Announcement

Collapse
No announcement yet.

Linux viruses -- everything you need to know!

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #61
    Re: Linux viruses -- everything you need to know!

    I've read somewhere that even re-formatting contaminated Win drives leaves the MBR unchanged.
    Right, reformatting does not affect the MBR.
    Installing grub for a dual-boot system, however, does overwrite the MBR, and anything obnoxious that a virus may have placed there.
    Many BIOS these days can be configured to shout if anything attempts a write to the MBR.
    We only have to look at ourselves to see how intelligent life might develop into something we wouldn't want to meet. -- Stephen Hawking

    Comment


      #62
      Re: Linux viruses -- everything you need to know!

      Thanks all. No, I was not looking for antivirus; it was all about rootkits and whether a Windows contamination could affect the MBR and hence possibly the Linux partition. Thanks DrDPhD (again!) - it seems that re-installing grub would clear out any possible problems!

      Comment


        #63
        Re: Linux viruses -- everything you need to know!

        Normally, those files are temporary during the booting or mounting of
        block devices and are deleted
        after the device is successfully booted or mounted. Do you have any lines in
        the kernel system log
        that includes those listings and identifies the blkid associated with
        them?
        When I checked the syyslog and kern.log I didn't find any "block specials" or blkid mentions.
        But that doesn't mean there isn't any. I could eaasily miss them.
        Reading through the bug report it mentions software RAIDs. I have Win7 on a 3 disk
        software RAID. During boot I get 3 messages that say no such file or directory and list each of
        the hard drives in my RAID. Could these be my block specials?
        I don't use the RAID in Kubuntu.


        OS: Win7 Prof. X64, XP Prof. x86. WD 160GB X3 RAID 0<br />&nbsp; &nbsp; &nbsp; Kubuntu 10.04 Lucid X64 LTS. <br />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10.10 Maverick X64 KDE 4.6.2<br />MB: abit IP35 PRO. Q6600 OC: 3204MHz. <br />RAM: OCZ 1066MHz 8GB (4X2GB) <br />Graphics: Nvidia 9800GTX+ OC: 823/1265<br />Displays: LG 1280X1024. Asus 1680X1050

        Comment


          #64
          Linux vulnerability

          I think a good part of the reason Linux has not in general been infected by malware is that it isn't a juicy target for blanket attacks. If you're an attacker, why waste your time with Linux when there are so many more Windows systems out there, and on top of that they're much easier to penetrate?

          The notion that good security practices are important is in a way misleading. A truly secure system should be safe in the hands of a gullible six-year-old. The Linux community seems quite ambivalent about what level of sophistication it expects of its users -- and by "users" I mean anyone at all who downloads and installs Kubuntu. On the one hand we make a big point of how easy it is to use Linux and how you don't have to be a sophisticate to use it. On the other hand we push for security practices that demand wisdom in what you pick up from the Net. The limitation of privileges to the root account isn't as much protection as it appears, since a clever social engineer might well persuade a naive user to provide access to the root account in one way or another. And anyone who installs a Linux system perforce has the root password.

          Let's also remember that targeted attacks on high-value systems are a very different kind of beast. A good friend of mine who's a system programmer of great sophistication was "rooted" by a targeted attack on his network. It's hard to defend any system, even Linux, against an attacker who's focused on that specific system and is a Linux expert. The fact is that high-value Linux systems have been penetrated. What convinces me of that is that (a) we often hear of corporate or governmental systems that have been penetrated, and (b) some if not most of those systems are surely running Linux, if only for the reasons that the readers of this forum are.

          And then there's the whole issue of browser-based attacks. They may not be able to gain root access, but they can cause considerable damage nonetheless. You don't need root access to conscript a system into a botnet -- a single non-root user can send out enormous amounts of spam.

          Comment


            #65
            Re: Linux vulnerability

            Originally posted by pwabrahams
            (a) we often hear of corporate or governmental systems that have been penetrated, and (b) some if not most of those systems are surely running Linux, if only for the reasons that the readers of this forum are.
            Think again! At least here, in the good 'ol U.S. of A., the Department of Defense uses Microsoft Windows Vista, and all the branches of the Military are required to use it. Likely, most of the actual Government as well. M$ is like a cancer - once 'contracted' it's very difficult to get rid of! :P
            Windows no longer obstructs my view.
            Using Kubuntu Linux since March 23, 2007.
            "It is a capital mistake to theorize before one has data." - Sherlock Holmes

            Comment


              #66
              Re: Linux vulnerability

              Originally posted by Snowhog

              Think again! At least here, in the good 'ol U.S. of A., the Department of Defense uses Microsoft Windows Vista, and all the branches of the Military are required to use it. Likely, most of the actual Government as well. M$ is like a cancer - once 'contracted' it's very difficult to get rid of! :P
              Somehow I expect that NSA and CIA are using Linux, not Windows -- unless they're building their own OS's. And probably the national labs are using Linux also.

              I wonder if Siemens had been using Linux rather than Windows in their controllers, the creators of Stuxnet would have considered that an impossible challenge.

              Comment


                #67
                Re: Linux vulnerability

                Originally posted by pwabrahams
                Somehow I expect that NSA and CIA are using Linux, ...
                If Windows isn't being used, it is likely that Linux isn't either. But it is possible/likely that if Windows isn't being used, that some variant of Unix is. On our 'servers' at work, Unix is what is used.
                Windows no longer obstructs my view.
                Using Kubuntu Linux since March 23, 2007.
                "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                Comment


                  #68
                  Re: Linux viruses -- everything you need to know!

                  As a retired Federal Employee I can' t imagine why anyone would assume any Government agency is smart enough to make an intelligent choice about anything.

                  I endured "Security" briefings on using M$ IExplor(vomit)er. I always made a point of asking "If security is so important, why are we forced to use the least secure internet browser on the least secure operating system?" This never failed to illicit chuckles from the crowd.

                  No offense intended pw, but I think your expectations are somewhat derived from optimism. Which means you're likely a smart and pleasant person to know - unlike the Feds you give oh-too-much credit to.


                  Please Read Me

                  Comment


                    #69
                    Re: Linux viruses -- everything you need to know!

                    If Windows isn't being used, it is likely that Linux isn't either.
                    Unicos, more than likely.
                    We only have to look at ourselves to see how intelligent life might develop into something we wouldn't want to meet. -- Stephen Hawking

                    Comment


                      #70
                      Government intelligence

                      Originally posted by oshunluvr
                      As a retired Federal Employee I can' t imagine why anyone would assume any Government agency is smart enough to make an intelligent choice about anything.
                      Actually, I'd assume that the folks at NSA are no intellectual slouches.

                      Comment


                        #71
                        Updates and security

                        Here's an angle on this I didn't think of before: how secure is an unpatched two-year-old Kubuntu installation? Presumably a lot of the updates are fixes for security holes. And thinking of it another way: how secure is a current Kubuntu system against someone who psychically happens to know about all the fixes coming down the road in the next two years?

                        Let me make my feelings clear: I consider the risk level of Linux to be far less than the risk level of Windows. That's one of my main reasons for using it. But the risk level isn't zero.

                        Comment


                          #72
                          Re: Updates and security

                          Originally posted by pwabrahams
                          But the risk level isn't zero.
                          Risk can never be eliminated, only mitigated and managed. The best anyone can do, in anything they do, is recongnize what the risks are, and do what they can, within their capabilities, to reduce those risks. But, the possibility of risk will always be greater than zero.
                          Windows no longer obstructs my view.
                          Using Kubuntu Linux since March 23, 2007.
                          "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                          Comment


                            #73
                            Re: Linux viruses -- everything you need to know!

                            Some ideas:

                            1. There is no computer system that cannot be cracked, except for ones that are not plugged in.

                            2. The primary security risk to any system is the user. Whether intentionally, unintentionally, or out of pure ignorance or hopeful apathy, most security compromises are the result of users doing one thing or another that allows an attacker in.

                            3. Knowing the code won't necessarily help. Just because you can read the source code for gpg, won't help you a bit in cracking a properly encrypted gpg file.

                            4.
                            how secure is a current Kubuntu system against someone who psychically happens to know about all the fixes coming down the road in the next two years?
                            I would say, if a person is THAT talented, why would they need to crack your system in the first place? They could read it right out of your mind, right?

                            We only have to look at ourselves to see how intelligent life might develop into something we wouldn't want to meet. -- Stephen Hawking

                            Comment


                              #74
                              Re: Updates and security

                              Originally posted by Snowhog
                              Originally posted by pwabrahams
                              But the risk level isn't zero.
                              Risk can never be eliminated, only mitigated and managed. The best anyone can do, in anything they do, is recongnize what the risks are, and do what they can, within their capabilities, to reduce those risks. But, the possibility of risk will always be greater than zero.
                              I totally agree. In fact I can just imagine someone satisfied with themselves for just having patched the last vulnerability, and hardened the system to the nth degree. The person is sitting at their desk and smiling. Getting ready to go home, he unplugs his computer, just to be completely sure. It is 4:52 in the afternoon on Tuesday, 12 January 2010. The place is Haiti. Not funny - but real.

                              pwabrahams: Here's an angle on this I didn't think of before: how secure is an unpatched two-year-old Kubuntu installation? . . .
                              I would measure that security by the number of documented successful attacks. Nothing less.

                              PS: I know, I have this morbid fascination with reality.



                              Comment


                                #75
                                Re: Updates and security

                                Originally posted by Ole Juul
                                I would measure that security by the number of documented successful attacks. Nothing less.
                                I'd say that the existence of a security patch is an indication that the system maintainers have discovered a hole in the system. Whether anyone actually managed to take advantage of that hole is very difficult to know.

                                Comment

                                Working...
                                X