|
Description
There seems to be a growing trend of incorrect statements about Linux security being made that should be addressed. Otherwise, we will leave ourselves open to heavy attack in the future. We should also highlight ways to improve your own security.
---Some reasons why we need one?---
*I have seen linux "experts" in ideas (demeaningly) that we don't need Antivirus at all on linux because we fix the vulverabilities, which is totally false. We need it because vulverabilities dont get patched within an hour, and we can still forward viruses on. The point of AV is not to act as a barrier, but to identify when you have been compromised and fix it. People don't seem to realise, images for instance can carry payloads. I don't see any reason why a virus couldn't take over the linux world overnight.
* Highlight some of the security mechanisms in linux and explain them
* Explain risks of dodgy permissions
* Explain in detail while running in root is risky.
* Too many linux oldies see anything Microsoft is doing and say we "shouldn't follow MS", even though its done right (like a security centre). If we don't get over that, we are shooting ourselves in the food. An example is a centralised security centre to analyse everything. Without it, its very easy to overlook some security checks.
* Explain future security features being added to ubuntu (roadmap).
Without proper education, we run the risk of following oldskool Microsoft (who have fixed their ways), and we will look like idiots (thanks to the people who say linux doesn't need AV). We are only secure now because we all mostly know what we are doing, but we should make it easier to educate others, so that we are prepared.
Lets highlight how to be more secure now, to keep us all safer in the future!
Tags:
(none)
Attachments
No attachments.
Duplicates
Comments
|
Auzy wrote on the 15 Mar 08 at 02:20
|
Ahh, and before I hear someone say "OSX doesn't get viruses either" or "linux is running on so many servers", I should point out that many repo's have been hacked in the past, and we shouldn't compare ourselves to Apple.
Steve jobs happily mocks Microsoft security (and they make fun of UAC and Microsoft viruses), but I think they'll find that they are treading in murky waters
|
|
XSP wrote on the 15 Mar 08 at 02:26
|
It's a good point. I want to quote Ramez Hanna on this:
How viruses infect computers?
There is basically two ways that viruses and worms propagate: social engineering, and poorly designed software. Social engineering is the art of conning someone into doing something they shouldn't do, or revealing something that should be kept secret. A user receives an email that looks like its coming from a known company (microsoft for example) and the body of the message informs the reader that the attached file is a critical update that should be applied immediately, OR the email contains an image attachment that turns out to be an executable with an image extension and poof the system is infected. Poorly designed software is seen in software vulnerabilities, bugs or even insecure logic. Poorly designed software makes it easier for social engineering to take place, but such software can also subvert the efforts of a knowledgeable, security-minded individual or organization. Together, the two factors can turn a single virus incident into a widespread disaster.
Let's look further at social engineering. Windows software is either executable or not, depending on the file extension. So if a file ends with ".exe" or ".scr", it can be run as a program (yes, of course, if you change a text file's extension from ".txt" to ".exe", nothing will happen, because it's not magically an executable; I'm talking about real executable programs). It's easy to run executables in the Windows world, and users who get an email with a subject line like "Check out this wicked screensaver!" and an attachment, too often click on it without thinking first, and bang! we're off to the races and a new worm has taken over their systems, using it as a zombie station or worse messing it up from system files to personal files and maybe even kill the system totally. I've seen malware that once executed starts downloading more malware.
Why is linux safer?
Some basic facts first. Permissions on Linux are universal. They cover three things you can do with files: read a file, write to a file, and execute a file. Not only that, they come in three levels: for the root user (who can do anything he likes), for the individual user who is signed in (who would only have access to files he owns), and for the rest of the world. Typically, software that can impact the system as a whole requires root privileges to run because system files are only executable or writable by the “root” user.
So for a Virus to mess a Linux system the following steps should occur, a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. Even as less sophisticated users begin to migrate to Linux, they may not understand exactly why they can't just execute attachments, but they will still have to go through the steps. Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that's about it. So the above steps now become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes.
Conclusion
Security is, as we all know, a process, not a product. So when you use Linux, you're not using a perfectly safe OS. There is no such thing. But Linux establish a more secure footing, one that makes it far harder for viruses to take hold in the first place, but if one does take hold, harder to damage the system, but if one succeeds in damaging the system, harder to spread to other machines and repeat the process. When it comes to email-borne viruses and worms, Linux may not be completely immune - after all, nothing is immune to human gullibility and stupidity - but it is much more resistant. To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it.
|
|
peterjs wrote on the 15 Mar 08 at 06:53
|
AV isn't the solution, by the time you're using it, you've already been compromised, you've already failed. Yes there are zero day exploits, but AV doesn't help you there any as it takes just as long to develop defs as it does to develop a fix, so there's no gain there, beyond being notified that you need to go looking around for other problems after the fact. But unless the user was doing something dumb the worst case is there account was compromised, make a new account, migrate your data, and nuke the old one.
I do how ever think this is over all a good idea because as much as AV isn't the solution, proper education is. A begrudged +1
|
|
Auzy wrote on the 15 Mar 08 at 07:14
|
AV like I said is not a security barrier, but people should not be told there is no point installing it, or they have no way of knowing when they have been compromised. Otherwise, they will patch their systems 3 hours after seeing a ad with a virus attached in firefox, and never realise they belong in quarantine, unless their isp tells them (or their router is set up really restricted).
Its better to find out 3 days after infection that you have sent your credit cards to someone then not having any mechanism at all..
I don't personally use AV, but I know the risks. Many users are telling people AV serves no purpose whatsoever on Linux (even though you can have locked down ports, and may just receive a dodgy pic via email).
This idea works side by side with http://brainstorm.ubuntu.com/idea/1282/
And yes, I guess after reading through all that, user education would be the main purpose. But it also should play a part in establishing facts, because like I said, I've heard too many people say you don't get viruses on linux.
|
|
Eldmannen wrote on the 15 Mar 08 at 17:55
|
Like when you open Synaptic or something, you need to enter a password.
It doesn't say the reason is for security reasons though.
|
Post your comment
|
