SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It's a serious lack of imagination to think that just because of the root/user separation that linux users are immune from malware.
What about this ...
Write an FLAC-to-MP3 script in perl, embed within it a short downloader for malware with a crontab - command in it and get it hosted/posted somewhere
At dark o'clock in the morning it contacts the nasty disposable server and downloads the malware proper which
1) encrypts all my files and sends the key off to far-away ransom land or
2) reads through /var/spool/mail or scans thunderbird db for email addresses and sends copies of itself "Dude, you gotta try this..." style or just spams them with viagra ads.
None of this requires more than user rights
Yes, you might be clued, but what about your granny or kid brother?
In a Desktop environment, it is a simple matter to prohibit remote logins (or even place it on a toggle for when you need it) which makes 99% of exploits impossible. IMHO possibly the greatest threat is that there are so few viable threats it is all too common to become complacent. I've run Samhain and TripWire in the past as well as setting iptables to monitor all connection attempts continuously on display (even by port ranges) and one by one they all fell into disuse from lack of any threat in almost 20 years. I have relied on a hardware firewall, strict control of running services, and monthly rkhunter runs for 5 years now and still have yet to log an actual threat of any kind. I do apply security patches and update browsers but have never run any Anti Virus software on Slackware. For Desktop use it is simply superfluous IMHO.
It's a serious lack of imagination to think that just because of the root/user separation that linux users are immune from malware.
YEs it's quite possible.
But if it's so easy theoretically, why is so hard in real world?
MAybe FLAC-to-MP3 script in perl is so simple that any complexity is suspicious and will not work simply and blindly by clicking the mouse :-)
But Yes .It's known path of potential malware propagation.
Knowledge of this is also part of the security :-)
It's better than "safest" "unknown" system behind 77 firewalls IMHO.
One question: what is /etc/cron.deny ???? if you know path.
A similar case .
In 2011, J. Rutkowska announced that it is built in keylogger on Linux . Xorg . Eureka .
Many years have passed and no one somehow did not use the "big hole" in perception of Windows world.
Your example of the cron would make a nice it exploited .
Rutkowska is also a child of Windows. In that world it is unthinkable .
Learned from practice knowledge of one need not be the same in the second.
But no doubt these are some weaknesses by design. The knowledge of this gives us an advantage over the attacker and do not need to panic immediately .
There are many ways of neutralizing them in Linux if you 're afraid . It's not Windows .
PEBCAK is often the biggest source of idiocy. When in doubt, just add a layer of security and use common sense. Even if it seems meaningless, you never know.
To assist the best security to your Linux server such that to secure it from Virus/malware attack one should go for a Linux firewall that features all of the security and provide a centralized network access control from Administrator side
Thank you for the link. She truly has a unique and proper perspective regarding security. I was aware that UEFI, a sorely needed improvement in BIOS if only in the size to improve capability but shockingly superficial in implementation so far but now I see why.... Intel ME and it's Master Plan to give embedded proprietary hardware the upperhand (arms, shoulders, legs and feet) which, as Joanna pointed out, wouldn't be too bad if the User/Owner (hesitated typing "Owner" since that may become moot and/or meaningless) was given the sort of control that could coexist with "proprietary" but create at least a truly trustworthy system free of user info data mining and the backdoors to use it.
Her talk made me look up Lenovo X60s to see if I could live with the power limitations to get improved security at the hardware layer and they're so cheap I'm going to get one to play with and see for myself. On paper, they look like some versions can work just fine for several years yet. With an SSD or a 7200 rpm hdd and the 2 core CPU at almost 2GHz with 4GB Ram it looks like the Intel GMA 950 is the only moderately weak spot and even that is capable of 2048x1536. Lenovo X60 Detailed Specs Thank you Microsoft! Surely did drive that price down LOL.
Yes, I'll also say thanks for the link. A very interesting presentaton.
I had heard of ME but had no idea what it actually is! All my old, recycled hardware is looking very good indeed!
With acceptance of ME in the CPU and the ubiquitous man-in-the-middle on the net (CloudFlare), it is a cruel joke to talk seriously about digital privacy and security.
Disclaimer: please don't tell me that the laptops are old and decrepit, I don't care, these are some of the only laptops certified by the FSF and I'm just posting it for those that are interested.
What I use on my machine (Internet facing, SSH-only server):
* OSSEC for intrusion/binary modification detection
* DenyHosts to protect from OpenSSH abuse
* ClamAV to scan downloaded files (and only downloaded files)
* Both chkrootkit (with personal patches) and rkhunter to check for potential rootkits
All of these are updated on a daily basis.
All firewall duties are delegated to my ADSL router.
I also scan my machine from the Internet from time to time to make sure nothing untoward has appeared.
I update my machine religiously and check for updates daily as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.