You are not logged in.

#26 2009-04-02 02:38:19

camphor
Member
Registered: 2009-03-01
Posts: 32

Re: Linux and Viruses?

They exist.

As proof of concept that one can exist.


EDIT: Just curious, though, does rkhunter turn up the useradd and ldd warnings for all of you as well?

Last edited by camphor (2009-04-02 02:48:50)

Offline

#27 2009-04-02 02:48:56

3nd3r
Member
From: /dev/null
Registered: 2002-12-08
Posts: 301
Website

Re: Linux and Viruses?

i have been using linux since the 1.0 kernel days. Not a single virus.

Offline

#28 2009-04-02 15:53:10

Anonymo
Member
Registered: 2005-04-07
Posts: 421
Website

Re: Linux and Viruses?

Offline

#29 2009-04-02 16:09:41

kensai
Member
From: Puerto Rico
Registered: 2005-06-03
Posts: 2,475
Website

Re: Linux and Viruses?

Anonymo wrote:

LOL a good april fools joke. It really was good, he made it appear as real, but well, no Linux virus, if you ever meet one, have that power.


Follow me in: Identi.ca, Twitter, Google+

Offline

#30 2009-04-02 17:15:40

X/ax
Member
From: Oost vlaanderen, Belgium
Registered: 2008-01-13
Posts: 275
Website

Re: Linux and Viruses?

In the end they said it: Your linux should have a good security base, and a thought-through backup system, for when your security gets borked.
If you have those two, there's no need to worry... Ever...
Of course casual checks with rootkit checkers are mandatory, wouldn't want to have the worst virus ever on your box right (I'm talking about milaculous [or whatever] crackers)
In the end, when you keep things up-to-date, and especially looking out for updates in the security field (I think we all should have a subscription to something that generates news reports)
Turn as many features off as you can, and turn them on on a as-needed basis is also smart. My friends say I'm annoying because I frequently have myself locked into a too strickt firewall, but I wouldn't want to say `I told you so` when they have their boxes busted...


My coding blog (or an attempt at it)
Archer start page (or an attempt at it)

Offline

#31 2009-04-02 23:33:39

hank863
Member
Registered: 2008-08-23
Posts: 77

Re: Linux and Viruses?

I just used ufw to configure iptables and have passed all the Shields Up tests!  I have also decided to use chkrootkit to scan for rootkits every now and then.  Thanks everyone for your input!

Offline

#32 2009-04-03 00:13:19

sand_man
Member
From: Australia
Registered: 2008-06-10
Posts: 2,164

Re: Linux and Viruses?

Question:
Those servers who have uptimes of 300+ days, that means they are running an old kernel and open to security breaches?


neutral

Offline

#33 2009-04-03 08:58:02

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

sand_man wrote:

Question:
Those servers who have uptimes of 300+ days, that means they are running an old kernel and open to security breaches?

It really depends.

In theory, if you had no firewall, no antivirus, no nothing, then yes, there is a chance those servers that run for over a year would not have security updates and are "less secure."

But there's a few factors you need to consider.

First off, if the outdated Linux server has a well-maintained firewall, then there's a huge boost to security.

Second off, if the outdated Linux server has a well-maintained antivirus engine, there's another huge boost, in theory, though last I heard there were only like... 30 in-the-wild Linux-native viruses. Programs like ClamAV are pretty much there for less secure distributions' sake: Windows on the same machine, or, in the case of servers, Windows clients.

Third, combining the two is usually what most people do when using far outdated distributions where no updates are available, and it usually a good idea when maintaining a public system. By public system, I mean anything you intend other people to make use of from their own computers. A server. I personally don't think most desktop users sitting behind a router who don't have things like SSH should really need to worry about hardening their Linux distributions.

Fourth, it helps that Linux rarely needs a restart with most of its updates. It's pretty much kernel updates and few other things that might reside in kernelspace. Virtually nothign in userspace requires restarts after an update, and I think this means that most servers update more than you might think.

Finally, and stop me if I am wrong about this, the fourth thing can be even further "perfected." I believe kexec can be used to run new kernels without restarting anything.

