Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
04-05-2014, 03:48 AM
|
#16
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by Yodelingisfun
I was reading a thread here and noticed that it was "closed" so when I noticed that the person hadn't been actually helped and I tried to post a reply, I got the "your post is awaiting moderation" message. I have no idea what that means, and it's not in the FAQ AFAIK.
|
A "your post is awaiting moderation" message may occur for example when your create your first post in the technical forums. (Obviously that message should also tell you to just be patient and wait until a moderator unlocks it.)
Quote:
Originally Posted by Yodelingisfun
So sorry if this is a rehash, but seriously why does everyone think that Linux is perfectly safe from all attacks? Maybe you just don't know because your AV solution s*cks or is nonexistent. (..) If you have no AV solution, or your AV solution is weak, you have no way of knowing if something is silently recording your keystrokes, collecting your banking information or whatever else you're doing online. (Credit card info? Paypal?) (..) Most of these on-access real time scanners are either free to try (..). But they should not be ignored completely by the Linux community if we are to present a professional and complete image of Linux capability today.
(..)
It's my opinion that we should mention these options in one breath with other more typical Linux security solutions when this topic is broached. Otherwise people who are seeking to try Linux will be scared away because they don't feel comfortable enough "yet." You can't please everyone, that's true, but we already have solutions to please people concerned about this. Use them.
(..)
for adoption of a safe computer system by "the masses" you'd need something equivalent to Norton(..)
|
IMHO it would be best not to link your statements up or cloud things over by making broad statements about Linux like " present a professional and complete image of Linux capability today" as the Linux ecology already has shown proof of that: in the way the kernel and user land matured over the decades, in the way it has successfully penetrated non-desktop and non-server markets and in the way it's accepted and used by governments, corporations, institutions and private users alike for business critical processes.
Secondly computer users who are not familiar with UNIX or Linux in terms of concepts or basic usage (let alone its threatscape) may model their expectations of Linux solely on past experiences with other OSes which is not how Linux should be used. (Let's forget the other half who won't even realize there's a Linux OS underneath their device UI.)
Like I said in the other thread, the question those users should ask instead really should be: "What do I need to do to keep my Linux installation safe?". The answer to that may include "install an antivirus application if ..." but it certainly is not item 0, 1 or even 2 on the list.
|
|
|
04-08-2014, 12:51 PM
|
#17
|
LQ Newbie
Registered: Apr 2014
Posts: 13
Original Poster
Rep:
|
Quote:
Originally Posted by Smokey_justme
One word: Updates.
|
Yup, you do that on Windows too. Same old, same old.
Quote:
So, a program with an iptables simple GUI and some automation (possible online db with rules for services) .. virus definitions and scanner.. rootkit scanner .. Hmm.. all this kind of automated for desktop/laptop users might be good, who am I to say no.. I simply don't see it in the near future and to be honest, I don't see the need for it in the near future...
|
There is a need, if only to make people feel more comfortable adopting Linux. I think you (the Linux community) are scared of losing the cachet of being the guru who can administer an obtuse system. But computer maintenance is an endless and thankless task and always will be in any OS.
It's interesting that in Linux, I mention that it would be good to have a tool to do something and everyone says, It's not needed. But in Windows or Mac, I say that and people say, I wish my boss would spring for that the cheap bastage. Partly it's because tools exist in the for-pay OS worlds. Partly it's because it's just too much work to put something like this together in the Linux world. It's something people would only do if they were being paid for it I think.
It also limits the size of the linux network because how will you secure something like a network with 50 or 60 servers supporting 2000 desktops, some of which are Macs because designers won't use anything else, and some of which are Windows because execs won't use anything else... how will you secure it without monitoring that pulls data from active full-range defenses on all the endpoints? Will you really touch every computer and server at least once a week to make sure it's updates/secure/ok? Why does the client/server Linux solution from Symantec exist if not for this purpose?
I'm not just talking though my hat here, I've maintained a Windows/Mac/Linux environment like that (obviously not alone), but it was mostly Windows. Would've been great to get more Linux in there, but we had the same issues then, that still exist. The monitoring and security tools just aren't there because everyone is dedicated to not looking for problems. You can continue to close your eyes to this, but business decisions are being made while you're denying it. So are personal consumer decisions.
|
|
|
04-08-2014, 01:00 PM
|
#18
|
LQ Newbie
Registered: Apr 2014
Posts: 13
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
A
Secondly computer users who are not familiar with UNIX or Linux in terms of concepts or basic usage (let alone its threatscape) may model their expectations of Linux solely on past experiences with other OSes which is not how Linux should be used. (Let's forget the other half who won't even realize there's a Linux OS underneath their device UI.)
|
An OS is an OS is an OS. It's not a magical beast that came from the land of Oz. It mediates between Applications and Hardware. That's all. I'm talking about application availability. Don't tell me that you believe that the application environment in Linux is so very different than Windows or even Mac OS9, that it doesn't need protection from exploitation. That is magical thinking. Malware of any kind is just another application. No OS is immune.
|
|
|
04-08-2014, 01:03 PM
|
#19
|
LQ Newbie
Registered: Apr 2014
Posts: 13
Original Poster
Rep:
|
Quote:
Originally Posted by k3lt01
And this article is relevant now how? Debian is at 7, RedHat 8 was about 2001-2 and Slackware is at 14. The problem here is reading old material to support a point of view that is still not current (12-13 years later) isn't giving you an accurate picture.
As mentioned before, and not only by myself now, the best thing a Linux user can do to keep their system safe is to keep it up to date.
|
It's relevant because it's an illustration that all the different versions have different commands. This leads to complexity.
Unless... are you saying these commands are exactly alike in the current version of all 3 different flavors of Linux? Please look them up and post, and I will be corrected.
|
|
|
04-08-2014, 01:12 PM
|
#20
|
LQ Newbie
Registered: Apr 2014
Posts: 13
Original Poster
Rep:
|
Quote:
Originally Posted by Smokey_justme
While I agree monitoring helps, this is not heuristic however, and still doesn't answer how would AV implement heuristic that work for pure Linux malware..
|
Wowwwwwwww, you don't expect much do you? Explain how heuristics works on pure Linux malware, huh? Well, maybe in my Doctoral Dissertation. Meanwhile, you can read this:
http://en.wikipedia.org/wiki/Heurist...Virus_scanning
If you expect more than that from me, you'll have to ask a stone for blood.
Quote:
Actually, I'm sorry but I cannot totally agree with you.. Norton Internet Security is by far the worst program ever made. It's a virus by definition.. Just try to uninstall it and you'll see what I mean.. Then there are the number of free security products that, well.. make you want to throw rocks at the screen..
|
Sooo, by that I gather that you use Linux to avoid using security products in the first place? That would explain a lot about why people don't bother with AV on Linux. But frustration with security products is kind of childish isn't it? Especially complaining about free ones. Especially since everything on Linux can be free, and usually is. Do you refuse to use the goggles in chemistry class too?
Last edited by Yodelingisfun; 04-08-2014 at 01:24 PM.
|
|
|
04-08-2014, 01:59 PM
|
#21
|
Member
Registered: Oct 2009
Distribution: Slackware
Posts: 534
|
Quote:
Originally Posted by Yodelingisfun
Yup, you do that on Windows too. Same old, same old.
|
With tiny bits of differences, yes.. Same old.. It's just the most smart thing you can do
Quote:
There is a need, if only to make people feel more comfortable adopting Linux. I think you (the Linux community) are scared of losing the cachet of being the guru who can administer an obtuse system. But computer maintenance is an endless and thankless task and always will be in any OS.
|
An AV (and usually security programs) complicates things. Always. So fear of simplifying can't be it..
As for the administering part (that's not about the AV anymore) this is not true for a lot of distros this days..
Here's the truth.. The guys that actually care and know about security won't like being limited to a box asking you if the cable is part of the LAN or part of the INTERNET.. That simply won't suffice..
And considering how many people would simply hit the first answer they manage to get without knowing or caring about what happens behind the scene, I think that would be worst thing people can invent.. The same would go with a very simple and automated AV... or with mostly anything security related for that matter.
Quote:
It's interesting that in Linux, I mention that it would be good to have a tool to do something and everyone says, It's not needed. But in Windows or Mac, I say that and people say, I wish my boss would spring for that the cheap bastage. Partly it's because tools exist in the for-pay OS worlds. Partly it's because it's just too much work to put something like this together in the Linux world. It's something people would only do if they were being paid for it I think.
|
That's because people that actually use the suggested stuff, already have that tool.. Probably even more powerful.. Or that most long-term Linux users know what they want.
If you're still refering to the AV.. Linux DOES HAVE solutions.. A lot of the major AV software is also available for Linux..
Quote:
It also limits the size of the linux network because how will you secure something like a network with 50 or 60 servers supporting 2000 desktops, some of which are Macs because designers won't use anything else, and some of which are Windows because execs won't use anything else... how will you secure it without monitoring that pulls data from active full-range defenses on all the endpoints? Will you really touch every computer and server at least once a week to make sure it's updates/secure/ok? Why does the client/server Linux solution from Symantec exist if not for this purpose?
|
Very secure... Networking is what Linux does best.. And you should ensure every computer (regardless of the OS) gets updated at least once a weak.. Even more, push severe updates ASAP. If someone is managing such a network and don't follow at least one security mailing list.. or somehow follow at least one security feed, then that person should be fired..
Btw, you do know that AVs should be updated at least daily, no?
About the client/server Linux solution from Symantec.. I don't have a clue abut that.. But if you're happy with it, use it Just remember it's just a tool to be used by the sys-admin.. Installing it, configuring it, and then forget about the clients or server is almost as bad as doing nothing at all in the first place..
Quote:
I'm not just talking though my hat here, I've maintained a Windows/Mac/Linux environment like that (obviously not alone), but it was mostly Windows. Would've been great to get more Linux in there, but we had the same issues then, that still exist. The monitoring and security tools just aren't there because everyone is dedicated to not looking for problems. You can continue to close your eyes to this, but business decisions are being made while you're denying it. So are personal consumer decisions.
|
Ok.. You can say a lot of things but not "The monitoring and security tools just aren't there".. You do realize that most firewalls/gateways are Linux systems? This is actually what Linux does best.. Windows and Mac have the desktop user target, Linux (*nix) has always been the choice for any big network.. Hell, I think (I remember reading this somewhere -- but I might be wrong) even Microsoft and Apple uses Linux for the backbone of their network.. I'm sure every other big name does it..
Last edited by Smokey_justme; 04-08-2014 at 02:02 PM.
|
|
|
04-08-2014, 02:10 PM
|
#22
|
Member
Registered: Oct 2009
Distribution: Slackware
Posts: 534
|
Quote:
Originally Posted by Yodelingisfun
An OS is an OS is an OS. It's not a magical beast that came from the land of Oz. It mediates between Applications and Hardware. That's all. I'm talking about application availability. Don't tell me that you believe that the application environment in Linux is so very different than Windows or even Mac OS9, that it doesn't need protection from exploitation. That is magical thinking. Malware of any kind is just another application. No OS is immune.
|
Yes, but in Linux you already have legitimate tools that can do malware stuff.. Got access to a 'root'? Install tinyssh (that is a real and legitimate application) and you have a backdoor. I've already tried telling you this.. In Linux misconfigurations and exploitation of the public services (stuff that goes online, like ssh, http server) is the dangerous thing..
There are a few written malwares, but they can't reproduce like they do in other OSes (e.g. Windows) because on a system in which most users aren't spending their days in 'root', it's not as simple as sending someone an e-mail...
|
|
|
04-08-2014, 02:24 PM
|
#23
|
Member
Registered: Oct 2009
Distribution: Slackware
Posts: 534
|
Quote:
Originally Posted by Yodelingisfun
Wowwwwwwww, you don't expect much do you? Explain how heuristics works on pure Linux malware, huh? Well, maybe in my Doctoral Dissertation. Meanwhile, you can read this:
http://en.wikipedia.org/wiki/Heurist...Virus_scanning
If you expect more than that from me, you'll have to ask a stone for blood.
|
Fair enough.. My point is that Linux malwares are close to legitimate applications.. It would almost be impossible for an AV to use heuristic to catch serious malwares before they have a signature..
Quote:
Sooo, by that I gather that you use Linux to avoid using security products in the first place? That would explain a lot about why people don't bother with AV on Linux. But frustration with security products is kind of childish isn't it? Especially complaining about free ones. Especially since everything on Linux can be free, and usually is. Do you refuse to use the goggles in chemistry class too?
|
No.. In my case I use linux because of the security tools (ssh, iptables -- both related to networking) and the overall security and stability of the system.. I'm also not frustrated on AV security products (or any other type of security product).. I've even mentioned situations in which AV solutions are a must (public or even private FTP, e-mail server, SAMBA.. etc).. But that's mostly to protect the users using those services..
P.S. Yes, I dislike Norton Antivirus, or Norton Security blabala.. I keep my opinion that it's an actual malware in itself..
Last edited by Smokey_justme; 04-08-2014 at 02:26 PM.
|
|
|
04-09-2014, 01:17 PM
|
#24
|
LQ Newbie
Registered: Apr 2014
Posts: 13
Original Poster
Rep:
|
As far as whether the "backbone" of networking runs on Linux... possibly some of the smaller ones, but I'm pretty sure corporate ones run on Cisco and/or some of the fiber ones which often have proprietary OS's, though some do use Linux (The sellouts! Abandoning Load/Store! For shame! :P ).
I am wondering if we are talking about the same thing regarding network monitoring. In particular, since the network I was administering was NOT mostly Linux, I've only recently started looking for Linux solutions of the kind I was using there. I can't say about their quality but they do seem to exist as you say. Not sure of their full capability, it would take some digging to figure it out, and compare products. To be very clear, I'm talking about something like this:
http://sourceforge.net/projects/midas-nms/
and/or this
http://sourceforge.net/projects/snare/?source=directory
Anyway, thanks for the debate, I don't see that we will agree, or that we have to, if you're satisfied and I'm not, the world won't blow up over it. From my POV, I need to do some research into these network monitoring tools and see what versions they work with and what adjunct tools are needed (a complex undertaking on any OS). Maybe that will lead me to the solution I'm looking for and haven't been able to find.
