Is Linux really secure? Experts, please advise

AbvAvgUser · 11-Mar-2004, 02:11 AM #1

What is the likelihood of something like this happening on a stand alone Linux System?

- A user (not root) connects to the net and gets infected with the virus.
- The Virus can't do much of a damage because it doesn't have permissions.
- Later the root logs in and accesses the some infected file (and now there are a lot of permissions to modify the files).
- Now the Virus starts its activities and completely infects the system.

If this is possible, how can any one presume that a Linux system is secure when one connects to the net as a user? The infection just gets delayed by some time.

Is Linux Really More Secure Than Windows?
http://itmanagement.earthweb.com/sec...le.php/3086051

evilmrhenry · 11-Mar-2004, 03:47 AM #2

Quote:

What is the likelihood of something like this happening on a stand alone Linux System?

It is possible, but more difficult than in Windows, where two of your steps are not needed.

Notes:
1: In general, the root user doesn't access the same files as a regular user.
2: People *should* enter immediately into paranoid mode whenever they enter root. Doesn't mean they will, but then people who don't would have been infected already on Windows.
3: since everything is in text files and directories, it is difficult to hide a virus. Due to logging, it is even harder. A virus would need to do actual infecting of a binary, something that is not common in the Outlook worm world.
4: many Linux systems are in companies, where the user is not allowed root access.

In conclusion, while Linux viruses are possible, the system they are attacking is inherently more resistant, which would likely decrease infections by an order of magnitude (aside from the marketshare issue).

AbvAvgUser · 11-Mar-2004, 07:07 AM #3

Ok. Thanks for your opinion. Just got hold of a new Anti Virus for Linux. Its called ClamAV

Squashman · 11-Mar-2004, 09:35 AM #4

If you are logging into your Linux system as root the majority of the time, I am going to come and slap you around like a Red Headed Step Child!

I cannot think of too many things that I have to login as root to do. And on my systems, root can only login at the console and only on 3 ttys'. The majority of admin things can be done using SUDO if you have it installed and configured.

I have a 30+ page ISO document that I use for installing, configuring and securing my Linux box to the best of my knowledge. I always recommend everyone to take a class on Linux.

AbvAvgUser · 12-Mar-2004, 01:07 AM #5

Please don't hit me uncle!!

My Linux installation is on a standalone machine. So I am the root, I am user, I am everything. So I hardly ever log in as root. But every time I use Kppp dialer, it asks for the root password. As soon as the window comes up, I click on keys and tell it to forget authorisation.

But then I would seriously want to have an efficient AntiVirus software. I would surely feel unsecure without it. May be I am so used to one because of working on Windows for a long time

I really am not comfortable with "inherently secure" propoganda.

lynch · 12-Mar-2004, 05:29 AM #6

Quote:

But then I would seriously want to have an efficient AntiVirus software. I would surely feel unsecure without it. May be I am so used to one because of working on Windows for a long time

I get that.

But we've already discussed this so I wont rehash old conversations.

If you want to stop the root login prompt for kppp, I have this from my files:

Code:

Here is the way to keep kppp from asking for a root password:
1. Change the following line in the file /etc/pam.d/kppp from:
#auth sufficient /lib/security/pam_rootok.so
to:
auth  sufficient /lib/security/pam_permit.so
You must do this with a text editor as root.

HTH
lynch

AbvAvgUser · 13-Mar-2004, 01:36 AM #7

Thanks for the tip. Although I don't mind the need to enter root password everytime. That will prevent some other occassional users (friends, cousins, etc.) from dialing in without my permission.

Sting3R · 14-Mar-2004, 07:48 AM #8

I am an intrusion analyst for the government...one tool we use is "stinger tool"...it will wipe out any virus or worm you may have that is buggin ya....another thing to do also is QUIT LOGGING IN AS ROOT.....I also run a packet sniffer on my linux box at home and also Snort 2.0.....another thing to viruses are the least important threat out there in the wild.....make certain your ports are secure and you are running some kind of defense.

Squashman · 14-Mar-2004, 10:43 AM #9

Quote:

Originally posted by Sting3R:
I am an intrusion analyst for the government...one tool we use is "stinger tool

Correct me if I am wrong, but isn't stinger used for Windows.

Sting3R · 14-Mar-2004, 10:54 AM **#10**

true but we also have a copy engineered here for a unix environment

Squashman · 14-Mar-2004, 11:09 AM **#11**

Quote:

Originally posted by Sting3R:
true but we also have a copy engineered here for a unix environment

Have you guys open sourced it. That would be very useful. Does it run from the command line.

Sting3R · 14-Mar-2004, 11:19 AM **#12**

I know we havent open sourced it but I will check with the engineers on monday and see what the status is.....and yes it runs from a command line...they are working on a gui for it

AbvAvgUser · 15-Mar-2004, 12:49 AM **#13**

Quote:

make certain your ports are secure and you are running some kind of defense

That is why I have been inquiring about an AntiVirus for Linux.

Thanks for all your input on the topic.

deuce868 · 15-Mar-2004, 11:45 AM **#14**

ClamAV is supposed to be very nice. I know the LUG members around here all use it faithfully on several networks.

AbvAvgUser · 16-Mar-2004, 12:52 AM **#15**

Thank you for increasing my faith in ClamAV. I can now be somewhat more assured as and when I install it. I have Red Hat 9 and I am about to upgrade it to some other version called PCQLinux 2004

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)