Don't quote me, and take what I say with a pinch of salt: I don't actually run a server. I assist a friend of mine who runs a Linux-based server as a hobby across the Internet (marupa.net).

The bottom line is it is probably still a better idea to run a server on Linux instead of say, Windows or Mac OS X.

Offline

#34 2009-04-03 09:07:15

3nd3r
Member
From: /dev/null
Registered: 2002-12-08
Posts: 301
Website

Re: Linux and Viruses?

I have to edit here. I have seen viri on linux. Of course its all intended for windows users.
Example: logo.jpg is infected with (insert some gay ass virus here) which only works on windows machines. but it is still on a linux system. You will see alot of that if/when you work with alot of servers like I have.

When I was an admin at hostgator.com and appliedi.net I saw a TON of those but we removed them as fast as we found them.

Offline

#35 2009-04-03 09:15:19

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

3nd3r wrote:

I have to edit here. I have seen viri on linux. Of course its all intended for windows users.
Example: logo.jpg is infected with (insert some gay ass virus here) which only works on windows machines. but it is still on a linux system. You will see alot of that if/when you work with alot of servers like I have.

When I was an admin at hostgator.com and appliedi.net I saw a TON of those but we removed them as fast as we found them.

Yeah, I've heard tell of such things, which is, I believe, part of why many admins like ClamAV so much. There's no reason a virus can't be FOUND on a Linux system. But being found and being executed are different. I imagine you're more concerned about making sure the virus doesn't end up on a system it actually executes on as a Linux admin, yes?

In my opinion, however, for Linux itself to be compromised by a virus, it needs to do more than just "be there."

I'm sure all the badass viruses that get lots of media attention all wind up going through Linux servers a great deal, since Linux (Or just *nix in general) seems to be the dominant player in the server world.

At any rate, thank you for informing me of this. smile

Offline

#36 2009-04-03 10:04:51

3nd3r
Member
From: /dev/null
Registered: 2002-12-08
Posts: 301
Website

Re: Linux and Viruses?

sure, windows virii really dont do shit on linux/bsd. but if you happen to get a linux virus, its really pointless because permissions save your ass. If your user cant write outside of your home directory then its really pointless. now, if there is an exploit somewhere that gives you root privs, then there is an issue. Luckily, the few that I have seen int he 2.6x kernel build are quickly patched.

That is why linux virii are so pointless. they get patched so fast and damn near everyone updates constantly. Personally, I have a cron job that upgrades my system 5 times per day.
thts on my desktop and my dedi. My webhost is already using the latest kernel and libs for everthing on their systems.

Offline

#37 2009-04-03 11:54:30

FeatherMonkey
Member
Registered: 2007-02-26
Posts: 313

Re: Linux and Viruses?

With the proof of concept using .desktop files, what I thought was is there not perhaps some truth. OK so escalating to apps/services that the user uses and manipulating them is bad.

But in all honestly surely as many machines are single users, with there data in one place is the user home not the really scary place. Speaking for myself I'd rather lose the whole of root than user.

Offline

#38 2009-04-03 12:15:34

muunleit
Member
From: Germany
Registered: 2008-02-23
Posts: 234

Re: Linux and Viruses?

I think I found this link once in this forum.
=> How to write a Linux virus in 5 easy steps

Last edited by muunleit (2009-04-03 12:15:46)


"The mind can make a heaven out of hell or a hell out of heaven" -- John Milton

Offline

#39 2009-04-03 14:11:00

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

3nd3r wrote:

sure, windows virii really dont do shit on linux/bsd. but if you happen to get a linux virus, its really pointless because permissions save your ass. If your user cant write outside of your home directory then its really pointless. now, if there is an exploit somewhere that gives you root privs, then there is an issue. Luckily, the few that I have seen int he 2.6x kernel build are quickly patched.

That is why linux virii are so pointless. they get patched so fast and damn near everyone updates constantly. Personally, I have a cron job that upgrades my system 5 times per day.
thts on my desktop and my dedi. My webhost is already using the latest kernel and libs for everthing on their systems.

