So far lots of good info I'd just plug a few more points in though. The main point I would make is that having a good set of passwords on all the accounts on your *nix box is the best way to prevent intrusion on a linux machine. One of the most common attacks on a linux box is to force their way in by cracking the password of a weak user account and then work on privilege escalation techniques in order to obtain root or a user that can sudo and make root accessible. Thus I would highly warn folks that they get those passwords in a good place before you get too worried about viruses. The principle is simple: lock your front door before your back.
Rootkits on unix and linux are pretty bad stuff and can be concealing some other bad stuff that once in there can be dangerous to your system integrity. There are a few antirootkit tools out there like chkrootkit which do a pretty good job. As a courtesy or as another measure of your security I would install clamav on your computer if you have windows computers on the same network. This antivirus is designed to make sure your linux box doesn't accidentally infect a windows box on the network with a windows virus. This is important because an infected machine on your local network could be used to spy on your linux box and make it more vulnerable to other forms of attack. Be warned that if you use wine that clamav can accidentally mistake your wine dlls as infected files when they are not necessarily infected to begin with. Another point is that there are several distros out there with intrusion prevention and security testing in mind such as backtrack, nubuntu, and ophcrack. Go look around their wikis and forums to learn more about how the different tools contained in there work. You'll be surprised to find the kind of tools out there designed to attack linux systems and windows systems and it'll give you a bit of motivation to adopt better security practices. Linux format had an excellent article on introductory computer security called "Learn how to Hack" which was good because it pointed out a few important things such as keeping up to date software, good passwords, being aware of how different attacks work, and a few other good things. I recommend you get the printed version if you can because it contained a dvd with a virtual machine image you could launch attacks against and learn and see for yourself how it works. Finally I would be sure to learn a bit into stuff like VPN and TOR if you want to get more paranoid. Welcome to the wonderful sanity destroying world of computer security enjoy your stay. -Matt On Mon, Jun 18, 2012 at 12:58 PM, Scott Vargovich <[email protected]>wrote: > hiero, > > I commend you for a very well written response. I've been using Linux for > quite a few years as my only OS and I learned a few things. > > Thanks, > Scott > > On Mon, Jun 18, 2012 at 3:47 PM, hiero <[email protected]> wrote: > >> Most of what I know has already been posted by other repliers. However, >> there are a couple of things I believe are worth saying twice. >> >> Don't run as root. Take the time to create a user. >> Linux has fewer problems, at present, than other OS, but that does not >> mean they can not or will not happen. >> >> Let me ask you this - do you use a browser? Do you use the internet in a >> gui environment? Viruses today are old hat in the malware business. While >> the server admin who posted has a point that his machines are on 24/7, most >> exploits today arrive at your machine via your browser. Infiltration is >> done using various techniques - but primarily through your browser. Since >> the servers are not, or should not be, using a browser, they are immune to >> this type of attack. Take the time to look up pwn2own. This is an annual >> contest. Notice that Macs have been the first to fall every year except >> one, if memory serves. Macs use OSX - which - like linux - is derived from >> unix and has the same inherited tamper-resistant architecture. But a major >> part of that architecture is user rights. People will tell you Linux >> doesn't get busted. But that is because nobody tries - there is no money to >> be had for breaking into Linux (yet). Those guys breaking into Macs and >> Windows at pwn2own are making a lot of money - the contest is a pittance in >> comparison. So, linux is safer, at the moment, in part because of >> obscurity. Fine - it is still safer. >> >> As is pointed out, viruses tend not to work well on Linux, if they work >> at all. You could design a virus that would recursively write to the hard >> drive - but it could only fill the partition it resides on at worst. This >> could crash the OS, but you could recover using a boot disk. Unless you >> were running as root, in which case it could overwrite every file on the >> hard drive. Malware, on the other hand, can be designed to work on linux. >> Rootkits are known - and rootkits would fall in the malware category. >> >> Back to running as root - do you ever use wireless? Do you ever use your >> computer away from home? Do you have a wifi router in your home? Do you >> have a street that runs by your house? Maybe you live in an apartment >> complex? How many people could "see" your router's wifi signal? Wireless is >> still vulnerable to man-in-the-middle attacks - and if you sit down at your >> local Starbucks and log on, and you are running as root, you have just >> opened up your box to any competent hacker who wants in. But maybe you say >> "No", all you ever use is a wired network, at home, or at work. Good, that >> cuts down on one entry possibility - but like I said - most of the exploits >> in the real world today get in through your browser. When you are running >> as root, an exploit would not need the extra step of escalating it's >> privileges to be successful. >> >> So, there ya go. 2 messages. Viruses are not a worry on Linux - but I >> think some have actually been written. Malware is not a particular worry >> yet, but it could be. Rootkits do exist, and there are rootkit detection >> programs. Nothing on Linux will stop social engineering exploits, and I >> believe "man-in-the-middle" attacks could also be successful to grab any >> transmitted data. Some of the other guys here will assuredly have more >> knowledge than I about that. There are good gui firewall appliances for >> free, and they should be used. I use no-script with Firefox, and Chrome now >> has a similar utility. You can buy a firewall/AV package, I suppose, but >> on Linux I do not see why. The Linux anti-virus packages I know of are to >> detect Windows viruses. >> >> And, as far as security is concerned, if you are concerned about >> security, running as root is like leaving your front door open. >> >> Those are my thoughts. >> >> >> >> >> >> Sudo and su are too easy once you have set them up. >> >> On Tuesday, October 11, 2011 6:27:35 PM UTC-4, Fujiwara Kaito wrote: >>> >>> I have heard that Linux computer viruses exist, but I have never had to >>> deal with any, I also do not know of anyone who has had the problem. >>> >>> (I have never even read reports of a virus infecting Linux) >>> >>> I use the root account for everything, so I had avast! for Linux for >>> awhile. (recently got rid of it when cleaning up) >>> >>> Has anyone ever here ever had any problems with Viruses in Linux, or had >>> any removed by any of the various anti virus utilities for Linux? >>> >>> It really doesn't seem like anything to worry about, but some "experts" >>> try to push anti virus utilities on Linux. (it seems they just want people >>> to use their product) >>> >>> Thoughts? >>> >> >> On Tuesday, October 11, 2011 6:27:35 PM UTC-4, Fujiwara Kaito wrote: >>> >>> I have heard that Linux computer viruses exist, but I have never had to >>> deal with any, I also do not know of anyone who has had the problem. >>> >>> (I have never even read reports of a virus infecting Linux) >>> >>> I use the root account for everything, so I had avast! for Linux for >>> awhile. (recently got rid of it when cleaning up) >>> >>> Has anyone ever here ever had any problems with Viruses in Linux, or had >>> any removed by any of the various anti virus utilities for Linux? >>> >>> It really doesn't seem like anything to worry about, but some "experts" >>> try to push anti virus utilities on Linux. (it seems they just want people >>> to use their product) >>> >>> Thoughts? >>> >> -- >> You received this message because you are subscribed to the Linux Users >> Group. >> To post a message, send email to [email protected] >> To unsubscribe, send email to >> [email protected] >> For more options, visit our group at >> http://groups.google.com/group/linuxusersgroup >> References can be found at: http://goo.gl/anqri >> Please remember to abide by our list rules (http://tinyurl.com/LUG-Rulesor >> http://cdn.fsdev.net/List-Rules.pdf) >> > > > > -- > <>< Scott Vargovich <>< > ------------------------------------------ > OpenPGP Key ID: F8F5DC7E > ------------------------------------------ > > -- > You received this message because you are subscribed to the Linux Users > Group. > To post a message, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit our group at > http://groups.google.com/group/linuxusersgroup > References can be found at: http://goo.gl/anqri > Please remember to abide by our list rules (http://tinyurl.com/LUG-Rulesor > http://cdn.fsdev.net/List-Rules.pdf) > -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup References can be found at: http://goo.gl/anqri Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or http://cdn.fsdev.net/List-Rules.pdf)
