LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-05-2014, 03:48 AM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603

Quote:
Originally Posted by Yodelingisfun View Post
I was reading a thread here and noticed that it was "closed" so when I noticed that the person hadn't been actually helped and I tried to post a reply, I got the "your post is awaiting moderation" message. I have no idea what that means, and it's not in the FAQ AFAIK.
A "your post is awaiting moderation" message may occur for example when your create your first post in the technical forums. (Obviously that message should also tell you to just be patient and wait until a moderator unlocks it.)


Quote:
Originally Posted by Yodelingisfun View Post
So sorry if this is a rehash, but seriously why does everyone think that Linux is perfectly safe from all attacks? Maybe you just don't know because your AV solution s*cks or is nonexistent. (..) If you have no AV solution, or your AV solution is weak, you have no way of knowing if something is silently recording your keystrokes, collecting your banking information or whatever else you're doing online. (Credit card info? Paypal?) (..) Most of these on-access real time scanners are either free to try (..). But they should not be ignored completely by the Linux community if we are to present a professional and complete image of Linux capability today.

(..)

It's my opinion that we should mention these options in one breath with other more typical Linux security solutions when this topic is broached. Otherwise people who are seeking to try Linux will be scared away because they don't feel comfortable enough "yet." You can't please everyone, that's true, but we already have solutions to please people concerned about this. Use them.

(..)

for adoption of a safe computer system by "the masses" you'd need something equivalent to Norton(..)
IMHO it would be best not to link your statements up or cloud things over by making broad statements about Linux like "present a professional and complete image of Linux capability today" as the Linux ecology already has shown proof of that: in the way the kernel and user land matured over the decades, in the way it has successfully penetrated non-desktop and non-server markets and in the way it's accepted and used by governments, corporations, institutions and private users alike for business critical processes.

Secondly computer users who are not familiar with UNIX or Linux in terms of concepts or basic usage (let alone its threatscape) may model their expectations of Linux solely on past experiences with other OSes which is not how Linux should be used. (Let's forget the other half who won't even realize there's a Linux OS underneath their device UI.)

Like I said in the other thread, the question those users should ask instead really should be: "What do I need to do to keep my Linux installation safe?". The answer to that may include "install an antivirus application if ..." but it certainly is not item 0, 1 or even 2 on the list.
 
Old 04-08-2014, 12:51 PM   #17
Yodelingisfun
LQ Newbie
 
Registered: Apr 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Smokey_justme View Post
One word: Updates.
Yup, you do that on Windows too. Same old, same old.

Quote:
So, a program with an iptables simple GUI and some automation (possible online db with rules for services) .. virus definitions and scanner.. rootkit scanner .. Hmm.. all this kind of automated for desktop/laptop users might be good, who am I to say no.. I simply don't see it in the near future and to be honest, I don't see the need for it in the near future...
There is a need, if only to make people feel more comfortable adopting Linux. I think you (the Linux community) are scared of losing the cachet of being the guru who can administer an obtuse system. But computer maintenance is an endless and thankless task and always will be in any OS.

It's interesting that in Linux, I mention that it would be good to have a tool to do something and everyone says, It's not needed. But in Windows or Mac, I say that and people say, I wish my boss would spring for that the cheap bastage. Partly it's because tools exist in the for-pay OS worlds. Partly it's because it's just too much work to put something like this together in the Linux world. It's something people would only do if they were being paid for it I think.

It also limits the size of the linux network because how will you secure something like a network with 50 or 60 servers supporting 2000 desktops, some of which are Macs because designers won't use anything else, and some of which are Windows because execs won't use anything else... how will you secure it without monitoring that pulls data from active full-range defenses on all the endpoints? Will you really touch every computer and server at least once a week to make sure it's updates/secure/ok? Why does the client/server Linux solution from Symantec exist if not for this purpose?

I'm not just talking though my hat here, I've maintained a Windows/Mac/Linux environment like that (obviously not alone), but it was mostly Windows. Would've been great to get more Linux in there, but we had the same issues then, that still exist. The monitoring and security tools just aren't there because everyone is dedicated to not looking for problems. You can continue to close your eyes to this, but business decisions are being made while you're denying it. So are personal consumer decisions.
 
Old 04-08-2014, 01:00 PM   #18
Yodelingisfun
LQ Newbie
 
Registered: Apr 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
A
Secondly computer users who are not familiar with UNIX or Linux in terms of concepts or basic usage (let alone its threatscape) may model their expectations of Linux solely on past experiences with other OSes which is not how Linux should be used. (Let's forget the other half who won't even realize there's a Linux OS underneath their device UI.)
An OS is an OS is an OS. It's not a magical beast that came from the land of Oz. It mediates between Applications and Hardware. That's all. I'm talking about application availability. Don't tell me that you believe that the application environment in Linux is so very different than Windows or even Mac OS9, that it doesn't need protection from exploitation. That is magical thinking. Malware of any kind is just another application. No OS is immune.
 