Actually, I do have to stop you there. Viruses in Linux may not ever get past your own privileges and gain world-write privileges, but they already have permissions to something irreplaceable: Your own data. Now, it's no big deal if you're smart and do backups. But you realize that programs, system files, etc, are easily replaced or reinstalled. But woe betide thee if you lose GiB of data you might not be able to replace. Yes, it is still fortunate the virus still only has access to your your own data, but it is sad that it is limited to the data it is probably going to do more damage to YOU rather than the SYSTEM if it is deleted.

The virus is not likely to make your Linux box a botnet, but it already can read and delete highly sensitive data. Viruses these days seem more written to steal personal info than to destroy.

But, fortunately, Linux viruses are still exceptionally rare.

Edit: Forgive any grammar/wording errors. I just woke up and need caffeine.

Last edited by Yaro (2009-04-03 14:14:04)

Offline

#40 2009-04-03 14:18:14

hatten
Arch Linux f@h Team Member
From: Sweden, Borlange
Registered: 2009-02-23
Posts: 736

Re: Linux and Viruses?

FeatherMonkey wrote:

With the proof of concept using .desktop files, what I thought was is there not perhaps some truth. OK so escalating to apps/services that the user uses and manipulating them is bad.

But in all honestly surely as many machines are single users, with there data in one place is the user home not the really scary place. Speaking for myself I'd rather lose the whole of root than user.

backup wink

Offline

#41 2009-04-03 14:28:14

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

hatten wrote:
FeatherMonkey wrote:

With the proof of concept using .desktop files, what I thought was is there not perhaps some truth. OK so escalating to apps/services that the user uses and manipulating them is bad.

But in all honestly surely as many machines are single users, with there data in one place is the user home not the really scary place. Speaking for myself I'd rather lose the whole of root than user.

backup wink

Backup backup backup. smile Though anything outside of /home is prrrobably easy to replace (I'd backup a few configuration files in /etc, but that's me.) stuff in /home can be quite valuable and oh-so-unprivileged.

Offline

#42 2009-04-04 01:01:47

hank863
Member
Registered: 2008-08-23
Posts: 77

Re: Linux and Viruses?

What should you do if you have mounted a Windows partition?  Could a Windows virus "jump" into your Windows partition?  Could a Linux virus be transferred from the Windows partition to your Linux partition?

Offline

#43 2009-04-04 01:07:22

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

hank863 wrote:

What should you do if you have mounted a Windows partition?  Could a Windows virus "jump" into your Windows partition?  Could a Linux virus be transferred from the Windows partition to your Linux partition?

Not without something actually running to transfer it. Files don't move on their own. Viruses going through Linux servers are being passed through things like mail servers. They go to the user upon a client making a request for messages.

So mounting an NTFS partition with Windows on it while running Linux won't cause any viruses to jump for their "native land" so to speak.

Offline

#44 2009-04-04 15:03:21

R00KIE
Forum Moderator
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 3,383

Re: Linux and Viruses?

Well, on personal computers it may be a more serious risk, servers may be administered with cli and admins know what they are doing and are more suspicious of anything that seems strange and only a few things are automatically run, on desktop systems only the places that the user has a right to modify will get affected (if running with user privileges), everyone knows that regular backups are a must (but almost anyones does that, me included ^^;; ). A bad virus on a well configured system (if it is intended to disrupt data) is less damaging as a hardware failure.
But on the other hand if the virus is meant to steal confidential data then it will not disrupt anything .... but as said before, linux virus on the wild are not so common (when compared with windows ones), a somewhat regular scan with clamav and rkhunter will catch any baddies.

As for windows virus jumping onto linux ... as far as I know it will not happen, most are windows executables so they rely on windows and specific windows vulnerabilities and features to run, even visual basic virus may find their life hard on linux (if not designed to affect linux also), to start paths are not defined the same way, there is not any c:\ , /whatever and the system files don't have the same name (as in windows) and most probably their location is not writable with user permissions (the exception is /home/user_home).

