[bigk]

Hey every one,

I plan on dual booting Windows XP and Linux Ubuntu on the same machine. I have two hard drives:

160 gig = Windows XP

40 gig = Linux Ubuntu

If I did all my browsing on the Linux operating system and come across some spy ware on a web site. Will the spy ware transfer to the Windows portion since the spy ware doesn't affect the Linux operating system? Or will the spy ware just stick to the 40 gig drive and never touch the 160 gig?

Bigk

[CouchMaster]

Nope, most spyware will bounce off of Linux like bullets off of Supermans chest.
That may change in the future as Linux becomes more popular though...

[lotuseclat79]

Generally speaking, what CouchMaster said, provided you get all of the latest security updates for the Linux Ubuntu and separately the WinXP OSes.

-- Tom

[fenderfreek]

To my knowledge there are no spyware programs at all in the wild that are written for Linux. the only way to get malware of any kind on a Linux box is to do it manually. Even if one got into your computer by some remote chance, it would have all but absolutely no way to access your windows drive.
The only way you could infect a Windows system from a Linux system is to do it yourself, intentionally.

[lotuseclat79]

Hi fenderfreek,

Lets just say that "to your knowledge" since you are a computer science student or that your security knowledge is a work-in-progress at this point in time with what you know currently. Best wishes for an exciting career when or before you graduate.

Here is a link to a Linux security FAQ that should prove worthwhile for anyone wanting good advice on Linux security. Its a very good starting point for anyone:
http://www.linuxsecurity.com/docs/colsfaq.html

-- Tom

[fenderfreek]

The article mentions the very limited assortment of viruses for Linux, and rootkit trojans, both of which I am aware of, but are there any malicious programs that get on your computer any other way than manually installing them?
When I said that there weren't any in the wild, I was referring to programs that were floating around that could be inadvertently downloaded and/or installed. Like I said, as far as I know, there aren't any like that, but if there are, I'd like to know about them.

[lotuseclat79]

Hi fenderfreek,

Its not so much whether they are in the wild, but how vulnerable any one distribution of Linux may be. Granted, Linux currently is less vulnerable than Windows, however, projections earlier this year indicated that rootkits are rapidly rising to the top as the preferred way to infect a vulnerable machine - by 2008 some 80% are predicted.

As far as Linux vulnerabilities, checkout this webpage at CERT (which lists 83 vulnerabilities in various LInux distributions), and also note the advisory about gzip vulnerability on the CERT home webpage: http://search.cert.org/query.html?rq...ertadv&x=0&y=0

Usually, getting infected is as easy as visiting the wrong place on the Internet, whereas the main issue is not necessarily a malicious program getting onto your machine, but fixing the ones with flaws that could aid anything getting onto your computer (by virtue of the flaw) and thus infect your computer.

-- Tom

[fenderfreek]

I see. Thanks for the insight!

[prunejuice]

Anyone doubting the superiority of Linux security should spend 5 minutes on the
Windows OS forums here.

~~~shudder~~~

[lotuseclat79]

Hi prunejuice,

I wouldn't be so quick to conclude that Linux has superior security. Consider that unless security is designed in from the start, then security as an afterthought is too late - case in point = Windows security. Also, consider that Linux is not yet as much of a target as Windows has been. Being less of a target does not make an OS's security any better than the OS which is more targeted by malware.

Security is either an inherent feature designed into the system or is non-existent.

Some versions of Linux do security better than others, but I would hardly call that a superiority. Real superiority comes from designed-in intrusion resistence or proofing of the software.

Agreed, security in existing Windows OSes is weak due to its design flaws, however, Vista may reverse that.

-- Tom

[prunejuice]

Quote:

Originally Posted by lotuseclat79

Also, consider that Linux is not yet as much of a target as Windows has been.

I hear that arguement all the time.

Linux file systems and permission controls are what keeps it ahead of Windows security wise.

In the Linux community, we get patches amazingly fast, while Microsoft releases patches for their poorly coded platform...what?...monthly?

Maybe better with Vista, but this horse has already bolted from the barn.

[bigk]

Quote:

Originally Posted by prunejuice

In the Linux community, we get patches amazingly fast, while Microsoft releases patches for their poorly coded platform...what?...monthly?

Actually Microsoft use to split out patches let and right any day of the week. That all changed one day.............................


I believe I was watching "The screen savers" on techtv. (Before g4 bought them) and the host would always talk about these patches that Microsoft would put out. They would always say some thing like "These are critical patches and you need to update as soon as possible." Then 4 days later they would say the same thing and mention some thing about another one of Microsoft's patches. Well, the ceo of Microsoft owns techtv (from what I heard) and Microsoft didn't like that "The screen savers" kept talking about these patches. So Microsoft started making it where the patches would be released every other week or so and be bunched up in a package. So instead of downloading the patches every other day during the week they would pick out a certain day and release them all on that one day.

Bigk