Recently I had a Java exploit on Windows. Luckily Microsoft Security Essentials identified and removed it. Such things can happen on Linux as well, from what I've heard. Why does Linux offer no such detection?

Such things can happen on linux. But try googling for actual occurences.

They are all over. There is a stickie with "Firefox vulnerabilities" in this section, and if you Google this subject you can get many examples. Here is just one that pertains directly to what I'm talking about http://www.linux-tutorial.info/modul...icle&sid=11229

Also, how is one to know about a java exploit without any software that would alert the person to it?

There's several virus scanners available for GNU/Linux. Have you run the malicious code through any of these scanners to see if it's detected? It might be interesting to see the results of such experiments, if you're able and willing to share with us.

That said, keep in mind that if you're running software with publicly-known vulnerabilities in it, your best bet is to follow the manufacturer's (or the expert community's) recommended mitigation steps immediately, rather than waiting for some third-party tool to update its signature database and save you if you're lucky enough to get hit with an exploit it recognizes.

1 members found this post helpful.

One of the biggest differences between most Windows installations and most linux installations is difference in administrator privilege. The Windows concept of administrator is such that the primary account by default is an administrator account. Additionally, as has been demonstrated on several past occasions, Windows fails at encapsulating the OS kernel from user applications. Consequently, if malware is able to get ANY code to run, including java code or an Office macro, it is possible to completely hijack control of the OS itself. Consequently an infection can wreak a lot more damage than it can in a Linux system. Typically such an infection on a Linux system would be limited in its scope to the user's account and would be unable to acquire access to most critical resources.

Add to this that the average Linux user is more technically sophisticated than the average Windows user and hence is likely more aware of the signs of infection, more likely to avoid infections in the first place, and more likely to know how to deal with it effectively in the first place.

In essence, the issue isn't so much as Linux is immune to such exploits, it is that they are far less likely to spread and cause significant damaging.

Thank you noway2 and win32sux.

win32sux: the exploit that I experienced personally was on Windows, not Linux. The link in my 2nd post is to give an example of exploits that exist for Linux. Also I'm focusing more on exploits, in particular java and browser exploits.

Noway2: Thank you that was informative. My biggest remaining problem with this whole concept is that windows would be able to spot a java exploit quicker than Linux, even though more damage may be caused in windows. However, as you seem to suggest, this may be less severe with Linux distros that have regular security updates, and will be patched before the exploit can occur. Is this a good assumption?

edit--- sorry that was win32sux that suggested that last bit.

There is one other aspect effecting the majority of Linux installations that I forgot to mention and that I think helps to address your last question. In Linux, the vast majority of the installed software comes from designated repositories where the software has been examined by a team of people as well as cryptographically 'signed'. As a result, the need to install various applications from unknown sources is dramatically reduced. The net effect is that as long as one installs software only from the known repositories that the chance of acquiring 'infected' code is near negligible because the code base is more tightly controlled and its authenticity is verified before it is installed (the signing). Furthermore, in order to install such software, the user must knowingly grant privilege to do so making it much harder to slip something in on the sly.

2 members found this post helpful.

Yes, I know.

I understand that, but virus scanners will typically look for more than just viruses. I know that ClamAV, for example, has exploit signatures in its database, some of which are browser exploits which work (or have worked) on GNU/Linux.

That's a terrible assumption, IMHO.

There's really no guarantees that you won't be exploited before a patch has been released. In fact, there's no guarantees that you won't be exploited before a patch has even been created (or worse, before the manufacturer even suspects the vulnerability exists). Reducing your attack surface and implementing multiple layers of security will do much more for you on any OS than simply using GNU/Linux ever would.

2 members found this post helpful.

Thank you Noway2 and everyone else. This may sound like a silly question but, is a software package that is older and more "controlled" more safe than a software package that is newer and may therefore have less bugs?

depends, take the php CMS script drupal for instance, currently there is version 5.x, version 6.x and a beta of version 7.x

despite the fact that 6.x has been out for a while and a beta of 7.x, version, 5.x still recieves minor revisions (no new features just security/bug fixes)

another example would be the linux kernel itself, there is still maintenance being done on the 2.4 kernel despite the fact that the 2.6 kernel is up to minor revision 37

so ultimately it depends on the package, whether older versions are still maintained with minor revisions or not and how well maintained they are, since otherwise older versions will have known exploits and will take less effort to crack since the exploits are already known, either way as long as you stay away from the most bleeding edge versions with potentially incomplete features, any revision marked 'stable' should be adequately secure, that being said no software is 100% secure

I didn't read every post.

If you want to stop these java exploits, there is an add-on for firefox for it, called "no script" that is supposed to stop every script, but the ones you enable.

I think that is for javascript, not Java. They are different things.

And after reading the link the OP posted, there was no specific threat mentioned, only that it may be possible.

I also read the sticky thread and could find no mention of Java exploits either in the first 5 pages or the last 3 pages.

Do you realise that java and javascript are completely different things ?

Maybe I'm confused too. I thought Java was a subtype of Javascript. A quick Google scan-over reveals that the two have a close relationship, though I had trouble making sense of just what that relationship was, so I'll be doing more reading (hopefully). Also, the addon he mentioned also blocks Java, optionally.

The reason I mentioned "it may be possible" is because, if there is no reliable software to check for such things, I thought it could be a threat that no one would see if they became infected. However, it now appears to me that there is some anti-virus and anti-rootkit software that *may* be able to identify these things.

Thanks for your replies everyone.

Thanks for your reply.

What is the purpose of these repositories with software several years old (for example, in Ubuntu) if any stable software is going to be as secure?

Actually Java and Javascript have nothing to do with each other beyond the fact that both are used in web-based applications. Their roots as programming languages are light-years apart. This is a nice comparison.

At least in my opinion, keeping older software stems from a "if it ain't broke" philosophy. A lot of people (me included) tend to view new stuff as untested and would prefer to rely on software that has been through the mill for a bit rather than jump on the latest stuff which may have undiscovered problems. Stable != secure in all cases. As long as the older stuff does what you need it to do and is maintained and patched, why switch?