Micro Mart Forum / Linux Mart / Micro Mart Forums / Linux Security / Latest Posts

RE: Linux Security

malc_wright — Sun, 10 Aug 2008 13:40:07 GMT

Hi Dave

We could do with trying to spruce up that quote of yours:
[quote]As usual the biggest security threat to anyone is between the seat and screen [/quote]

It doesn't yet have the same ring as 'The most unreliable nut in a car is the one holding the steering wheel.'

Here's an effort from me, but I'm sure there are more gifted forumites who will do better:

'The biggest computer security threat is the random input device attached to the mouse and keyboard.'

RE: Linux Security

ricedg — Sun, 10 Aug 2008 00:26:49 GMT

In the context of most Forumites as it's a different world in business:
Most "Home" NAS boxes use Linux/Samba and you can't install any executables on them.
That would be their Achilles Heel in your arguement?

The Windows client detects a virus on a file stored on the NAS box:
Either delete the file or have the AV clean it up and write it back.

TBH I've not seen any "document" virus on Wndows for at least 3 years.
Viruses are just abour dead, we need AV to cope with any legacy stuff washng about.
"Spyware" is where it's at and that comes via clicking or windows security holes.

As usual the biggest security threat to anyone is between the seat and screen :P

RE: Linux Security

malc_wright — Sat, 09 Aug 2008 23:23:37 GMT

Hi Dave

I agree that ClamAV isn't a cutting edge anti-virus, and the client windows PC should be fending for itself with regard to having its own anti-virus installed. The Windows anti-virus will almost certainly be more effective at spotting and dealing with Windows virii than a Linux system which has no native need for such protection.

However if you happen to be running a Home Linux server, CalmAV could be considered a first line of defence, it might also stop repeat infections of client windows machines.

One of the most frustrating things I can imagine would be to keep getting repeat infections of the same virus simply because your Linux server hadn't been inoculated and/or its anti-virus to protect the Windows client machines was too out of date or simply missing.

RE: Linux Security

ricedg — Sat, 09 Aug 2008 22:37:44 GMT

[quote]it's best to install something like ClamAV in order to protect the Windows machines[/quote]

I've always viewed this as a waste of resources.
A Windows machine needs to be running AV even if the F&P server is Linux as there are other ways to get files onto the PC i.e. USB stick, etc.

However, a belt and braces approach has much to commend it.
Re ClamAV, I thought this was aimed at email servers rather than PCs?
Also it doesn't fare well in the AV tests.

RE: Linux Security

malc_wright — Sat, 09 Aug 2008 22:09:29 GMT

I have read elsewhere and numerous times that the first thing windows tries to do with a file when you click on it is to 'execute' it i.e. run it as a program, and it is only after failing to do so that Windows offers the various options of 'open with'.

In Linux you simply ensure that areas of your file system have their permissions set as 'no executables', this is normally set as the default by most Distros' covering partitions/folders including /Home.

That means that writing a virus for Linux, you need to place an executable file into a partition or folder which allows executables to be run.

Then for a next line of defence the self same partitions that allow executables to be run are write protected, and you can only place an executable into such an area if you invoke 'Root' privileges.

This is why you're discouraged from logging in as Root, as any attack whilst you're logged in as 'Root' if it breaches the normally inbuilt firewall will have 'Root' privileges.

The Linux file system is described as a Tree.

There is the saying 'Those who play with the 'Root' can destroy the Tree.'

So unless you happen to be running a Linux distribution which has 'Dumbed' down to the Windows security model where all users have 'Administrative' or 'Root' privileges, then Anti-virus is not needed. Then again if the machine running Linux is on a network with Windows machines and is being used as a file server or such like, it's best to install something like ClamAV in order to protect the Windows machines.

It is possible for a Linux server to be a 'carrier' of Windows viruses, as its security model described, in part, above makes it immune from windows viruses.

Hope this is a fuller easy to understand explanation of the key differences between Windows and Linux security models/vulnerability.

RE: Linux Security

Grenville Grimace — Thu, 07 Aug 2008 18:29:25 GMT

[quote][b]columbo77 (07/08/2008)[/b][hr]Ok, I have a few distros running now and no security on any of them?[/quote]
I really like the fact that my cpu runtime is 100% available to run my software, without being leeched away to run AV or a firewall... :)

For the newbie coming to Linux from Windows, probably one of the hardest parts is coming to terms with the fact that the Linux security model is just so much more robust.

There are few viruses for Linux. The fact that there are so many different versions (distributions) of Linux, basically the same but with small but important differences, makes it hard for the virus writer. Not only are you running in a limited account (unlike Windows), you simply never log in as root. This limits the possibilities for any virus to install itself.

For viruses to spread, they need to run/need to be executed. Simply put, Windows viruses don't run on Linux. At best, infected files can be passed on (eg a Linux mail server delivering mail to Windows clients, or a Linux file server serving files to Windows clients). Only in those circumstances, running anti-virus software on a Linux system makes sense.

Personally, I use the excellent ClamAV to scan any downloads I might conceivably want to pass onto a Windows box. Likewise, I would scan incoming email for Windows nasties, because I would hate to pass on an infected file attachment to a Windows using friend. (It's only polite to help protect those who are less fortunate than ourselves.)

As for a firewall, I have to say that I don't bother - I hide behind my broadband router, which should be more than sufficient. One couldn't hurt for a dial-up connection and could be easily installed. Likewise, a firewall might be a good idea on a lappie which is to be connected to strange wi-fi hotspots. (That said, I was enjoying a pint of Guinness in J.D. Wetherspoons, while browsing the net with my new eee on their free wi-fi just the other day... And very nice it was too, even without a firewall... Mmmm, Guinness... :doze: )

RE: Linux Security

wyliecoyoteuk — Thu, 07 Aug 2008 16:20:14 GMT

A tool which checks for common exploits (changed system files, backdoors, etc) [url=http://www.rootkit.nl/projects/rootkit_hunter.html] here [/url]

RE: Linux Security

columbo77 — Thu, 07 Aug 2008 16:12:49 GMT

What is that and where do I get it?

Columbo

RE: Linux Security

wyliecoyoteuk — Thu, 07 Aug 2008 14:24:45 GMT

I agree with most of the above comments.
If you are behind a router, and you don't leave ports open, you are generally safe, BUT it does not do to be complacent.

I run network servers,and we run rkhunter on a Cron job just to be sure.
It is worth downloading it and running it to see what it says.(but don't freak if it reports something, there can be false positives)

RE: Linux Security

Basil — Thu, 07 Aug 2008 13:21:12 GMT

You already have netfilter (the project was merged with the kernel from 2.3 onwards) so you have a firewall of sorts, just not a very friendly one to configure.
Firestarter will provide a GUI interface for configuring the firewall and should be in the repo's.
ClamAV is free (beer and speech), AVG still offer a Linux version of 7.5 free and Panda also offers a freeware AV but I wouldn't bother if I were you.

RE: Linux Security

ricedg — Thu, 07 Aug 2008 12:59:00 GMT

Basically there is no need of either, but read the article linked to for more details.

RE: Linux Security

columbo77 — Thu, 07 Aug 2008 11:41:54 GMT

Page wont load! I't might be work net though, will try at home.

Columbo

RE: Linux Security

gn2 — Thu, 07 Aug 2008 10:43:48 GMT

[url=http://ubuntuforums.org/showthread.php?t=510812][b]Have a read of this[/b][/url].

Linux Security

columbo77 — Thu, 07 Aug 2008 10:16:00 GMT

Ok, I have a few distros running now and no security on any of them?

Do I need it?

Can anyone tell me a free distro for Firewall and Anti Virus, prefferably got through apt-get

Cheers

Columbo