Unfortunately, it still leaves the average home user in the dirt, because they really do expect something like Norton Internet Security or the equivalent product from another company to keep them safe with little or no intervention or thought or effort. And it does seem effective in its environment so I can't see why such a product wouldn't be effective here.
The only things that have ever sneaked by such software are (since about 1995, it has happened to me 3 times on M$ that I had to rebuild a PC due to viruses I couldn't remove, that's all, 3).. are zero-day attacks from drive by downloads I didn't agree to. This is the third time. I imagine people will fewer skills have to do it more often, but I honestly don't even encounter virus warnings more often than once every 8 months.
If that drive-by were capable of affecting Linux, and I followed the advice of weekly scanning... on an average day, that would mean it was there for 3 days before being detected. I'm not a fan of such a possibility. I don't think this comparison makes Linux attractive to users who come here seeking security.
While I continue to use SUSE and have done so since around 2003/4, I can't see myself doing transactions online until I reboot. My husband told me a story regarding this, he says the more paranoid people at his work create a VM, do their banking, and then delete the VM. It might work as a workaround. Might be nice to look into VM's anyway so I can play games without rebooting.
It's good to have ideas from the peanut gallery.
Last edited by Yodelingisfun; 04-09-2014 at 01:43 PM.
|
|
|
04-09-2014, 01:48 PM
|
#25
|
Senior Member
Registered: Jun 2011
Location: NOVA
Distribution: Debian 12
Posts: 1,074
|
I'm a completely average user and I don't expect a Norton/Kapersky/Clam et. al. to do anything.
|
|
|
04-09-2014, 03:16 PM
|
#26
|
Member
Registered: Oct 2009
Distribution: Slackware
Posts: 534
|
@Yodelingisfun: End-users are actually more safe in Linux just by using any major distro than they are by default in Windows (even with an AV solution).. You have to understand that the whole root/user privilege separation is not just a joke.. It means that keyloggers can't exist in a process without root privileges (even then, if I'm not mistaken, it can't be done in user-space level and needs to be loaded as a kernel module -- which by the way can be monitored)..
Sure, a malware written for Linux that managed to get in somehow AND executed, could transfer files, or could transfer unprotected browser password.. Or stuff like that.. But nothing can protect one from that other than themself by using plugins like Adblock, Disconnect, or even better, NoScript.. And sure, this doesn't protect you from phishing attacks.. But just because the whole system isn't going down and other users are not affected, you should understand why I'm saying this is by default safer.. you might have had luck with your 3 strikes, but I've never had a Linux infected system that needed reinstalled.. Even a break-in with a backdoor (they managed to get it because of some bad PHP-code on the server and me not runing in chroot or a VM, the web-server) was fixable quite easy (and lucky me, it wasn't even hard to catch) .. Even that was on a playground server that was for me and a friend... Hell, come to think about it, that was my only bad case..
Malware problems? None...
On Windows on the other hand, while I myself can't complain very much, I still find computers infected by autoruns... Hell, I still find computers with full AV suites infected with malware that impresionates AVs (well, they try to make you buy a specific non-existing one).. And those are good cases in which the infection is obvious.. There's a reason why DDoS type of attacks are from Windows
Banking!? Linux, Firefox, NoScript and a secure connection are a must, in my opinion.. VMs would help a little if you run inside it a Linux distro with Firefox, NoScript and your host has a secure connection :P Don't get me wrong, but I'm from the paranoic branch..
Then it's how you get software in Linux.. You are by default obligated to use safe repositories... Some even compile the software from source.. The whole download this and that from here trick is not that useful here..
There you go.. Security for end-users.. :P
P.S. I know I can't change your mind just as you can't change mine.. Odd that you spend some time in Linux and still have such a big difference of opinion.. But, yes, that's actually the whole point of such communities
|
|
|
04-09-2014, 07:33 PM
|
#27
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by Yodelingisfun
(..) I don't think this comparison makes Linux attractive to users who come here seeking security.
|
Thanks for your ace assessment but let's face it: most new users aren't even aware of or interested in Linux security features or conceptual and architectural heritage. If they are and show interest we try to help them reach their goals. If they are but seem misguided we must first educate them.
Quote:
Originally Posted by Yodelingisfun
(..) I can't see myself doing transactions online until I reboot. My husband told me a story regarding this, he says the more paranoid people at his work create a VM, do their banking, and then delete the VM.
|
That's interesting. But did the confidentiality, integrity and availability model recently got a whole different meaning? Or don't you loose the ability to persistently store system state and transactions, should auditing be required at a later stage, by using virtualization as described?..
|
|
|
All times are GMT -5. The time now is 07:26 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|