there is one thing.. you have to make it executable.. so clicking on some mysterious email attachments will not be enough.. but i agree... you can't stop the users installing their trojans by themselves

Or you use a cool Firefox extension that logs all keystrokes in the browser, which is where the most private information is used anyways.

Really, social engineering can be done on any platform. Things like self replicating worms that use holes in the OS will be fairly insignificant in Linux but 'download cool sexy firefox extension with n*de pics of Britney Spears' will certainly entice enough Linux using kiddies to make it a security problem for the individual home user.

Hello,

As most users previously pointed out, I too agree that user education is a critical point in stopping malware spread as long as they have a clue that they are installing the malware.

The worst thing Windows does, in my opinion, is that allows too much stuff to be performed behind the drapes than it should be normal. There are several dozen ways to start some app at startup or get executed without the user to have the least idea.

The worst thing is that normal applications (for instance explorer.exe) can easily be turned to perform bad things by the use of shell extensions and other hooks.

Maybe a practical example of known malwares comparison should be in order to better differentiate how linux is more secure (or not) than windows.

Linux viruses will come to exist in a stronger sense than they do now. As of now, Linux viruses require technical knowledge of the workings of the operating system. Funnily enough, I think about 95% of the viruses come from sciptkiddies, which have no technical know-how and use kits to build their virus.

For now, such kits do not seem to exist for Linux.

Popularity of the "dumb clicker" as the easiest and most sure way of spreading the virus. Most viruses spread by clicking on a bad image/url. That's why you'll not see many viruses aimed at servers, since there is much less "clicky" interaction on those systems. (These systems - by contrast - are more likely to be the targets of hacking)

A few things could and would make Linux a good ground for viruses:
- lazy users that always log in as root coz life is so much easier then. (trust me, I've seen many of those... too many) (blessed be HAL - even with it's drawbacks - for eliminating many of the core causes like mounting an usb-drive)
- unaware users that will do clickyclicky on every url presented to them. With programs becoming smarter and smarter, the "auto execution" of embedded code (think javascript and the likes, but also code embedded in images) becomes more and more a dangerous part, especially if the user is logged in as "root".
- keylogging will always be a danger. Not much that can help prevent it. It's already proven that you actually actively can listen with a microphone (special type I suppose) and know exactly which letters were typed by the neighbour in the other house). But unaware users can always be the target of keyloggers, or credit-card fraud or hacking of other banking data theft. Be it by having used unencrypted connections, or bad passwords...
- people will not always have the latest security patches. So vulnerabilities, while being fixed fast, may last for some time because the owner will not install them as soon as they are available.

With the growing popularity of Linux the amount of viruses for Linux will grow as well. Question remains if they'll have as much impact as windows viruses have now. Time will tell.

as for a noexec and nosuid flags for /home: I like to code when I have some free time. Besides, some programs (mostly games) I run in wine. I have the wine drives in my homefolder and tehy have the "x"-bit. There's no harm, I'm a normal user. As normal user I cannot change anything on the system, except stuff in my own homedir and some specific other directories, where there will be no "system harm". So, even a script that will do "rm -rf /* &" will only remove stuff from my user (which is bad enough; but then again, I keep all my important stuff redundant and one such a script would harm only the stuff not marked "important")

To be honest, other than Linux viruses spreading by posing as a well known application which you trust enough to make executable and run, it's a bit tough to spread a virus here on Linux. Most people here use their distro's repository, and so if you want to sneak a virus into there, you'd have to put the code in perhaps some popular application. Of course, like most popular applications, it'll probably have some sort of version control, so when a gazillion or so developers go "whoah, what's this diff?", you'll find it's pretty hard to go unnoticed.

Moult wrote:To be honest, other than Linux viruses spreading by posing as a well known application which you trust enough to make executable and run, it's a bit tough to spread a virus here on Linux. Most people here use their distro's repository, and so if you want to sneak a virus into there, you'd have to put the code in perhaps some popular application. Of course, like most popular applications, it'll probably have some sort of version control, so when a gazillion or so developers go "whoah, what's this diff?", you'll find it's pretty hard to go unnoticed.

That suggests that most people get their viruses by installing unknown software. While that certainly is one of the ways viruses spread, I think the biggest part is done by visiting strange websites by clicking a url that gets mailed by a spammer. Even Linux provides only partial protection against stupidity. PEBKAC my friends

Drumar wrote:That suggests that most people get their viruses by installing unknown software. While that certainly is one of the ways viruses spread, I think the biggest part is done by visiting strange websites by clicking a url that gets mailed by a spammer. Even Linux provides only partial protection against stupidity. PEBKAC my friends

Neither of those would work very well because files do not, by default, have execution privileges. And if someone downloads what they think is a video or picture and it asks for root privileges to install software then you would hope they would realize it isn't a picture.

The problem won't be the repos, but individual packages that are up for grabs on some site (getdebs.net could potentially be a black hat site, not saying that it is....). Not to mention browser toolbars....

Having run programs like F-Prot for years on linux, I finally found that there really is no need, as if they ever found anything, it was always inside windows exe's that I downloaded to run in Wine or VirtualBox.

IME linux is just about as safe as any OS can get so long as you use it sensibly, as a USER. Most distros now make it difficult to run as root anyway, so permissions need to be given for anything to install. This makes a "Peace of mind" statement to me at least, and also outlines the major vulnerability with MS, which I tend to call "Mighty Stupid". Any system that gives total control to the machine, which MS does, has to be daft!

MS latest versions just make things worse, by removing so much of the information about what is going on from the user, and making it so easy to use isn't necessarily a good thing. The other thing that makes MS so vulnerable is the Registry, one single file that tells the operating system what to do, what to run and what to open or shut. Anything that can insert itself into this file can and will do harm, and MS makes this so easy! Linux doesn't have such a file, it just runs individual scripts, if the correct permissions are given. Any virus would have to be very intelligent to overcome the safety mechanisms in place, and what is the point? Who is it going to hurt? Keylogging, maybe, but that's really the only area that really warrants any consideration.

The other aspect of MS that no-one has yet mentioned is why it's attacked. I believe that if MS was free, or at least, much less expensive, like Linux, it wouldn't be so much of a target. People attack it because it's costly, inconsiderate and monopolising. Even the courts are attacking it now for it's lack of consideration of users' choice. Just take the case of IE and how MS was forced by the courts to make it removable.

Here's another question for you to think about:
When was the last time you bought a new pc with an OS disk? I don't mean the factory restore disk, I mean the OS? When Windows 98 was around, you used to get a set of disks containing all the software you bought with the pc, on individual disks, and if anything went wrong, you could reload what you wanted, rather than all the rubbish the manufacturer puts on these days. Now, when things do go wrong, you have to re-install according to the restore disk, whether you like it or not, and if you change the computer, buy another OS. The software you buy with your pc is not transferrable any more.

I don't dislike MS, I openly dispise it. I don't write virus's, trojans or hack into computers, I don't agree with any of this type of abuse of what has become an essential tool, but I can understand why it's done!

The biggest potential threat to Linux security are not newbie users. Ex-Windows users are the problem. You see, downloading and installing some random **** is usual practice in Windows. In Linux distributions you just use package manager. So if a newbie gets the instruction: "this is the package manager. It is your friend. Install your programs only from it. Anything else might break your system", he would most probably follow that advice. In Windows you have to install every app by clicking on it, it is normal user practice there, it is not different to install a program than to install a virus. In Linux you don't do that kind of thing, you don't click on random **** you have downloaded and launch it. You go to package manager and select your programs there -- different behavior and newbies hate to do something different, they'll ask instead. As for commertial software -- I think Ubuntu has an idea for that, commertial apps will be integrated to package manager AFAIK.
But even with ex-Windows users numbers growing, Linux is still a mass of different distributions and programs, viruses will have damn hard time finding something common to spread upon it. We might have Firefox dominating linux browsers now, but Chrome will follow, Epiphany will have Webkit and Konqueror gets better all the time. Not to compare with Windows where EVERY PC has IE installed.
Besides, more and more distributions use SELinux by default which will make it even harder for malware to spread.
Single or isolated infections might occure, but nothing on the bigger scale, no conficker for linux, that's for sure. Even with cross-platform malware the impact will be very limited -- it still would affect Windows users more.

I spent some time reading the thread over at Slashdot which has helped inform me as has this and other threads. Reading the last few comments I felt I should share my thoughts.

I think it is great that in such a short space of time everyone has sat up and taken note of this issue. It is remarkable to note this issue is neither new nor is the community ignorant of its existence once you start googling around so the interest this debate is creating is perhaps fueled by recent arrivals to Linux community that are keen to benefit from the best security possible and darker interests that benefit from discrediting the Linux choice and on the less paranoid side just a few people that wanted to see where the attack vectors are on a Linux distro and decided to share it publicly for their personal reasons.

Noting this vector is DE specific and that eventually most users are going to use some form of GUI for interaction with Linux it would be apparent that there are choices to be made and ideas to be considered that help the community avoid repeating the mistakes of the Windows design philosophies which lead to a very weak system.

Whether it's ex-windows users or old-schoolers using a Linux distro I think does not matter, social hacking will have a greater part to play - imagine someone spiking their 'friend's' laptop and they happen to be a support engineer for Deutsche Post, you see where this goes... it's not always the user's fault that the malware gets triggered so this means very soon if design choices around the DEs' security are not made then we have the whole Windows mess (malware catalogues, virus signatures, trust tests) tumbling down upon us.

Never be content that Sudo will protect you... with the thought of malware having access to your user account I think one user at the slashdot thread made the point that for many users, especially home users (often the most vulnerable), that access to your data was a much greater risk than access to core files, core files can be replaced - your data can be priceless (yeah, backups of course but time between each backup of average home user is... never enough) and having malware present that nukes their data when tampered with is going to really hurt.

The Linux community encourages experimentation so at some stage users will look for a helping hand when the repos come up empty... 3rd party repos will be the most immediate and obvious target and don't be surprised if the perpetrators tailor the bait to things this community loves - vigilance and common sense don't always come into play when desire, benevolence and other human motivations are afoot - again more so for the amateur than the expert.

We all understand the need for "driving licences" however the cost/reward is not yet enough that there are not 'laws' for computer usage and why should government intervene? The burden is left with the vendors and the communities to resolve and I'm glad that continued interest remains over this issue and look forward to the debate continuing till a fit-for-purpose consensus is reached.

Till then, I think it's a great time to review the attack vectors and put some practices in place or confirm existing practices mitigate these risks.

It will come the time that linux is a standard operating system,
I think its already.
It will come the time evil guys will try to crack linux,
there exists already rootkits for unix.
Any operating system is men made, and men make failures.

These are facts, keep it in mind.

The mayor problem which opens evil guys the door,
sits between chair and monitor.

So think before you klick.

Install as few as possible
... the more you installed, the more you've got to check.

Only install from sites you trust
... do not install experimental things on production machine

No common passwords
... whenever a password is needed use a different one
-- makepasswd is a nice tool to create good passwords

Avoid sudo at best deinstall it
... sudo opens a way without password to root

Do not run anything suspicious as root or main user
until you've backuped your system
and you tested it as nonvulerable user
... adduser deluser are nice tools to get a fresh login to test something
in a clean homedirectory.
And after this check you can easyly find any file of user by using
>find / -uid `id -u`

I follow these rules since linux 0.9 and other 'nix before,
and I had not any problems on my systems.

To announce a system is safe is a big failure !
.. this motivates crackers !

I think some people are forgetting something: why do virus-writers write viruses?

A lot write viruses for financial reasons (and even then they tend to write virus-creation applications rather then actual viruses), but a lot also write viruses to prove that they can - it's not an easy thing, to find vulnerabilities and weaknesses in an OS on your own. It takes a lot of knowledge of the actual operating system. Often times they'll write viruses because they don't have anything else to do, or they're good at programming but e.g. can't get a job at [some proprietary company].

That means a lot of Windows-virus-writers are actually potential Linux developers. If they find something they don't like, they just change it. Re-write something. Involve themselves with the project's team. In Windows, if there's something they don't like or think, "I could make that better" - they're stuck with it. It doesn't matter who they ask or how much they know, they can't touch the source. They can't do what they want with it... so as a get-back, they write viruses. That's how it's been for a long time, anyway...

Also, I'd have to agree - open-source applications should take priority and should provide most-everyone's needs, as well as appearing in the repository of whatever system you're on.

Posted by FEWT at 9:05 AM wrote: "... Linux is just as vulnerable if not more so than any other platform. Yesterday, it was announced that a popular software package for Linux distributions contains a backdoor giving full access to execute commands as a user on the host where this software package is installed ..."

Read Full Story Here
http://www.fewt.com/2010/06/linux-infected.html


(what I think)
virus need 2 things to work
exposure and exposure

This wasn't actually a virus, someone hacked a server and replaced a not particularly popular pieces of software with a version with a remote exploit, and some packagers didn't bother to verify that the published checksums matched. At lest my understanding is if the distro packagers in question had followed standard security procedures this would not have happened.