LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-01-2003, 11:04 PM   #1
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Rep: Reputation: 46
Linux Spyware


I have received several messages saying i have spyware on my system and i am using linux RH9. These are not the same kinds of scare tactic messages you get to buy software while surfing the web. I thought there was no spyware for Linux??? I dont trust linux it being open source and I have already had my system hacked once and had to format and reinstall RH9. How do i get rid of spyware in linux???

thanks
 
Old 11-01-2003, 11:07 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 245Reputation: 245Reputation: 245
How are you receiving these messages? Thru a browser or another app? I've never heard of spyware within Linux and to tell you the truth, opensource is your friend as it allows you to see the code being used. That makes it easier actually to find out if there is some kind of security threat, etc in the apps your using. It would be very hard for someone creating apps under the GPL to make backdoor's, spyware, etc.
 
Old 11-01-2003, 11:32 PM   #3
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Rep: Reputation: 47
hmm spyware in linux would only be able to spy on the user that had it installed, plus I do not think there is any, but if there were it would be on redhat

if you are hacked that much you need to work on security, and redhat default will not cut it

if you are hacked to where you need to reformat than you are eather using chmod 777 / -R (Stupid) or running everything as root (almost as stupid)

if you want security without effort (worthless) go with debian or slack.

open source may allow a hacker to find a vulnerability faster true, but it also alows for anyone to fix that vulnerability and very fast.

all in all if things are correct you would not have this problem. as for spyware popup sounds like it is eather in web browser (use mozilla and enable popup protection) or using root user for everything + other stupidity allowed a hacker to mess with you.

however do not get me wrong, I am not calling you stupid, I am calling the above actiosn you may or may not have done stupid, you have 786 posts (at time of reading) and that counts for a lot.
 
Old 11-01-2003, 11:43 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
When you post a question, please be specific. The above question is so open-ended and vague it's impossible to tell what the issue might be (or if there's even a legitimate issue). Please post a copy of the error/warning message you're receiving along with any supporting log entries. Make a clear-cut case for why you think there's spyware on your system and describe how/what it's effecting. Remember: Be specific.
 
Old 11-02-2003, 12:20 AM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally posted by exodist
hmm spyware in linux would only be able to spy on the user that had it installed, plus I do not think there is any, but if there were it would be on redhat
I doubt that redhat is anymore vulnerable to spyware than most distros. In fact, most of them are going to include the same versions of Mozilla and other applications.

Very few distros are going to be secure with a default setup and most of those will be security-centric hardened distros. Personally, I didn't find the default slackware setup to be much better. The key to security isn't really which distro you use, it's how much effort you're going to put into learning about it and applying it.
 
Old 11-02-2003, 12:27 AM   #6
shellcode
Member
 
Registered: May 2003
Location: Beverly Hills
Distribution: Slackware, Gentoo
Posts: 350

Rep: Reputation: 32
Re: Linux Spyware

Quote:
Originally posted by BajaNick
I dont trust linux it being open source
care to explain that? i dont trust proprietary software because i dont have the source and i have no idea what the program is actually doing. i trust open source because the source is out in the public and if there is anything fishy i would have heard of it.
 
Old 11-02-2003, 12:40 AM   #7
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Rep: Reputation: 47
Capt_Caveman
my point is that redhat being lead linux distro do to undue popularity would make it the prime linux target, just as it is prime for companies supporting linxu and just as the popularity of windows makes it a target for viruses (though evn if people did target linux for viruses they would nto get very far) so if someone was goign to make spyware chances are they would do it for/on redhat. and as for default security I do think slacks os stronger than redhats, but not much stronger.
 
Old 11-02-2003, 12:50 AM   #8
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Original Poster
Rep: Reputation: 46
No i dont run as root all the time actually never, I always just su - and do what i need then end priveledges and no I dont chmod 777, I dont even know what that does. LOL.

True that closed source is secretive and noone knows whats going on but i feel open source is just an invitation to crackers as they can see everything thats going on and that gives them and advantage.

I received a a popup. It showed my IP address, my physical location (Los Angeles) and it also showed me my ISP name and the time and date of my current connection and it was not like any other popup i have received before, It didnt seem to want to sell me anything like the usual ones it was just there with no other information, it was kind of freaky.
 
