should have known" that he shouldn't be running under the Admin account, but it would be plain unrealistic to assume that non-technical people would somehow just automatically realize this. Let's face it, for most non-techies, a PC is just an appliance like a TV or microwave, and they just want to be able to take it out of the box, plug it in, and start using it, without having to go through complicated series of preparation actions. Practically speaking, taking the steps to secure a box is just not something that the typical non-techie is capable of doing (heck, even 'simple' tasks like installing a new video card or adding a second hard drive are too intimidating for most non-techies to even attempt) and Microsoft doesn't help matters by making the Admin level the default.
Overall, I agree with you on the point that there are many cases where the user's action was the direct cause of the problem, but I think it's valid to say that there is plenty of blame that can properly be attributed to Windows as well. Just look at the continuous parade of new, "critical" security patches coming out of Redmond. Just my 2 cents -- J.W.
|
|
|
07-26-2005, 03:05 PM
|
#23
|
Senior Member
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775
Rep:
|
Quote:
Originally posted by Ephracis
This speaks for itself. Windows takes much more effort to make secure. Not many people know about securing their Windows and what do we have? A lot of zombies sending spam all over the Internet.
|
I think the point of that post was to say it is possible to run Windows securely--it's not inevitable that you will be infected if you take precautions. But your point is a good one--the precautions you have to take are quite sophisticated (I know this because I use Windows XP at work, and I have to take similar precautions--a lot of my co-workers who don't do so get infested with malware).
Quote:
Why would one need to make so much effort avoiding malware/viruses? Use Linux and get rid of it. We do not have IE, and Thunderbird gets rid of all my spam at least. And we have a tougher environment for malware and viruses.
|
Well, this isn't really fair. I'm a big proponent of Linux (just read the links in my sig), but it is not for everyone, and it cannot meet every need. There is some software that runs on only Windows (I've just been playing around with Google Earth, for example, and there's no Linux version of that). Also, switching to Linux isn't easy. I'm not saying using Linux isn't easy. I think using Linux is a lot easier than using Windows, but switching is hard. People are used to Windows. They usually don't have to install Windows. Commercial software is almost always made for Windows. It's not like they can just start using Linux and life is a lot easier. Linux is an investment of time just as securing a Windows computer is an investment of time. I've just found proactively investing my time in learning to install and use a new operating system is more fruitful than retractively investing my time in learning to defend an old operating system. That's my choice, though. I can't make that choice for anyone else.
|
|
|
07-26-2005, 03:24 PM
|
#24
|
Senior Member
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775
Rep:
|
Quote:
Originally posted by sundialsvcs
The reason why I say "popularity" is simply that script-kiddies can create, and mass-produce and mass-deploy, attacks that are "stupid as sin," as far as computer-programs go, yet they work and cause havoc because an exploitable number of IP-addresses out there will turn out to be running Windows, and will turn out to have security (effectively) turned-off, or be an older version that has no security at all. The programs are exploiting nothing more than random chance.
|
I don't know if it is as simple as that. Sure, there's a grain of truth to what you're saying. If five out of seven people are wearing blue shirts, and you "spray" them with a machine-gun, you're more likely to hit someone with a blue shirt than a red shirt.
Still, the same "bullets" that harm Microsoft do not necessarily harm Linux. Scripts usually have to be designed to exploit a particular system's vulnerability/structure. If someone doesn't have Wine installed on her Linux computer, not only will an .exe do very little harm, it will probably do nothing at all. Likewise, if you don't have ActiveX, it doesn't matter if your IP address gets randomly "selected," ActiveX exploits won't do anything to your computer.
There are also a lot of social components to malware-writing ("script-kiddies," as you call them). Anyone who's going to write a piece of malware has one of two motives: mischief or greed. If a piece of malware steals credit card info and logs keystrokes to get passwords, that's probably motivated by greed. If it just makes people's systems crash and pop up an animated bunny that repeatedly says "Ah ha! Ah ha! Ah ha!" it's probably motivated by mischief. And why would "script-kiddies" want to cause mischief in Linux-land? They probably wouldn't. Delinquents and criminals often view themselves as anti-establishment, and what could be more "establishment" in operating systems than Windows? So, they target Windows.
|
|
|
07-26-2005, 03:28 PM
|
#25
|
Senior Member
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775
Rep:
|
Quote:
Originally posted by Itachi
one more qn. how do we access those Active-X sites securely? i mean since this enabling Active-X provides security loopholes, rite? Does disabling active-x prevent the website from showing all its content?
|
There are very few websites out there that require ActiveX in order to be functional. I think it's safe to say that you should use Firefox, Opera, or some alternative browser on almost every site you visit. If you come across one that absolutely requires ActiveX to function, visit that one page with IE. Change all your IE settings to maximum security, and put that one site on the "Trusted sites" list along with Windows Update. Then, if you're using Firefox, you can download the IEView extension, visit that page, go to Tools, and click on "Always View this Page in IE." Then, every time you visit that page, it'll automatically pop up in Internet Explorer, so you can use ActiveX.
I have yet to find a single site (besides Windows Update) that I use or have even visited that requires ActiveX for functionality.
|
|
|
07-26-2005, 04:31 PM
|
#26
|
Member
Registered: Jun 2005
Posts: 542
Rep:
|
Quote:
This virus/malware thing it quite interesting. I have a lot of Microsoft geeks telling me that they will come hunting us as soon as Linux gets popular enough.
|
These Microsoft "geeks" have nothing better to do... They target a popular OS to boost their little egos. Nothing more...
I bet that, if they try to switch to Linux, the 1st thing they'd do is to go into IRC and brag about their new found toy.
This is totally different from the romantic portrayal of hackers who want to learn something new, or real anti-establishment crackers who dream to hack into nuclear sites and deactivate these bombs, or something alike... See http://www.theregister.com/2005/07/1...ences_hackers/
I still can't compreheend how much does "popularity" affects security. The only obvious thing is that a bug would harm too much machines (and the solution would be to fight monopoly). I believe that technical design has a lot more weight (much like personal will over fate, although they're not the same thing)
Last edited by primo; 07-26-2005 at 04:36 PM.
|
|
|
08-24-2006, 05:33 PM
|
#27
|
LQ Newbie
Registered: Apr 2006
Posts: 23
Rep:
|
Quote:
Originally Posted by craigevil
I ran WindowsME for years, actually up until last November when my windows hd died. Not once did I get a virus/trojan.
I used a:
1) router with builtin firewall. My system was stealthed according to the test at grc.com with no open ports.
2) Antispyware apps like Spyblaster, winpatrol
3) Used Mozilla then Firefox as my browser
4) AVG antivirus
5) Used a host file to block a lot of bad crap
6) Spampal with a few plugins for my email (block 99% of bad/spam emails)
7) Used Xenobar and the popup blocker in Mozilla/firefox
8) didn't use java unless I needed it to play a game
9) never downloaded and install anything , unless it was from a trusted site ; no cracks, no shareware with other apps included
Never in 5 years did my windows machine get any type of infection.
|
None of which you were aware, at least. Many of the malware programs that took/take advantage of undocumented or little documented MS security holes are not detected, i.e., the HUGE WMF hole that had been a part of the OS for ages.
I had a friend illustrate, in 1994, MS Corp's use of their OS/Office software to clandestinely gather (what I would consider) sensitive information. It was not documented, he just happened to catch it.
http://www.manilastandardtoday.com/?...06_july04_2006
http://www.junkbusters.com/microsoft.html
The problem with a closed development system is the timeliness of security issues reporting. With OpenSource, it is transparent, with a proprietary system, what you do not know CAN hurt you, and you would be none the wiser.
EDIT: Fixed grammar error & added links
Last edited by sosborne; 08-24-2006 at 05:38 PM.
|
|
|
08-24-2006, 10:25 PM
|
#28
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep: 
|
No one is mentioning the fact that Windows actively encourages you to run as an administrator. This encouragement comes about because of the difficulty in becoming an administrator if you are doing the right thing and browsing as a restricted user. If you need to do administrative things, you have to change your logon, which is a royal pain.
Not only that but many third party software developers (notably Electronic Arts) are putting out products that simply won't run unless they have administrative rights.
Anyone who codes a game that needs administrative rights should be put out of business, IMNSHO.
Nonetheless, it happens. I actually have gone to the effort of setting up security profiles and establishing run scripts for some EA games so that my kids could play their games on Windows computers with the restricted access which is all I give them.
So, Microsoft actively encourages bad behavior by users (running as administrator) through their design decisions, third party developers get lazy and require bad behavior to use their products, and the Clueless User, who only knows Windows, doesn't want to be a guru, and doesn't understand what/why constitutes good behavior, gets thoroughly screwed.
And, as I say all of that, I say it on my WinXP laptop, where I am logged in as an Administrator (bad behavior) and connected wirelessly to my LAN, where I am browsing the net via an SSH tunnel to my Linux workstation with the HTTP proxy on it.
|
|
|
08-26-2006, 04:29 AM
|
#29
|
LQ Newbie
Registered: Apr 2005
Posts: 5
Rep:
|
Thank you kindly. This information is very usefull for me. Great site! Thanks again!
--------------------------------------------------------------------------------------------------------
http://www.neolink.ro
|
|
|
08-26-2006, 04:08 PM
|
#30
|
LQ Newbie
Registered: Nov 2005
Posts: 8
Rep:
|
IF a windows computer is infected with something, is it possible to key-log what you type into ssh vpn and https programs?
this would be horrible for online banking and such
|
|
|
All times are GMT -5. The time now is 08:22 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|