Re: Linux viruses -- everything you need to know!

or anything from Adobe

Re: Linux viruses -- everything you need to know!

I run ClamAV (it's a Linux version of an Antivirus programme) on a weekly basis, and as I have a lot of files, some incoming as well as out-going, I need to check the incoming ones to make sure I'm free of anything scary - So far I've not had anything land on my door-mat but that doesn't mean it won't in the future - Linux is getting more well-known and it only takes a troll to get ideas... so be safe!

Re: Linux viruses -- everything you need to know!

The only value to running an AV product on incoming email is if you want to forward it on to Windows machines your friends use and so you clean up the email as a courtesy. IF there were a Linux virus attached you would have to do three things to get infected:
1) Save it as a file. Linux can't run an app unless it is a file. There are no "ActiveX" controls or automatic scripting engines on Linux.
2) Add the execute permission to make it executable. Even then, it will only execute IF it is an ELF binary or a properly written script (i.e., has #!/bin/bash or something similar as the first line of the script)
3) Run it. IF you want to run it as root then you have to change its ownership and/or use sudo.

Those are three VERY FOOLISH STEPS and would require someone who is extremely gullible and easily influenced by Social Engineering. Also, since social engineering is a person-to-person action it would be impractical to try and create a bot farm of Linux zombies. If it took a bad guy 15 minutes of social engineering to get a Linux user to infect his own box that's only 32 boxes a day, or 960 a month. To create a 1.5 million zombie bot farm out of Linux boxes would take 130 years at that rate. It would take a single Windows virus only a few days to accumulate that big of a bot farm.


Linux in the USA is already over a 12% desktop market share. If infection rates were proportional to usage rates, and Windows had 2,900,000 viruses last year alone, then Linux should have at least 300,000 active viruses plaguing Linux users. How many active Linux viruses, found in the wild, have you heard about during the last year? None.

Re: Linux viruses -- everything you need to know!

In the light of a couple of recent events:

1. The resurgence of the Zeus virus targeting firefox (the articles don't seem to emphasise it is windows only)and
2. Someone attempting to use my credit card number to send £2 to Oxfam resulting in it having to be cancelled. The bank told me it could be down to a Trojan or a random credit card number generator. I (and they) suspect the latter as the nature of the transaction suggests it's a test.

In light of the above, I have run KlamAv on both the home and system files. On both it has found "heurstics.broken executables" saying they are "probably a virus". I have got rid of the files from the home directory but am concerned about the system ones. The system scan didn't complete before I had to stop it but the ones I saw were in /usr/lib virtualbox. I have not elected to quarantine them until I know what they actually are. Any thoughts please?

Thanks

Ian

Re: Linux viruses -- everything you need to know!

You should
man aa-enforce
and consider using it on FireFox if you are concerned (and if it isn't already protecting FF by default, which I am not sure of).

Re: Linux viruses -- everything you need to know!

Thanks - Here's the output

Am I right in concluding that it's running at the highest level by default, given I haven't knowingly changed anything?

Re: Linux viruses -- everything you need to know!

I don't believe it is: http://www.uluga.ubuntuforums.org/sh....php?p=9180831

If you have "usr.bin.firefox" in /etc/apparmor.d/disable/ then I doubt you are.

You can read /etc/apparmor.d/usr.bin.firefox and see what it does to see if you want to enable it.

Re: Linux viruses -- everything you need to know!

I been reading through the article and was reminded many times of the "ROOT" User. I just recently installed Kubuntu and it gave me the option to create a user. On that screen is that the ROOT user that everyone is speaking of? If so then the safest precaution is to create a second user if i'm understanding correctly? Don't want to sound like a complete noob but the truth is I AM.

Re: Linux viruses -- everything you need to know!

No the root user is "root" - you would have to physically login as root to run as root. User "eric" does not, without more, have root-like privileges. The sudo concept grants you temporary higher level privileges for example to install software. so when you launch synaptic you need to enter your password and you can then use it properly. When you close it off, you have a short time during (a few minutes I think) which you can launch it again otherwise you need to re-enter the password.

So don't worry about that - user "eric" only has root privileges when you choose to grant them. The downside is that you could also use that power to run applications like firefox as root user. That would require the password (and a death wish )

HTH

Ian

Re: Linux viruses -- everything you need to know!

Eric - first of all welcome to KDE and the forum. I think you may be the most active new user ever!

This topic has been thrown about a lot but it's well worth repeating:

Linux is virtually virus free, secure, recoverable and more due to in no small measure the control of permissions. This is something almost unheard of in the Windows world. You will be hearing a lot about permissions and running into a few walls along the way - this is a good thing. This will help you keep your system running.

Here's some basic rules and info:

1. Never log into a GUI as "root" - this is disabled by default in Kubuntu and I won't tell you how to do it!
2. The function "sudo" means "do as root" - su = super user (aka root) and should only be used in a terminal, never for a GUI program.
3. Never launch a GUI program as "root" - this means don't open a terminal and type "sudo someGUIprogram"
4. When the time comes that you need to do something as "root" and you want to use a GUI program, the correct (safe) way to do this in KDE is to use "kdesudo someGUIprogram". This launches a GUI shell that correctly directs root access away from your /home and toward /root.

In summary: If you read a post that says "edit file whatever.conf as root", open a terminal and type "kdesudo kate whatever.conf". You will get a pop-up asking for root password and then it will open the file in kate (or use kwrite) and allow you to edit and save it. Do not use "sudo kate whatever.conf"

Permissions exist in several ways and levels. You can start learning about file/directory permissions here

http://www.comptechdoc.org/os/linux/..._ugfilesp.html

Re: Linux viruses -- everything you need to know!

Thanks for the information, I was thinking (Because of windows) that when you first create a user, that becomes the admin account. Lucky for me Linux has "Common Sense" permissions in place so that novice users like myself don't accidentally execute a virus. Nice work and thanks again.

Re: Linux viruses -- everything you need to know!

Just remember that the next user you create for your Linux OS won't be a user with sudo privileges... unless you allow that user to get them...

Re: Linux viruses -- everything you need to know!

OShunluvr - Thanks for the info, I didn't know about the KDEsudo command. For months now I've been merrily doing exactly what you say one shouldn't do!

Now for strictly nonGUI stuff (like apt-get) it's ok to just use sudo?

Re: Linux viruses -- everything you need to know!

Yes. When a non-gui app/command that requires root to run, then from the CLI (Command Line - Console), sudo app/command is what you use.

Re: Linux viruses -- everything you need to know!

Explained another way:

KDE is the GUI that works on top of linux.

"sudo" is the linux command that allows root aka SuperUser status.

"kdesudo" is the GUI command on top of linux's "sudo" command that allows root aka SuperUser status.

If you're using KDE (the GUI), use "kdeusdo".

If you're using only the command line (aka CLI), use "sudo"