Old 11-02-2003, 12:59 AM   #9
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Rep: Reputation: 47
that stuff is easy to get when you request data froma w eb site, if you have ever been on irc and seen what it shows as well as your ip, it is easy to then place it in a popup, you have no spyware it is harrasment to get you to buy something.
 
Old 11-02-2003, 03:32 AM   #10
crashmeister
Senior Member
 
Registered: Feb 2002
Distribution: t2 - trying to anyway
Posts: 2,541

Rep: Reputation: 47
This is all readily available data when you connect to any website check here http://privacy.net/analyze/
 
Old 11-02-2003, 02:28 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,371
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
so if someone was goign to make spyware chances are they would do it for/on redhat.
Rise of spyware, in the original Windows sense of the word, was AFAIK caused by changes in how some companies thought they could increase revenue. I'm not saying it's impossible to *run* that type of spyware on Linux, but because of the difference in business models, companies that milk Linux cannot benefit from shipping spyware, and because of cultural differences, Linux users will nuke the company that tries it.


An OT remark for exodist
As for your opinionating "redhat being lead linux distro do to undue popularity would make it the prime linux target" and "slacks os stronger than redhats" I am asking you, as moderator, to please leave those out.
Favouring one distro over another should always be backed up with facts, the rest is useless and irritating. Flamewars and trolls belong in /General.
The Linux - Security forum needs facts, not opinions.
 
Old 11-02-2003, 03:15 PM   #12
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Rep: Reputation: 47
I am sorry, I did not intend it that way unSpawn, usually I make note of such things being my opionion or experiance, this time I was not paying attention, I will remember next time.
 
Old 11-02-2003, 03:57 PM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
So as expected, this was a particularly devious ad, not spyware. Almost by definition spyware will not announce it's presence (it's spying, after all!).

As for distro wars I don't really think of anyone one distro as "better" than another, but there are certainly some categories where some distros might be more focused than others. I do tend to agree that Red Hat will be a specific target for all the types of attacks we've seen on Windows (spyware, trojans, remote exploits, etc). This is due to the fact that people who go to the trouble of writing automated tools will want them to work against as many machines as possible. Red Hat is by far and away the most popular Linux distro used in corporate America, and many home users at least start with Red Hat because to a large degree the "branding" has worked and new users equate Linux == Red Hat (it's only later when they get involved in the community that they realize their options).

I started on Red Hat myself back with 5.2 because it was the only one I could find in stores and I had no idea that I could download and burn to CD (the sad thing was I had one of the fatest broadband connetions available at the time, and a CD burner). Now I buy Linux or BSD when I'm impressed with the work and want to support the developers.

Any way I'm getting off track. The point is that Windows is a massive target right now because in one flavor or another, it runs on about 95% of computers out there. Yes the security model is a lot different in Windows and it makes things easier, but really it's about the wealth of targets. There have been Linux worms already, it's just that they didn't make much progress because Linux wasn't being used nearly as widely.
 
Old 11-02-2003, 04:01 PM   #14
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Rep: Reputation: 47
Chort, I have seen the argument before, it is true that A reason linux has less worms and viruses is because the attackers want more targets, but linux really hasn't been tested aganst a majior virus flood like windows has, I personaly believe that the layout of a linux system would protect it and prevent the kind of mass-failure and mass-hysteria like a few eeeks ago n windows.
 
Old 11-02-2003, 04:54 PM   #15
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You won't have as many mass-worms perpetuated by users (and I say "as many" because there are always undiscovered buffer overflows that can lead to privilage escalation), but think about how many Internet services run as root. Sendmail is infamous for this and it's certainly not the only one. I'll again cite the Morris Worm and remind everyone that it was the most successful worm of all times in terms of percentage of Internet-attached hosts that were infected. The Morris Worm affected UNIX and BSD systems via Sendmail and fingerd. In many implementations named runs as root, generally POP/IMAP daemons run as root, and a lot of times ntpd runs as root.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Spyware On Linux dj9928 Linux - Software 2 04-16-2005 05:31 PM
Spyware and Linux? stunter Linux - Software 4 07-01-2004 02:04 PM
Can Linux have spyware? ProtoformX Linux - General 4 03-15-2004 06:51 AM
spyware in Linux? moger Linux - General 1 01-27-2004 04:39 PM
Linux and spyware mfarley Linux - General 3 08-14-2003 12:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration