not necessarily true
|
Author | Content |
---|---|
hughesjr Feb 24, 2008 4:51 AM EDT |
First off, this article implies that linux users do not need to worry about viruses on Linux ... this is untrue. In fact, linux machines are used as controllers for many of the bot net "groups" in the wild. The Linux Rst-B virus (a six year old virus) is one of the biggest culprits to allowing access. That virus is easily detected, but because many linux people "don't think they need anti-virus software", this virus is still prevalent. This is such a problem that there is a tool JUST to check for that virus on linux: http://www.sophos.com/rst-detection-tool ClamAV can also detect this virus as well and linux users should also scan their linux boxes regularly with ClamAV as well. This is not real time protection, but it is plenty good enough since Linux is much less vulnerable (currently) than Windows to viruses. (Before someone accuses me of FUD ... I am one of the CentOS developers and I love and use linux exclusively as my desktop. The real issue is that Linux users do need to be concerned about viruses) |
tuxchick Feb 24, 2008 7:22 AM EDT |
Ahoy, a captive dev! hughesjr, have you heard any rumblings in the force about adding RAID10 support to the installer? RAID0, 1, and 5 are soooo last millennium. Thanks for the virus comments. I know I indulge in snootiness when the subject comes up :) |
Bob_Robertson Feb 24, 2008 8:45 AM EDT |
I recently wrote a short article for a e-zine which will have a themed issue on "Viruses, Tapeworms and Trojans" because the publisher's wife got an infection which and-I-quote "Cost her a month's worth of work" and pissed him off. In it I mention that *nix systems are not immune, they just inherently raise the bar for infection higher than such ugly morasses as MS Windows. Now that I've finally tried ClamAV, and see how easy it is to set up and install, and integrate into Kmail (since that's what I use), I'll be adding a note to that effect to my little contribution. I'll also be submitting that week's e-zine to LXer for putting on the front page. I think it will be worthwhile and interesting. |
herzeleid Feb 24, 2008 10:18 AM EDT |
@ hughesjr > In fact, linux machines are used as controllers for many of the bot net "groups" in the wild. I read just recently how linux boxes are "highly prized" as botnet controllers, since their power and flexibility makes them ideal for the sort of sophisticated command and control functions required to direct massive botnets. What comprises these botnets? Windows boxes are routinely scooped up by the millions and put to work in such massive swarms, and are rented out for sending spam, performing DOS attacks and all sorts of other wacky shenanigans. OTOH it's a heck of a lot harder to capture linux boxes, as they are immune to all the windows viruses and other pc-specific malware. The anti-virus companies trot out a few obscure examples of linux "viruses", but such laboratory examples have rarely if ever managed to spread in the wild since they can't seem to get any traction. The difficulty of capturing a linux machine further enhances the "highly prized" status, thus escalating the stakes in the cat and mouse game of security; with clever and persistent attackers, and complacent system administrators, anything is possible, so it's no surprise that some linux systems have been compromised. The Morris worm of 1988 was an example of some clever programming which exploited specific sendmail features in the open and trusting academic atmosphere of the early internet to spread itself, but such malware activity in the unix world has been the exception rather than the rule. Nowdays, default linux configurations "out of the box" have been been presenting increasingly hard targets. With services turned off by default, privileges minimized and compartmentalized, and draconian iptables rules in effect by default. The problem is third party apps installed after the fact, which often open up large opportunities for attackers and are the most common vector for exploits. All internet computer users need to be aware that there are all sorts of threats, that the internet is not the garden of eden, but rather a jungle. But ignorance of the details and advantages of the linux security model is just as counterproductive as the notion that any OS is invulnerable to attack. Sure there are dangers everywhere - but knowing what I know about the dangers out there, my choice is linux over windows, hands down. It's not even close. |
Bob_Robertson Feb 24, 2008 11:08 AM EDT |
> Sure there are dangers everywhere - but knowing what I know about the dangers out there, my choice is linux over windows, hands down. It's not even close. Beautifully said. |
hughesjr Feb 24, 2008 2:46 PM EDT |
@ herzeleid > Absolutely, in comparison Linux is by far better than windows where viruses, trojans, and malware is concerned. A windows machine makes it a week (at most) with no anti-virus software. The time would likely be less than that if it is directly connected to the internet (instead of being connected through some kind of physical firewall). Not all of these machines will become botnets, but the majority will encounter some kind of spyware or virus infection. Even with the best anti-virus and spyware software and fairly good security habits a windows machine will likely need cleaning a couple times a year to remove some virus or spyware infestation. Linux, on the other hand, is much less affected. However, much less affected does not mean to install and forget :-D. The recent "JS Toolkit" issues on Linux and Apache are another problem that people need to be aware of and to look for: http://www.cpanel.net/security/notes/random_js_toolkit.html All that being true, weekly scans of workstations and weekly or monthly scans of servers with ClamAV and/or chkrootkit are certainly warranted ... especially on machines without a physical firewall between them and the internet or on machines that are purposely run as internet servers. I would also certainly recommend Linux over windows in all possible instances on the basis of security, no doubt about that. |
hughesjr Feb 24, 2008 2:53 PM EDT |
@ tuxchick > Fedora 8 has RAID10 in anaconda, so I would imagine it will be in CentOS-6 as well when it is released. I would not expect them to roll it back into the EL3, EL4 or EL5 products though. |
herzeleid Feb 24, 2008 3:06 PM EDT |
@ hughesjr > The recent "JS Toolkit" issues on Linux and Apache are another problem that people need to be aware of and to look for: Thanks for the link, I had been following that and was curious what it turned out to be. |
Sander_Marechal Feb 24, 2008 9:41 PM EDT |
Quoting:In fact, linux machines are used as controllers for many of the bot net "groups" in the wild. True, but those Linux machines are not enslaved through a virus but through old-fashioned cracking. Anti-virus software doesn't save you from a cracker attempting to exploit your system. Standard security utilities like DenyHost, iptables, rootkit hunter, SE Linux and SSH certificates do. |
gus3 Feb 24, 2008 10:27 PM EDT |
The Linux systems not "enslaved" at all. The botnet herd (compromised Windows machines) connects to covert IRC servers (e.g.) and wait for orders from the controller. The controller is usually running Linux, and it's probably clean. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!