Old 04-08-2014, 01:03 PM   #19
Yodelingisfun
LQ Newbie
 
Registered: Apr 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by k3lt01 View Post
And this article is relevant now how? Debian is at 7, RedHat 8 was about 2001-2 and Slackware is at 14. The problem here is reading old material to support a point of view that is still not current (12-13 years later) isn't giving you an accurate picture.

As mentioned before, and not only by myself now, the best thing a Linux user can do to keep their system safe is to keep it up to date.
It's relevant because it's an illustration that all the different versions have different commands. This leads to complexity.

Unless... are you saying these commands are exactly alike in the current version of all 3 different flavors of Linux? Please look them up and post, and I will be corrected.
 
Old 04-08-2014, 01:12 PM   #20
Yodelingisfun
LQ Newbie
 
Registered: Apr 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Smokey_justme View Post
While I agree monitoring helps, this is not heuristic however, and still doesn't answer how would AV implement heuristic that work for pure Linux malware..
Wowwwwwwww, you don't expect much do you? Explain how heuristics works on pure Linux malware, huh? Well, maybe in my Doctoral Dissertation. Meanwhile, you can read this:

http://en.wikipedia.org/wiki/Heurist...Virus_scanning

If you expect more than that from me, you'll have to ask a stone for blood.

Quote:
Actually, I'm sorry but I cannot totally agree with you.. Norton Internet Security is by far the worst program ever made. It's a virus by definition.. Just try to uninstall it and you'll see what I mean.. Then there are the number of free security products that, well.. make you want to throw rocks at the screen..
Sooo, by that I gather that you use Linux to avoid using security products in the first place? That would explain a lot about why people don't bother with AV on Linux. But frustration with security products is kind of childish isn't it? Especially complaining about free ones. Especially since everything on Linux can be free, and usually is. Do you refuse to use the goggles in chemistry class too?

Last edited by Yodelingisfun; 04-08-2014 at 01:24 PM.
 
Old 04-08-2014, 01:59 PM   #21
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by Yodelingisfun View Post
Yup, you do that on Windows too. Same old, same old.
With tiny bits of differences, yes.. Same old.. It's just the most smart thing you can do

Quote:
There is a need, if only to make people feel more comfortable adopting Linux. I think you (the Linux community) are scared of losing the cachet of being the guru who can administer an obtuse system. But computer maintenance is an endless and thankless task and always will be in any OS.
An AV (and usually security programs) complicates things. Always. So fear of simplifying can't be it..
As for the administering part (that's not about the AV anymore) this is not true for a lot of distros this days..

Here's the truth.. The guys that actually care and know about security won't like being limited to a box asking you if the cable is part of the LAN or part of the INTERNET.. That simply won't suffice..

And considering how many people would simply hit the first answer they manage to get without knowing or caring about what happens behind the scene, I think that would be worst thing people can invent.. The same would go with a very simple and automated AV... or with mostly anything security related for that matter.

Quote:
It's interesting that in Linux, I mention that it would be good to have a tool to do something and everyone says, It's not needed. But in Windows or Mac, I say that and people say, I wish my boss would spring for that the cheap bastage. Partly it's because tools exist in the for-pay OS worlds. Partly it's because it's just too much work to put something like this together in the Linux world. It's something people would only do if they were being paid for it I think.
That's because people that actually use the suggested stuff, already have that tool.. Probably even more powerful.. Or that most long-term Linux users know what they want.
If you're still refering to the AV.. Linux DOES HAVE solutions.. A lot of the major AV software is also available for Linux..


Quote:
It also limits the size of the linux network because how will you secure something like a network with 50 or 60 servers supporting 2000 desktops, some of which are Macs because designers won't use anything else, and some of which are Windows because execs won't use anything else... how will you secure it without monitoring that pulls data from active full-range defenses on all the endpoints? Will you really touch every computer and server at least once a week to make sure it's updates/secure/ok? Why does the client/server Linux solution from Symantec exist if not for this purpose?
Very secure... Networking is what Linux does best.. And you should ensure every computer (regardless of the OS) gets updated at least once a weak.. Even more, push severe updates ASAP. If someone is managing such a network and don't follow at least one security mailing list.. or somehow follow at least one security feed, then that person should be fired..

Btw, you do know that AVs should be updated at least daily, no?

About the client/server Linux solution from Symantec.. I don't have a clue abut that.. But if you're happy with it, use it Just remember it's just a tool to be used by the sys-admin.. Installing it, configuring it, and then forget about the clients or server is almost as bad as doing nothing at all in the first place..