Flash drive autorun.inf virus as far as I know are nothing more than a joke on linux as it is just another file and not executed automagically, I guess that even .desktop virus require some user intervention to run so the same precautions and common sense that should be used with windows should be used with linux, if trying something from an unknown (possibly untrusted source) need to be scanned (and/or even quarantined) before being executed. If something asks for root privileges (when it shouldn't) it is to be suspected.
I guess that most virus on windows spread because of social engineering and because users trust too much on whatever they find on the internet and don't really know for sure how things work (I guess we have to agree the learning curve is smoother on windows that it is on linux, although linux may be a little harder to "tame" it isn't such a bad thing, it will give the user some valuable knowledge to help the user on hard times or not to make some mistakes or be more overcautious.  As an example and don't laugh (too much) but ... I've seen people that knew how to use msn and ie but didn't know how to turn a computer on or even login on win2k where you have to press ctrl+alt+del even with the the help showing them what they needed to do), how can you expect these users to even try to predict a link, a mail or some file may be a virus, everything seems to work automagically and when they get a virus it was bad luck and they try to live with it (yes, I've seen that too).
I guess that unless a security flaw is discovered, linux users with a bit of common sense _and_ with a bit of education (which most probably they have) don't have much to fear, I guess that why most people say linux doesn't have virus, common sense + some some education + safe, open and reviewd system + less market share (on the desktop front at least) ~= less virus problems.
I would say that users that are a little bit interested on how things works will be pretty much safe with linux, point and click don't care users may be safer than with windows but still more exposed to threats, but as the article muunleit points out, no system can protect the user from it's own stupidity.

.... I always write too much hmm ... you may want to read this again when you are having some trouble sleeping or something like that tongue .


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#45 2009-04-04 20:25:56

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

R00KIE wrote:

Well, on personal computers it may be a more serious risk, servers may be administered with cli and admins know what they are doing and are more suspicious of anything that seems strange and only a few things are automatically run, on desktop systems only the places that the user has a right to modify will get affected (if running with user privileges), everyone knows that regular backups are a must (but almost anyones does that, me included ^^;; ). A bad virus on a well configured system (if it is intended to disrupt data) is less damaging as a hardware failure.
But on the other hand if the virus is meant to steal confidential data then it will not disrupt anything .... but as said before, linux virus on the wild are not so common (when compared with windows ones), a somewhat regular scan with clamav and rkhunter will catch any baddies.

As for windows virus jumping onto linux ... as far as I know it will not happen, most are windows executables so they rely on windows and specific windows vulnerabilities and features to run, even visual basic virus may find their life hard on linux (if not designed to affect linux also), to start paths are not defined the same way, there is not any c:\ , /whatever and the system files don't have the same name (as in windows) and most probably their location is not writable with user permissions (the exception is /home/user_home).

Flash drive autorun.inf virus as far as I know are nothing more than a joke on linux as it is just another file and not executed automagically, I guess that even .desktop virus require some user intervention to run so the same precautions and common sense that should be used with windows should be used with linux, if trying something from an unknown (possibly untrusted source) need to be scanned (and/or even quarantined) before being executed. If something asks for root privileges (when it shouldn't) it is to be suspected.
I guess that most virus on windows spread because of social engineering and because users trust too much on whatever they find on the internet and don't really know for sure how things work (I guess we have to agree the learning curve is smoother on windows that it is on linux, although linux may be a little harder to "tame" it isn't such a bad thing, it will give the user some valuable knowledge to help the user on hard times or not to make some mistakes or be more overcautious.  As an example and don't laugh (too much) but ... I've seen people that knew how to use msn and ie but didn't know how to turn a computer on or even login on win2k where you have to press ctrl+alt+del even with the the help showing them what they needed to do), how can you expect these users to even try to predict a link, a mail or some file may be a virus, everything seems to work automagically and when they get a virus it was bad luck and they try to live with it (yes, I've seen that too).
I guess that unless a security flaw is discovered, linux users with a bit of common sense _and_ with a bit of education (which most probably they have) don't have much to fear, I guess that why most people say linux doesn't have virus, common sense + some some education + safe, open and reviewd system + less market share (on the desktop front at least) ~= less virus problems.
I would say that users that are a little bit interested on how things works will be pretty much safe with linux, point and click don't care users may be safer than with windows but still more exposed to threats, but as the article muunleit points out, no system can protect the user from it's own stupidity.

.... I always write too much hmm ... you may want to read this again when you are having some trouble sleeping or something like that tongue .

In short, though a large factor in security or lack thereof may be in the operating system itself, the weakest link in the security chain is none other than the user.

Offline

#46 2009-04-05 07:15:56

generic_
Member
From: Jacksonville,FL US
Registered: 2008-12-21
Posts: 182

Re: Linux and Viruses?

barjo wrote:

> 1. The kernel is changing all the time.
This is probably an interesting "feature" to make kernel module infrastructure less attractive to root-kit authors, but I fail to see how it's relevant to virus/worms?

Actually yes you are right. I should have said that in regard to security in general.


I'm just lost n00b!

Offline

#47 2009-04-05 08:19:10

mikesd
Member
From: Australia
Registered: 2008-02-01
Posts: 785
Website

Re: Linux and Viruses?

Anti-virus software for windows is a joke. Every single windows av product I have seen has a major impact on system resources. I hate having to support it at work with a passion. I can't believe Microsoft still hasn't worked out a way to allow users to temporarily elevate their privileges to perform administrative tasks and then drop them once done. I guess it isn't all Microsoft's fault as it is amazing how many 3rd party apps require local admin privledges just to run! Linux's su and sudo are just *so* simple. As Yaro said the users are the weakest link. I don't use AV software on my work Vista machine as I know not to install every piece of spyware/malware laden software I find on the net or is emailed to me. Unfortunately most windows users don't know this. Anyway back on topic...

I don't run any anti-virus software on my Linux machines. All my machines are behind a NAT gateway so none are directly accessible to the internet. Only one of my machines has a permanently forwarded port to it, port 22 for ssh,  and on that machine I have a very simple iptables based firewall that guards against brute force attacks by blocking repeated ssh login attempts, mainly to keep them filling up my log files as the sshd server only accepts public key logins, no passwords.

This is enough security for me. I laugh at how vulnerable Windows machines are and enjoy not having to worry about viruses on Linux. I know they exist but when most of my software is open source and comes from the Arch repos I am fairly confident it hasn't been tampered with. There is just no percentage in virus/malware writers targeting Linux as the OS itself, and the higher technical knowledge of the average user, makes it much harder to gain a foothold. Windows, and the average windows user, on the other hand... smile

Offline

#48 2009-04-05 08:50:11

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

mikesd wrote:

Anti-virus software for windows is a joke. Every single windows av product I have seen has a major impact on system resources. I hate having to support it at work with a passion. I can't believe Microsoft still hasn't worked out a way to allow users to temporarily elevate their privileges to perform administrative tasks and then drop them once done. I guess it isn't all Microsoft's fault as it is amazing how many 3rd party apps require local admin privledges just to run! Linux's su and sudo are just *so* simple. As Yaro said the users are the weakest link. I don't use AV software on my work Vista machine as I know not to install every piece of spyware/malware laden software I find on the net or is emailed to me. Unfortunately most windows users don't know this. Anyway back on topic...

Actually, I do blame Microsoft. It's up to them to get 3rd party developers to conform to a "Windows standard." They actually implemented UAC just to pester the users and to convinve said developers to wise up. As far as I can tell, this did not work. I would oft describe UAC as "sudo but without the actual security." UAC is ineffective at best.

Windows has done many a terrible thing for the industry. Teaching developers very bad habits just so the software would be workable is one of them.

mikesd wrote:

I don't run any anti-virus software on my Linux machines. All my machines are behind a NAT gateway so none are directly accessible to the internet. Only one of my machines has a permanently forwarded port to it, port 22 for ssh,  and on that machine I have a very simple iptables based firewall that guards against brute force attacks by blocking repeated ssh login attempts, mainly to keep them filling up my log files as the sshd server only accepts public key logins, no passwords.

This is smart. Though many Linux security guides don't recommend even having the SSH Daemon even installed if you don't plan on using it. That being said, I have sshd installed and running on my machine because its a great way to use my computer when away from home. I prefer using my own apps/Linux. So even when stuck with, say, a Windows laptop, I can still use my Linux CLI apps. Better yet. I like to carry a Linux LiveUSB with a persistent filesystem. This means that I can has all my settings, some documents, etc. But it also means I have a decent X platform to do X forwarding to. I just have to reboot and run that USB stick.

mikesd wrote:

This is enough security for me. I laugh at how vulnerable Windows machines are and enjoy not having to worry about viruses on Linux. I know they exist but when most of my software is open source and comes from the Arch repos I am fairly confident it hasn't been tampered with. There is just no percentage in virus/malware writers targeting Linux as the OS itself, and the higher technical knowledge of the average user, makes it much harder to gain a foothold. Windows, and the average windows user, on the other hand... smile

I still recommend having a good antivirus program (I recommend Avast!) and a good firewall (I recommend Netlimiter) installed on Windows because its security is lax. Even if you're a wonderfully skilled Windows administrator, it's almost inevitable that the machine will either get a virus or will be exploited in some way while running Windows over the long term.

Linux behind a router is very very secure. Even if it's not hiding behind a router's NAT, it's still quite secure. And I usually like to do a few things to assure it's even more secure.

1. Disable root a la Ubuntu. This already keeps your system immune to high-risk brute force attacks that target root on a system. This leaves a cracker stuck with the problem of figuring out some other username to try to break.

2. Before you disable root, install sudo and make sure you have the wheel. sudo is probably the best security tool ever developed for Linux: Temporarily elevate to root permissions for ONE command only. Do NOT enable to NOPASSWORD option in the sudoers file, as that means once someone does manage to break in to a sudoer's account and they have NOPASSWORD set on themselves, it's basically the same as breaking into root.

3. Use cryptic passwords. By cryptic, I mean passwords like you can generate from sites like http://www.passwordchart.com/. This protects you from brute-force attacks. An example of this sort of password would be, say, "E4k9^mwl&mal&". They're not as easy to remember, but enter it enough times and you'll get it down.

4. GRUB has a password feature that supports MD5 hashing of the passwords it stores. This is less to protect you from crackers and more to keep more sensitive boot options from being used by malicious local attackers who have physical access to your system.

5. ALWAYS, ALWAYS, keep up to date with your packages. Both upstream and distributors will frequently be fixing bugs and resolving security holes that they want to pass down to you. Updates are primarily used for security, but as in a distribution like Arch, it's just good sense so you'll always have current software. Remember, any bug that can disrupt normal operation of even the most minor of processes on your machine is an exploit. Fortunately, the nature of open source means the user can actualy pinpoint the bug themselves and possibly even fix it, sending a patch upstream and praying it'll be integrated into a new revision or point release.

6. Use your head. Social engineering is the most powerful tool in a cracker's arsenal. They know the user is the place where security breaks down and turns to crap. In Linux it is indeed more difficult like you say because most of its user-base consists of outright technical geniuses who know what NOT to do with their systems. Note that not all social engineering is used by crackers. the Ubuntu Forums has a lengthy sticky post announcement that is basically dedicated to malicious commands that are meant more as a malicious prank. If anyone asks you to do a command in Linux you don't know about, run the command by a friend you trust. Of course, don't bother when some idiot tries to fool you into "rm -rf /". That should be clear as daylight what that does.

7. Though it is unnecessary, it's probably still a good idea to have ClamAV and some sort of iptables-capable firewall installed on Linux, just to be on the paranoid-safe side.

Offline

#49 2009-04-05 09:38:32

mikesd
Member
From: Australia
Registered: 2008-02-01
Posts: 785
Website

Re: Linux and Viruses?

Yaro wrote:

I still recommend having a good antivirus program (I recommend Avast!) and a good firewall (I recommend Netlimiter) installed on Windows because its security is lax. Even if you're a wonderfully skilled Windows administrator, it's almost inevitable that the machine will either get a virus or will be exploited in some way while running Windows over the long term.

True. The main reason I don't is that I refuse to trade performance/reliability for security. I keep the OS and major apps, Office, Acrobat patched and do actually run a copy of clamAV so I can scan a suspect executable if I need to but don't use any sort of file system scanner. I also expect to have to reinstall windows every 6 months or so due to bit rot anyway. I certainly don't think of myself as a *wonderfully skilled Windows administrator*. I'd rather be a somewhat competent Linux administrator any day. smile

You made other good points too. I use pwgen to generate passwords. I don't feel safe generating passwords on a website. For ssh I only use public/private keys. These keys are stored on disk here and there but are always encrypted with a *good* passphrase. I use ssh access to my machines constantly from work. ssh allows you to define which users can login and I only have one account allowed. Obviously it is not root. smile Most breakin attempts result in "Invalid user...".

UAC is useless. It sounds even worse in Windows 7.

I wouldn't worry about GRUB or BIOS passwords. Once an attacker has physical access to your box all bets are off. If an attacker can reboot your machine it is no longer your machine. With a live cd a grub password is irrelevant and a BIOS password won't help when they yank your disks and mount them in another machine. An encrypted filesystem would be a better safeguard though certainly not 100% secure.

Offline

#50 2009-04-05 09:55:11

Yaro
Member
Registered: 2009-04-03
Posts: 145

Re: Linux and Viruses?

mikesd wrote:
Yaro wrote:

I still recommend having a good antivirus program (I recommend Avast!) and a good firewall (I recommend Netlimiter) installed on Windows because its security is lax. Even if you're a wonderfully skilled Windows administrator, it's almost inevitable that the machine will either get a virus or will be exploited in some way while running Windows over the long term.

True. The main reason I don't is that I refuse to trade performance/reliability for security. I keep the OS and major apps, Office, Acrobat patched and do actually run a copy of clamAV so I can scan a suspect executable if I need to but don't use any sort of file system scanner. I also expect to have to reinstall windows every 6 months or so due to bit rot anyway. I certainly don't think of myself as a *wonderfully skilled Windows administrator*. I'd rather be a somewhat competent Linux administrator any day. smile

Me, too. I just use Windows for games. Linux can do pretty much everything else. When I started securing my Windows install, it was a real PITA dealing with Netlimiter begging me to resolve all sorts of stuff trying to use the 'net. Most my games are Steam-based, so you can imagine how that goes.

mikesd wrote:

You made other good points too. I use pwgen to generate passwords. I don't feel safe generating passwords on a website. For ssh I only use public/private keys. These keys are stored on disk here and there but are always encrypted with a *good* passphrase. I use ssh access to my machines constantly from work. ssh allows you to define which users can login and I only have one account allowed. Obviously it is not root. smile Most breakin attempts result in "Invalid user...".

Indeed! In the sshd_config file you can explicity tell the daemon NOT to allow root logins whatsoever. I might think about restricting SSH usage to just my own userid, since this is my own computer.

mikesd wrote:

UAC is useless. It sounds even worse in Windows 7.

There's lots of stuff I see wrong about Window 7 which I will not get into here as it is off topic. I did hear Vista SP1 reduced the amount of UAC begging, though. Personally, I agree with you that it is still useless.

mikesd wrote:

I wouldn't worry about GRUB or BIOS passwords. Once an attacker has physical access to your box all bets are off. If an attacker can reboot your machine it is no longer your machine. With a live cd a grub password is irrelevant and a BIOS password won't help when they yank your disks and mount them in another machine. An encrypted filesystem would be a better safeguard though certainly not 100% secure.

Ahhh, but one of the beautiful things about Linux is you can restrict ways to restart a computer. Pretty much to the point of forcing an intruder to hard-reset the machine, at which point a BIOS password should effectively protect your system. Your drive removal thing is a good point, but that can be thwarted by a lockable chassis.

Offline

Board footer

Powered by FluxBB