Quote:
I'm not just talking though my hat here, I've maintained a Windows/Mac/Linux environment like that (obviously not alone), but it was mostly Windows. Would've been great to get more Linux in there, but we had the same issues then, that still exist. The monitoring and security tools just aren't there because everyone is dedicated to not looking for problems. You can continue to close your eyes to this, but business decisions are being made while you're denying it. So are personal consumer decisions.
Ok.. You can say a lot of things but not "The monitoring and security tools just aren't there".. You do realize that most firewalls/gateways are Linux systems? This is actually what Linux does best.. Windows and Mac have the desktop user target, Linux (*nix) has always been the choice for any big network.. Hell, I think (I remember reading this somewhere -- but I might be wrong) even Microsoft and Apple uses Linux for the backbone of their network.. I'm sure every other big name does it..

Last edited by Smokey_justme; 04-08-2014 at 02:02 PM.
 
Old 04-08-2014, 02:10 PM   #22
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by Yodelingisfun View Post
An OS is an OS is an OS. It's not a magical beast that came from the land of Oz. It mediates between Applications and Hardware. That's all. I'm talking about application availability. Don't tell me that you believe that the application environment in Linux is so very different than Windows or even Mac OS9, that it doesn't need protection from exploitation. That is magical thinking. Malware of any kind is just another application. No OS is immune.
Yes, but in Linux you already have legitimate tools that can do malware stuff.. Got access to a 'root'? Install tinyssh (that is a real and legitimate application) and you have a backdoor. I've already tried telling you this.. In Linux misconfigurations and exploitation of the public services (stuff that goes online, like ssh, http server) is the dangerous thing..

There are a few written malwares, but they can't reproduce like they do in other OSes (e.g. Windows) because on a system in which most users aren't spending their days in 'root', it's not as simple as sending someone an e-mail...
 
Old 04-08-2014, 02:24 PM   #23
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by Yodelingisfun View Post
Wowwwwwwww, you don't expect much do you? Explain how heuristics works on pure Linux malware, huh? Well, maybe in my Doctoral Dissertation. Meanwhile, you can read this:

http://en.wikipedia.org/wiki/Heurist...Virus_scanning

If you expect more than that from me, you'll have to ask a stone for blood.
Fair enough.. My point is that Linux malwares are close to legitimate applications.. It would almost be impossible for an AV to use heuristic to catch serious malwares before they have a signature..

Quote:
Sooo, by that I gather that you use Linux to avoid using security products in the first place? That would explain a lot about why people don't bother with AV on Linux. But frustration with security products is kind of childish isn't it? Especially complaining about free ones. Especially since everything on Linux can be free, and usually is. Do you refuse to use the goggles in chemistry class too?
No.. In my case I use linux because of the security tools (ssh, iptables -- both related to networking) and the overall security and stability of the system.. I'm also not frustrated on AV security products (or any other type of security product).. I've even mentioned situations in which AV solutions are a must (public or even private FTP, e-mail server, SAMBA.. etc).. But that's mostly to protect the users using those services..

P.S. Yes, I dislike Norton Antivirus, or Norton Security blabala.. I keep my opinion that it's an actual malware in itself..

Last edited by Smokey_justme; 04-08-2014 at 02:26 PM.
 
Old 04-09-2014, 01:17 PM   #24
Yodelingisfun
LQ Newbie
 
Registered: Apr 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
As far as whether the "backbone" of networking runs on Linux... possibly some of the smaller ones, but I'm pretty sure corporate ones run on Cisco and/or some of the fiber ones which often have proprietary OS's, though some do use Linux (The sellouts! Abandoning Load/Store! For shame! :P ).

I am wondering if we are talking about the same thing regarding network monitoring. In particular, since the network I was administering was NOT mostly Linux, I've only recently started looking for Linux solutions of the kind I was using there. I can't say about their quality but they do seem to exist as you say. Not sure of their full capability, it would take some digging to figure it out, and compare products. To be very clear, I'm talking about something like this:

http://sourceforge.net/projects/midas-nms/

and/or this

http://sourceforge.net/projects/snare/?source=directory

Anyway, thanks for the debate, I don't see that we will agree, or that we have to, if you're satisfied and I'm not, the world won't blow up over it. From my POV, I need to do some research into these network monitoring tools and see what versions they work with and what adjunct tools are needed (a complex undertaking on any OS). Maybe that will lead me to the solution I'm looking for and haven't been able to find.

Unfortunately, it still leaves the average home user in the dirt, because they really do expect something like Norton Internet Security or the equivalent product from another company to keep them safe with little or no intervention or thought or effort. And it does seem effective in its environment so I can't see why such a product wouldn't be effective here.

The only things that have ever sneaked by such software are (since about 1995, it has happened to me 3 times on M$ that I had to rebuild a PC due to viruses I couldn't remove, that's all, 3).. are zero-day attacks from drive by downloads I didn't agree to. This is the third time. I imagine people will fewer skills have to do it more often, but I honestly don't even encounter virus warnings more often than once every 8 months.

If that drive-by were capable of affecting Linux, and I followed the advice of weekly scanning... on an average day, that would mean it was there for 3 days before being detected. I'm not a fan of such a possibility. I don't think this comparison makes Linux attractive to users who come here seeking security.

While I continue to use SUSE and have done so since around 2003/4, I can't see myself doing transactions online until I reboot. My husband told me a story regarding this, he says the more paranoid people at his work create a VM, do their banking, and then delete the VM. It might work as a workaround. Might be nice to look into VM's anyway so I can play games without rebooting.

It's good to have ideas from the peanut gallery.

Last edited by Yodelingisfun; 04-09-2014 at 01:43 PM.
 
Old 04-09-2014, 01:48 PM   #25
Germany_chris
Senior Member
 
Registered: Jun 2011
Location: NOVA
Distribution: Debian 12
Posts: 1,074

Rep: Reputation: 500Reputation: 500Reputation: 500Reputation: 500Reputation: 500Reputation: 500
I'm a completely average user and I don't expect a Norton/Kapersky/Clam et. al. to do anything.
 
Old 04-09-2014, 03:16 PM   #26
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
@Yodelingisfun: End-users are actually more safe in Linux just by using any major distro than they are by default in Windows (even with an AV solution).. You have to understand that the whole root/user privilege separation is not just a joke.. It means that keyloggers can't exist in a process without root privileges (even then, if I'm not mistaken, it can't be done in user-space level and needs to be loaded as a kernel module -- which by the way can be monitored)..

Sure, a malware written for Linux that managed to get in somehow AND executed, could transfer files, or could transfer unprotected browser password.. Or stuff like that.. But nothing can protect one from that other than themself by using plugins like Adblock, Disconnect, or even better, NoScript.. And sure, this doesn't protect you from phishing attacks.. But just because the whole system isn't going down and other users are not affected, you should understand why I'm saying this is by default safer.. you might have had luck with your 3 strikes, but I've never had a Linux infected system that needed reinstalled.. Even a break-in with a backdoor (they managed to get it because of some bad PHP-code on the server and me not runing in chroot or a VM, the web-server) was fixable quite easy (and lucky me, it wasn't even hard to catch) .. Even that was on a playground server that was for me and a friend... Hell, come to think about it, that was my only bad case..
Malware problems? None...

On Windows on the other hand, while I myself can't complain very much, I still find computers infected by autoruns... Hell, I still find computers with full AV suites infected with malware that impresionates AVs (well, they try to make you buy a specific non-existing one).. And those are good cases in which the infection is obvious.. There's a reason why DDoS type of attacks are from Windows

Banking!? Linux, Firefox, NoScript and a secure connection are a must, in my opinion.. VMs would help a little if you run inside it a Linux distro with Firefox, NoScript and your host has a secure connection :P Don't get me wrong, but I'm from the paranoic branch..

Then it's how you get software in Linux.. You are by default obligated to use safe repositories... Some even compile the software from source.. The whole download this and that from here trick is not that useful here..

There you go.. Security for end-users.. :P

P.S. I know I can't change your mind just as you can't change mine.. Odd that you spend some time in Linux and still have such a big difference of opinion.. But, yes, that's actually the whole point of such communities
 
Old 04-09-2014, 07:33 PM   #27
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Quote:
Originally Posted by Yodelingisfun View Post
(..) I don't think this comparison makes Linux attractive to users who come here seeking security.
Thanks for your ace assessment but let's face it: most new users aren't even aware of or interested in Linux security features or conceptual and architectural heritage. If they are and show interest we try to help them reach their goals. If they are but seem misguided we must first educate them.


Quote:
Originally Posted by Yodelingisfun View Post
(..) I can't see myself doing transactions online until I reboot. My husband told me a story regarding this, he says the more paranoid people at his work create a VM, do their banking, and then delete the VM.
That's interesting. But did the confidentiality, integrity and availability model recently got a whole different meaning? Or don't you loose the ability to persistently store system state and transactions, should auditing be required at a later stage, by using virtualization as described?..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 3 02-22-2022 05:40 PM
Linux Antivirus ghandizzle8 Linux - Newbie 11 11-09-2011 08:54 PM
Antivirus survey: Do you run an antivirus program on linux? atom Linux - General 29 09-03-2009 04:22 PM
Linux Antivirus nistelrooy Linux - General 5 10-10-2004 02:58 PM
Linux Antivirus rudy152 Linux - Software 9 08-03-2004 09:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration