The repos are very safe, by that i mean the universe repos that come with ubuntu. i don't know about the safe-ness of the multiverse and other user-added repos. they're are probably safe, but, you never know...

For those of you running 5.10, I'd be more worried about your system install logs than I'd be worried about virus and spyware threats.

If you're running 5.10, sudo apt-get update is essential.

For those of you running 5.10, I'd be more worried about your system install logs than I'd be worried about virus and spyware threats.

If you're running 5.10, sudo apt-get update is essential. sudo apt-get update only updates the list of what's available. You need to subsequently do sudo apt-get dist-upgrade to actually apply new security patches.

sudo apt-get update only updates the list of what's available. You need to subsequently do sudo apt-get dist-upgrade to actually apply new security patches.
I thought "sudo apt-get dist-upgrade" was to upgrade your distribution (version)???

I thought "sudo apt-get dist-upgrade" was to upgrade your distribution (version)??? That's what I thought for months until some more experienced users set me straight.

sudo apt-get upgrade will upgrade the programs you already have installed to the newest version available in the repositories.

sudo apt-get dist-upgrade will upgrade you to the newest version of ubuntu-desktop, kubuntu-desktop, and/or xubuntu-desktop--which will tend to give you newer versions, but it may also add and remove certain packages that are considered "better" than previous ones (not just different versions of the same package.

This is what's called a "Smart upgrade" in Synaptic Package Manager, and it can be done all the time, not just when you're moving from Hoary to Breezy or Breezy to Dapper.

I meant upgrade, not update.

So, if I do the "sudo apt-get dist-upgrade", that won't affect my ubuntu 5.10?
Can I do it if other programs are on?

So, if I do the "sudo apt-get dist-upgrade", that won't affect my ubuntu 5.10?
Can I do it if other programs are on? It'll affect your Ubuntu (you want it to), but it will not upgrade you to Dapper unless you change your sources.list. And, yes, you can do it while programs are on.

It'll affect your Ubuntu (you want it to), but it will not upgrade you to Dapper unless you change your sources.list. And, yes, you can do it while programs are on.
Thanks for the reply!
I did sudo apt-get update
followed by sudo apt-get upgrade
followed by sudo apt-get dist-upgrade
and it was a smooth process and I got my packages updated!

You can actually leave out sudo apt-get upgrade and just do sudo apt-get dist-upgrade by itself.

Now, about viruses again (since that is the name of the thread :)), I have heard that if you share your linux box with a windows box with, let's say, samba, you might get a virus.
1) How is this possible? I thought windows viruses coudn't affect a linux box because of different architectures or something (I don't know the right vocab term :???:)

2) Concerning firewalls, I have firestarter installed and it's set to "permissive by default." Should I change that to restrictive by default, and then what services should I allow?

I think I might compile an article about ubuntu security mainly using this thread but I also need any other help possible!

You can actually leave out sudo apt-get upgrade and just do sudo apt-get dist-upgrade by itself.
Thanks for the tip, I'll keep it in mind. 8)

So, anybody fell like reading this cool thread...;)

Now, about viruses again (since that is the name of the thread :)), I have heard that if you share your linux box with a windows box with, let's say, samba, you might get a virus.
1) How is this possible? I thought windows viruses coudn't affect a linux box because of different architectures or something (I don't know the right vocab term :???:)


There has recently been a new virus which can run on Windows and Linux (reportedly). I don't know how it would work, but this is what I gather:

1. The hacker would have to be very clever to figure out how to do it
2. The virus would have to be written specially to run on both platforms, as the way a programmer interfaces with Windows is different to the way he/she interfaces with Linux
3. The virus would only work on Windows and x86 Linux (not PowerPC, ARM, SPARC, etc).

By using Samba or e-mail, you can recieve normal Windows viruses, but they won't be able to do anything on your Linux box.

goodness, this debate still is going on?!

Let's just say that maybe his family (mom, grandma...whatever) was running M$ and he forwarded a funny picture that had some worm. Wow, now his family is infected because _simon_ didn't care about spreading viruses. It's not his problem, because grandma didn't know that her AV is out of date. Of course the rebuttal is "Well, I spread the wonders of Linux to my family".

sorry, I needed a quick laugh.

well, the basic idea of "use av to protect other people" is nice - as long as you make the assumption that using av on linux has no cost. but the fact is, running av to scan your crap all the time takes a hit on the system resources, so that "helping other people" bit has a direct cost to you.

one of the (many) reasons i switched my main desktop environment to linux is to get away from having to run antispyware+antivirus and have it eat my system resources. so, frankly, i am not gonna run av for the hypothetical case of accidentally spreading windows viruses.

oh, and well, i never forward **** around either, so it's kind of a moot point in my particular case. but my basic point is that running av is not costless, so those who are on the side of letting other people take care of their own computers have a valid point.

p.s. and besides, when was the last time you forwarded anna kounikova naked pictures to your grandma, you sicko? :D

Now, about viruses again (since that is the name of the thread :)), I have heard that if you share your linux box with a windows box with, let's say, samba, you might get a virus.
1) How is this possible? I thought windows viruses coudn't affect a linux box because of different architectures or something (I don't know the right vocab term :???:)
well, you can "get" a virus, as in have the file sitting on your computer, but it will not actually affect your linux system, because it can't run.

2) Concerning firewalls, I have firestarter installed and it's set to "permissive by default." Should I change that to restrictive by default, and then what services should I allow?
well, your desktop system should generally not be running any services at all... so if you have not explicitly installed any services on your comp, there is nothing to allow.

So, nanotube, you're saying to put it on restricted by default (all I have in concern with sevices is samba)?

So, nanotube, you're saying to put it on restricted by default (all I have in concern with sevices is samba)?

if your concern with samba is to be able to connect to others to get their files, rather than let others connect to you and get your files, then yes, restrictive by the default should be fine. otherwise you should still put it on restrictive, but specifically allow the samba ports incoming. :)

if your concern with samba is to be able to connect to others to get their files, rather than let others connect to you and get your files, then yes, restrictive by the default should be fine. otherwise you should still put it on restrictive, but specifically allow the samba ports incoming. :)
Okay but when I put restrictive by default, firefox won't load any page!

Okay but when I put restrictive by default, firefox won't load any page!
heh, that's a clear sign that i am wrong, and you should not do that, then, isn't it? :)

i myself do not use firestarter, i use iptables directly. i assumed that 'restrictive' in firestarter meant not to allow anything incoming. i suppose i was wrong and it means not to allow anything either way...

well, one thing you can do is to look at the link in my sig, and go to the setting up a firewall section, and it will tell you how to set up a nice one using iptables.

or, if you want to use firestarter, search these forums about it, or start another thread about it. :)

heh, that's a clear sign that i am wrong, and you should not do that, then, isn't it? :)

i myself do not use firestarter, i use iptables directly. i assumed that 'restrictive' in firestarter meant not to allow anything incoming. i suppose i was wrong and it means not to allow anything either way...

well, one thing you can do is to look at the link in my sig, and go to the setting up a firewall section, and it will tell you how to set up a nice one using iptables.

or, if you want to use firestarter, search these forums about it, or start another thread about it. :)
Okay, and thanks for all your help

well then, my conclusion so far to the question "is ubuntu really safe?" is
YES! in most respects.
The chance of getting a virus is so damn small that it's like one out of a trillion chances, and not even that.
Spyware could be a slight problem, but nowhere as much as in windows, plus you can download all sorts of firewalls.
If you have samba for sharing files between a windows pc and a linux computer, you might want to run antivirus on your linux box to prevent the windows pc from getting a virus, not to see if there's a virus in linux because there virtualy are none! The only ones that have ever been found were in closed off networks and probably created by the user.

I just thought I'd add my two pence/cents/whatever.

With regard to getting a virus, yes the chance of getting a virus which will actually run on linux is so small its not really worth mentioning but I guess I could see it happening in the future (maybe... I guess...). The real point is how it would effect your system?

The Windows User

So Joe blogs gets an email, with an attachment claiming to be holiday photos. Because he is a trusting kinda bloke he opens it and double clicks the attachment. It runs the virus which then copies its self into the system restore area (a 'protected' system area) and no antivirus can shift it! It then makes a load of registry startup keys so it will run whenever windows starts up (whilst quietly sneeking up behind Mr Norton and stabbing him in the back and then cleaning up the blood and leaving his body there so Joe Bloggs doesn't notice).

The thing this virus loves is company and it proceds to download a load of friends and a week later Joe can't use his pc. It takes a good ten minutes to start up and log on and then he gets inundated with so many popups that explorer crashes. Poor Joe can't understand it as 'norton is still running and says its fine'.

Now why wouldn't all this happen in ubuntu/linux, well read on...

The Linux/Ubuntu user

Joe gets the email and decides to double click on the attachment what happens? Well it would probably opens gedit and shows him a load of jibberish (if it could read it at all). Why? becuase when you download or otherwise 'aquire' an executeable file, you need to actually change the file's permissions so it can actually run! The default permissions are to allow reading and writing of the file but NOT to execute it.

Say for the sake of argument he manages to change the files permissions without knowing (?) and run it. Whats the worst that can happen? It runs and does untold damage to his home directory - but THATS IT! Why? Because to do any damage to the rest of the system it would have to have the root password! Worst comes to very worst all he has to do is wipe his home folder and start over (or create a new user etc, etc.) Which, all things considered is a lot better than haing to do a format/reinstall of your os.

i am not an expert by any means but i was told that linux is still vulnerable to buffer overflows, this is i think a troyan of sorts. i would like to learn form the experts if its true and what is the best way to aproach to protect from an attack of this nature.
thanx:KS

i would like to learn form the experts if its true and what is the best way to aproach to protect from an attack of this nature.

Yes, Linux can get broken into. You just have to find an exploit and take advantage of it. That being said, it's not easy to exploit vulnerabilities.

I've been in two cyber defense competitions where a group of internet security professionals tried to break into our networks and in the first one I saw them root a Win2K3 server in about 11+ hours and in the second they rooted an FC4 box in about 8 hours. These were sort of unrealistic settings because someone trying to break in won't do a complete brute force attempt initially because they're easy to catch if you're monitoring traffic.

As long as you keep everything up to date you shouldn't have any problems.

cool. by running dapper im probably safe then.
thanx:KS

cool. by running dapper im probably safe then.
thanx

You are safe, not probably. Unless of course you click on a message that says, 'we need your root password to inusre your safety. Please give it to put it in the box below and click send.' :lol:

The same way a hacker drops packages in Windows Update all the time... or are you telling me there was some other reason I got that malware on Windows? :p

The package lists carry an MD5 checksum for each package which is checked.
The package lists themselves have to be signed with a GPG key that was distributed on your installation medium (CD). If the signatures do not match, you get an error.

So, even if an attacker gains access to the repository store, he would not yet be able to inject malicious packages.

Now, about viruses again (since that is the name of the thread :)), I have heard that if you share your linux box with a windows box with, let's say, samba, you might get a virus.
1) How is this possible? I thought windows viruses coudn't affect a linux box because of different architectures or something (I don't know the right vocab term :???:)

2) Concerning firewalls, I have firestarter installed and it's set to "permissive by default." Should I change that to restrictive by default, and then what services should I allow?

1) you cannot 'get' the windows virus on your Linux box. But if you copy the files over, you do off course have an inactive version of the virus, if you send it out by mail (manually), you can spread it though.

2) Set it to restrictive for inbound connections, by default you shouldn't need to allow any services in. I would leave permissive for outbound though, unless you know what you are doing.

There has recently been a new virus which can run on Windows and Linux (reportedly). I don't know how it would work, but this is what

That is actually a hype with a lot of wrong information about it.
What they created was a piece of cross-platform code which ran on both Linux and Windows. What they didn't create was a cross-platform virus. The program lacked the single defining capacity that makes a virus a virus, it does not automatically replicate.

On Linux, you have to download it, chmod +x and run the program *manually*.
It could spread as an E-mail virus, but we lack the solid virus propagation toolkit, aka Outlook.

one of the (many) reasons i switched my main desktop environment to linux is to get away from having to run antispyware+antivirus and have it eat my system resources. so, frankly, i am not gonna run av for the hypothetical case of accidentally spreading windows viruses.


Indeed. Besides, the easy solution to this is to have scanning/filtering done on the mail server (which most ISP's offer today, most of them for free).
So, if the virus still slips through, it is hardly the fault of the Linux user forwarding it unsuspecting (which I have never seen any evidence of).

Okay but when I put restrictive by default, firefox won't load any page!

Did you put restrictive on outbound filtering? If so, no outgoing connections will be allowed except those you whitelisted.

i am not an expert by any means but i was told that linux is still vulnerable to buffer overflows, this is i think a troyan of sorts. i would like to learn form the experts if its true and what is the best way to aproach to protect from an attack of this nature.
thanx:KS

Linux is vulnerable to this type of attack, but only off course in specific places.
That is why it is so important to patch as soon as a fix is out.

There are projects on the way to stop this kind of attack (or contain it). Examples are SELinux (or AppArmor) and PaX. SELinux is compiled in on Ubuntu, but the policies do not exist, making it rather useless at this time. You could create them though if this is important for you.

That is actually a hype with a lot of wrong information about it.
What they created was a piece of cross-platform code which ran on both Linux and Windows. What they didn't create was a cross-platform virus. The program lacked the single defining capacity that makes a virus a virus, it does not automatically replicate.

On Linux, you have to download it, chmod +x and run the program *manually*.
It could spread as an E-mail virus, but we lack the solid virus propagation toolkit, aka Outlook.

Ahh okay. Still, it's cross-platform malware; and the same idea could possibily be used to write a true virus. You'd still need social engineering on Linux, which would be virtually impossible given the security-conciousness of the average Linux user.

Ahh okay. Still, it's cross-platform malware; and the same idea could possibily be used to write a true virus. You'd still need social engineering on Linux, which would be virtually impossible given the security-conciousness of the average Linux user.

That's correct. They should trick the user into running the program (which takes a lot more than just double clicking on Linux) or they have to create a worm that attacks a specific vulnerabilty, which is not that easy since Ubuntu has no open ports by default.

That's the beauty off software diversity though.

which would be virtually impossible given the security-conciousness of the average Linux user.

I wouldn't say that, a lot of users are starting to use Ubuntu with basic computer skills (which is fine).

But the fact that a default install has no open ports goes a long way.
If you run XP but leave Outlook and IE alone, that goes a long way in improving your overall security, even without security training.

You'd still need social engineering on Linux, which would be virtually impossible given the security-conciousness of the average Linux user.

Just create a .deb of the latest and greatest software which everybody wants, build into it a few nice surprises and offer it to people here.
The average user of this forum can hardly be called security-conscious.

Just create a .deb of the latest and greatest software which everybody wants, build into it a few nice surprises and offer it to people here.
The average user of this forum can hardly be called security-conscious.

Actually noticed this the other day. Files attached to the forum or downloadable from some unknown website linked to from a guide.

You must be a real egit to blindly install anything you are shown a link to. Bottom line is people don't think for themselves anymore. Herd mentality prevails...

Just create a .deb of the latest and greatest software which everybody wants, build into it a few nice surprises and offer it to people here.
The average user of this forum can hardly be called security-conscious.

The average user is not going to use anything other than Synaptic. I don't see the repositories being able to harbor something with some surprises in it. And as for .deb, most of them are not going to go out of their way to use it.

You must be a real egit to blindly install anything you are shown a link to. Bottom line is people don't think for themselves anymore. Herd mentality prevails...

The problem is also that windows has trained them to do so. We even get questions here to replace apt with downloadable executable files that install when clicked... It's supposed to be easier (can you believe that).

If you insist on downloading software from untrusted sources, there is no magic in the world that can prevent damage to your system.

Did you put restrictive on outbound filtering? If so, no outgoing connections will be allowed except those you whitelisted.
well i don't exactly know what to whitelist, as im not familiar with the protocols, but w/e, i just switched it back to permissive :(

definitely going to make a howto or guide on all of the info i have gotten about ubuntu security.
i think ill post it in the howto forum and in absolute beginner talk, sound like a good idea?

The sudden and annoying noises part, thats why I always have the speakers off unless I'm listening to music or playing a game, ever since a popup went screaming "HELLO I AM LISA AND I AM GOING TO SHOW YOU....[rant]" and angry mom came storming in asking "who the hell is that Lisa you got in the computer? where you watching porn??".

thats funny. the only way that i heard that would pose as a threat to a computer running linux was if you used sudo, su,... on something you dont know.

on windows, if you wanna have fun and play games and use programs, a lot of them require administrator powers. with that, a hacker has easy axcess. this is what i heard. im not sure if this is 100% correct.

So .. what about firewalls and anti virus software. is it worth installing it now?.. or Linux is still so secure that there is no need for it?

just do this:

sudo apt-get install firestarter

and you are done for the firewall

I think clamav is available for anti-virus, but I think it's unnecessary

Securing Windows is very easy, just put the machine behind a hardware firewall running Linux.

Linux is more secure than Windows. Volvo is more secure than Renault. USA is more secure than Afghanistan. SSH is more secure than Telnet. Democracy is more secure than dictatorship. Back seat is more secure than front seat.

If I recall correctly, Mandrake gave a nice, scary red background whenever you logged in as root. Just need a skull and cross bones and a ticking bomb and we'll ne set :D funny you should mention that, because i've always have scary themes for root user wallpaper to remind me that using root is a bit like walking through a mine field - its safe if you know where you're going, but one wrong step, and the system gets bombed. typical themes are made by me to look as awful as possible (so that i spend as little amount of time in there as possible. maybe i should just install and use KDE for root). typical scary wallpapers have included scary red dragons, haunted houses, volcanoes and lava streams, skull and crossbones, danger signs, and tony blair grinning inanely.

Searching the forum with the word virus, revealled this link (http://www.ubuntuforums.org/showthread.php?t=136064&highlight=virus) among others.
I'm not sure clicking on links is safe, either, as it can launch an attack.

Also the reason that its opensource makes Linux more secure. There are more people working for Linux(umm...a new version of windows is released every 5 years while a new version Linux is released every 6 months) and why would a cracker/black hacker want to exploit a free OS?

Securing Windows is very easy, just put the machine behind a hardware firewall running Linux.

And get your word trojan delivered right to your mailbox ;-)

IMHO, Their both about the same.

Right now, i'm running Windows XP Pro SP2 behind a router with a hardware based firewall, Norton Antivirus 2006, and Norton Personal Firewall 2006, and Webroot SpySweeper. And I browse the web with Firefox, and use Outlook 2003 as my e-mail client. (PS = Outlook 2003 has the Norton plugins turned on aswell)

IMHO, my computer is pretty damn secure. I have no problem with adware/spyware/viruses, I have a really good spec computer - so my computer is super fast, and I have NEVER had Windows XP Pro SP2 crash or BSOD me.

If I installed Linux as my only OS, it would be as secure as my XP system from the get go. It would not need any of the 3rd party security apps that I currently have installed.

However, if Linux suddenly had a 90% market share, then all the hackers would be trying to hack Linux rather than windows. Can anyone honestly say that they wouldnt need 3rd party security apps if linux really became a mainstream OS?

Thats why I think their about the same, both need 3rd party security apps when they go mainstream.

However, if Linux suddenly had a 90% market share, then all the hackers would be trying to hack Linux rather than windows. Can anyone honestly say that they wouldnt need 3rd party security apps if linux really became a mainstream OS?

Thats why I think their about the same, both need 3rd party security apps when they go mainstream.
I lost count on how many times this argument has been refuted on this forum alone, but here we go again.

1. The argument is problematic, as it's counterfactual. Further, you didn't provide anything to support your claim.

2. There are counterexamples. Apacke vs. IIS comes to mind.

3. Linux is mainstream in many areas, especially when it comes to webservers.

4. This argument assumes that the only deciding factor for security is market share. This however goes against experience.
Further, you really don't want to argue that no measures can be taken to improve securty, do you?
For example, MS claimed that with SP2 XP is now 15 times less vulnerable to worms than it was before. The reason for this is simple, the firewall is now turned on by default. Now, doesn't this clearly show that measures independend of market share can make something more secure?

A properly set up Windows install is no less secure than a properly set up distro of Linux.

Poor administrators can cause risks in both OSs.

My defualt install of Ubuntu is less secure than my post locked down install of Windows XP.

Ubuntu has no firewall, edited - incorrect, XP has a some what usefull firewall. Windows (by default) allows full blown administrator rights, Ubuntu (in default) allows a 15 minute window of full blown administrator rights.

The sudo 15 minute windows will cause trouble in the future. How does spy/mal/trojans get install on windows?

We have dected a problem with your windows registry!!! Click here to fix it now.

A not so computer smart person will click that pop up out of good faith. Then BAM! they're infected. If windows was set up as a limited user account, no infection. Vista will only allow the new IE to run in protected mode, to limit the possibility to execute code.


We have detected your apt-cache is out of date. Click here to fix this problem now
A user clicks the add, is asked for the sudo password, and BAM! infected. But now, that user is open to other attacks from other places WITHOUT THE NEED TO PASS THE SUDO PASSWORD for the next 15 minutes. the suspect code now has complete control of the PC and the sudo password. Fixed if you only use a limited account without SUDO rights, and/or set the time limit of sudo to 0.


Word/Excelle/ *.microsoft program email attached virus. Same can happen to linux, if the virus writer was to target Linux ;)

That fact is, no one really knows just how secure linux is, in a non-server enviroment, because it has never been tested against spy/mal/adware trojans, nor viri.

Ubuntu has no firewall, all ports are open, XP has a some what usefull firewall.
You conveniently forget to mention that a default install of Ubuntu comes with zero, none, nada services running that listen on the network, while XP comes with dozens.

However, if Linux suddenly had a 90% market share, then all the hackers would be trying to hack Linux rather than windows. Can anyone honestly say that they wouldnt need 3rd party security apps if linux really became a mainstream OS?

Thats why I think their about the same, both need 3rd party security apps when they go mainstream.

Yes, exposure would go up. But it wouldn't be nearly as easy to write malware for it. Outlook and Word are a virus writer's fantasy, adding to that the default hiding of file extensions and you got yourself a distaster in the making.

Virus scanners are a flawed solution to the problem, since new viruses often have days (or weeks) to spread before signatures are out. That is why we need passive defenses that limit the ways in which we can be attacked and limit the damage of a succesfull attack.

Not making everyone root by default is one of the lowest haning fruits, but there are many others.

You conveniently forget to mention that a default install of Ubuntu comes with zero, none, nada services running that listen on the network, while XP comes with dozens.

A port that reports as being closed is still unsecure. A hacker now knows a machine is there, and that machine is responding. Not responding at all (stealth) is the only way to be secure.

Here's 2 screen shots, one Ubuntu, one XP (SP2 with XP firewall, and AVAST virus scanner) Which report would you rather have?

A port that reports as being closed is still unsecure. A hacker now knows a machine is there, and that machine is responding. Not responding at all (stealth) is the only way to be secure.

Wrong.
1. A port with no daemon listening on it is secure.
2. Running in stealth mode gives the hacker a lot more information that simply responding in a way that is to be expected.

Ubuntu has no firewall, all ports are open, XP has a some what usefull firewall.


This is a false comparison. If you were to do a portscan against a default Ubuntu install, there should be no open ports hence nothing to firewall. If you do a default windows install, well try it yourself. Apart from firewalling, I don't see anyone getting a windows desktop with no open ports.


Windows (by default) allows full blown administrator rights, Ubuntu (in default) allows a 15 minute window of full blown administrator rights.

The sudo 15 minute windows will cause trouble in the future. How does spy/mal/trojans get install on windows?


The 15 minute window is a tradeoff between convience and security, but one wiht limited implications on the second for several reasons.
First off, most users on the system do not need admin access at all, so they are safe.
Secondly, for malware to exploit this, it still needs to be executed manually by the user at the right time (the 15 minute window) or exploit an unpatched vulnerability.

So if you sudo and then save a mail attachment and chmod +x and run it manually, then you are vulnerable. There is no hiding of extensions like in outlook.

To make things even better, both patches and most software can be installed from the repositories, which are cryptographically signed, so most users should not need to download software from www.freescreensavers.com only to find their machines (operated as admins) owned.

A not so computer smart person will click that pop up out of good faith. Then BAM! they're infected. If windows was set up as a limited user account, no infection. Vista will only allow the new IE to run in protected mode, to limit the possibility to execute code.



A user clicks the add, is asked for the sudo password, and BAM! infected. But now, that user is open to other attacks from other places WITHOUT THE NEED TO PASS THE SUDO PASSWORD for the next 15 minutes. the suspect code now has complete control of the PC and the sudo password. Fixed if you only use a limited account without SUDO rights, and/or set the time limit of sudo to 0.


Without something like ActiveX to exploit, this is quite hard to implement. Installing malware through firefox is not so easy.
As I said, if they download hackme.bin and chmod +x it and run it, there's nothing to help them.

Lowering the sudo limit does not help if the user is careless with typing his admin password.


Word/Excelle/ *.microsoft program email attached virus. Same can happen to linux, if the virus writer was to target Linux ;)


When MS expanded the scope of macro's in Office to what we know now, they were warned that this would lead to exploitation, which it did.
Combined with Outlook's lax security and the file-extension-hiding, it became trivial to exploit. And AV are increasingly failing to protect users when a 0-day exploit (like the word2000/2003 one this week) comes out.

To compare, try writing a simple virus for Word and then try the same for OpenOffice. Or try a trojan that tricks outlook and one that targets evolution.

Wrong.
1. A port with no daemon listening on it is secure.
2. Running in stealth mode gives the hacker a lot more information that simply responding in a way that is to be expected.

How can stealth give any info? Stealth is not there!!!! No response!!!!

Closed response <--- Hi, yes I'm here, and connected, but the door is locked. So you can't come in right now.

Stealth response

See the response :mrgreen:

How can stealth give any info? Stealth is not there!!!! No response!!!!

But that's only true if your box doesn't interact at all with the outside world, in which case it shouldn't be on the net at all.
If it does, people can find out and they'll also get the information that you have something to hide, hence the firewall.

First off, most users on the system do not need admin access at all, so they are safe.

True, most users in windows don't need admin access either.


The thing is, who is getting infected with these viri and adware? The common user, because of poor computing habits. If they have poor computing habits in windows, they will have the same in linux.

No need to chmod anything. Firefox is easy to install possible dangerous code with. Default action for firefox when clicking on a *.exe program across the web is to open with wine, defualt action in firefox when clicking on a *.deb file across the web is to open Gdebi. And the fact you can set it to do this and never ask again.

Now you and I would never do this. But we wouldn't install Kaza with the GATOR package either ;)

But that's only true if your box doesn't interact at all with the outside world, in which case it shouldn't be on the net at all.
If it does, people can find out and they'll also get the information that you have something to hide, hence the firewall.

Are you kidding me? :mrgreen:

With a Firewall with stealth mode turned on, your computer is invisible.

With just closed ports your computer is clearly visable to all and sundry.

I know which one I prefer...... 8)

Are you kidding me? :mrgreen:

With a Firewall with stealth mode turned on, your computer is invisible.

With just closed ports your computer is clearly visable to all and sundry.

I know which one I prefer...... 8)

P.S = i'm not slagging off Linux/Ubuntu here, because there are FOSS firewall solutions that stealth ports in Linux/Ubuntu too! :cool:

With a Firewall with stealth mode turned on, your computer is invisible.

Again, no it isn't.
For example, did you also turn off ping requests?
Is your computer on the net and causing network traffic?
What about legitimate services that send you an ident request? Why exactly should they have to waste bandwith and why exactly should you have to wait some extra time because stealth sound much more secure?

But that's only true if your box doesn't interact at all with the outside world, in which case it shouldn't be on the net at all.
If it does, people can find out and they'll also get the information that you have something to hide, hence the firewall.

That's what a firewall should do. Not respond at all. Many ISPs and network providers have what's called ICMP set to not respond for 2 reasons. Security, and resource load. If it doesn't respond, it isn't there, also, it takes time to respond. The device has to acknowldge that a request was sent, and respond that it is closed. Flood the machine with an attempt of a DOS attack, the machine has to respond to each request as being closed. Rather than stealth, which it just ignores and goes on.

www.google.com <-- use that to find out about closed port vs. stealth ports, and why closed ports that respond are still a security risk.

Again, no it isn't.
For example, did you also turn off ping requests?
Is your computer on the net and causing network traffic?
What about legitimate services that send you an ident request? Why exactly should they have to waste bandwith and why exactly should you have to wait some extra time because stealth sound much more secure?

Stealth mode means that your computer doesnt respond to ANYTHING that it didnt request.

Thats why its better than a closed port.

www.google.com <-- use that to find out about closed port vs. stealth ports, and why closed ports that respond are still a security risk.
:rolleyes:

Stealth mode means that your computer doesnt respond to ANYTHING that it didnt request.

Thats why its better than a closed port.
I know what stealth mode is, but how does this respond to anything I have written?

P.S = i'm not slagging off Linux/Ubuntu here, because there are FOSS firewall solutions that stealth ports in Linux/Ubuntu too! :cool:

I was sure Ubuntu used to include a firewall. But I believe it should be included once again.

Btw., some fun facts about the merits of stealth mode:
http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.en.html#Deny
http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.en.html#Verstecken
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#stealth

A port that reports as being closed is still unsecure. A hacker now knows a machine is there, and that machine is responding. Not responding at all (stealth) is the only way to be secure.


It is not. First off, many firewalls allow ICMP echo messages through as it breaks some connections (my ISP used to time out if you did that for example).

Stealth mode is just an obscurity feature, if someone is targetting you, it will not help you much

True, most users in windows don't need admin access either.

The install routine of windows defaults to making everyone an admin and a lot of things on XP do not work well without it. It's a legacy they carry from being a single user system.


The thing is, who is getting infected with these viri and adware? The common user, because of poor computing habits. If they have poor computing habits in windows, they will have the same in linux.


Yes they will have bad habits, but Evolution/Kmail does not have the bad habbits that outlook does, therefor making the point-and-click virus harder to write.


No need to chmod anything. Firefox is easy to install possible dangerous code with. Default action for firefox when clicking on a *.exe program across the web is to open with wine, defualt action in firefox when clicking on a *.deb file across the web is to open Gdebi. And the fact you can set it to do this and never ask again.


Most newbie users do not have wine installed, nor is it wise anyway because of the (in)security legacy you take in from windows.

Downloading debs of the net is not a good way to install software, most users shouldn't have to go beyond the repositories, which are safe. If they do go outside and they have root privileges, then there is little that can protect them.

But I have not heard of websites that can install viruses when visiting them or E-mails that infect just with an attachment or completely automated on any Nix system. That has always been a windows issue combined with Outlook and IE. Before outlook became mainstream, Eudora was quite widespread, yet it wasn't a target.

Are you kidding me? :mrgreen:

With a Firewall with stealth mode turned on, your computer is invisible.

With just closed ports your computer is clearly visable to all and sundry.

I know which one I prefer...... 8)

Your computer is never invisible. Stealthing adds a little security through obscurity, but it also gives away the presence of a firewall, so it can turn out either way.

Again obscurity is not security.

i thought stealth mode was just one protocol - icmp 8, i think. if a packet doesn't get to the address it's suppose to go to it times out and sends an 'unreachable', so dropped icmp's show a firewall is filtering traffic at the IP that's being scanned. is that correct?

also, i thought stealth mode only really works for standard protocols, so anything which isn't a standard protocol can still get a response, like Nmap which can send 'funny formed packets'. i haven't used Nmap 4, but i think it now has a 'bad checksum' parameter to detect firewalls.

Downloading debs of the net is not a good way to install software, most users shouldn't have to go beyond the repositories, which are safe. If they do go outside and they have root privileges, then there is little that can protect them.

But I have not heard of websites that can install viruses when visiting them or E-mails that infect just with an attachment or completely automated on any Nix system. That has always been a windows issue combined with Outlook and IE. Before outlook became mainstream, Eudora was quite widespread, yet it wasn't a target.

I agree, downloading debs off the net is not smart. But we're talking about the common computer user. If you've ever done tech support, rather if it's for friends and family, or through a paid job, I'm sure you know that the average computer user will do the above.

Most user's I've come across use webmail. Outlook(& express) are used, But I believe the majority of common folk use some type of hotmail/gmail/yahoo/ISP webmail. 2 large US ISPs (Cox and Timewarner) and Wide Open West, are promoting the use webmail instead of stand alone programs. Though if you call for tech support to setup Eudora or Thunderbird, they won't help because official support is only given for Outlook Express. Most of these viri do require user interaction, such as actually opening the attachment. I'm sure there are some that require no interaction, like the newer crop of spy/mal/ad ware that is getting through from the use of Flash. And yes, active X is flawed.

Aren't there some programs that run with SUID on *NIX? And would that impose a risk? I know in 2.4 kernels, cdrdao was run with SUID so a user could take advantage of DMA, what about other programs?


I haven't heard of many *nix viri either. But I'm not turning a blind eye and saying it isn't possible. Which is what Apple has/is doing, and I believe they will pay for that in the short future.

What's great about linux, is that it is open source. Once a flaw is found, it can be fixed and patches sent out quickly. The time delay will be less than what people see on windows. BUT!!! people need to patch their systems. The huge IIS worm that went around a couple of years back was patched rather quickly (considering who had to patch it ;) ) It was able to spread as badly as it did because sys. admins failed to apply the needed patches that were available.


No one can rightfully state that any program (MS/Windows code, apple, linux) is flawless, that would be just down right absurd. What matters is how quickly flaws are dected and addressed, then how users can apply these fixes. It's tough to balance security and ease of use, as long as we are balancing these two features, security risks will always be there. The problem is, most of these risks aren't known until they are exposed. I'm sure Microsoft did not create active X so that hackers could execute code on your machine, it was created to benefit the ease of use. Same as running as administrator (both windows and lindows/linspire), ease of use with the benefit of security risk, which is how sudo is explained. It's a balance of ease of use with a security risk.

Winn Dozer ?
Windoze? M$?

What threat does malware pose to Ubuntu users ?

I've heard many statements that Linux is not vulnerable to viruses, but is this true? Surely someones written viruses to attack Linux servers and maybe even the desktop.
Apart from viruses, should we be worried about the many other forms of malware?

The constant bombardment of malware on Windows was one of the many reasons that I moved to Linux. Now that I've settled down with Ubuntu and upgraded to Dapper, I want to ensure that it stays clean and stable.

Can anyone enlighten me; does malware pose a threat to us? If so what can we do to minimise the risk?

Thanks,
Tony.

Whilst you could never claim that a Linux machine is 100% safe from malware attacks, I certainly think that you can sleep easy knowing that the chances of harm are minimal.

Well there's an ongoing perpetual debate on wether viruses will start to spread once the linux user base becomes large enough...

As far as the malware goes, since most of what you download / install is either from the repos (a source you're supposed to trust, since you downloaded their distribution in the first place), or open-source, which means lots of people have access to the code, and so putting malware or spyware in it would be too obvious to be an option...

I've been using linux for a while now, and I never heard of anyone who got infected by a virus or malware in general.

- trib'

Ubuntu is like a Mac. You don't need an antivirus program.

On Windows if you go to certain dodgy sites on the net and agree to install whatever fluff they want you to install before letting you access those certain pages then you only have yourself to blame.

Think twice about the source of the package you are installing, use the repos, read up on the software you want to install... reviews, word of mouth, posts here etc then make a decision.

I will not install any kind of spyware monitoring software on any system I have.

A while back, people claimed that Firefox (in Windows) will block all popups.
Now that FF has become a bit more popular, people are trying to find the leaks.
It's quite logical, actually.

But I'm convinced that this won't be such a problem on Linux.
I just hope Microsoft has learned its lesson and worked on the stability and security of Vista...

The point is, the architectural differences between Windows and UNIX are such that a virus on windows can bork everything, a linux one can only destroy the home directory. The problem is, the home directory on a desktop is very important, and so malware is still a threat.

An important distinction should be made between malware that brings down your system and one that brings down your information.

While viruses or trojans that have escalated privliges (to administrator/root access) so that they can write to /etc or /bin are very rare or non-existant, it is much easier for an individual to write a script or an executable and convince a user to run it with user privliges. While that doesn't seem too bad from a system point of view, it could potentially erase all the information in ~/ , which can be catastrophic (you can lose all your documents).


In short, the user of the system has to take some responsibility on *any* system to not do something stupid.

OK friends.

1. As said, it's difficult to hide mal-ware code in open software trusted from the Ubuntu repositories.

2. Default password protecting doesn't just protect system files and leave user files out in the wind. Many/most spreading nasties will likely never get you way due to lack of system files access. Think about it. (and use a flash drive for backup of what you can't live without)

This debate about OSS (like Ubuntu) soon falling prey to the Windows hacker is a wet dream of Microsoft and the "Anti" mal-mare selling companies. Now I DID NOT say Linux is impervious. I'm also speaking of the developers product resposibility in which Microsoft is extreamly iresponsible (conversely worldwide sprading malware) but according to their license you can eat it. You don't even own your Windows software.

The main thing is, open software is now very, very popular and used. Mcafee was quoted in a Linux time-line new article yesterday as saying (In 1995!) that Open Source freedom from mal-ware would soon end.

THAT WAS ELEVEN YEARS AGO!

...and yes, you still better not install unknown programs and open attachment from people you don't trust. You can't act like you're too smart to ever fall for a phishing (personal info gathering) attemts either but these things are OS independant.

Windows is like a screen door on a submarine. Keep it out of the surf.

Reference: Eight months factual history where NO Firewall, anti-program (after much time required running the "security" software) idicated anything but a clear and clean system. The Sony root-kit (Trojan and ironically open license infringing mal-war) existed on Windows boxes for up to Eight months!

That's one we know about people. Surf Ubuntu.

But you know what? They are chomping at the bit to show any online security imperfection with the likes of Ubuntu just to make their own **** look clean, but think about it. Should anything ever start spreading, what then do you think would happen with Ubuntu?

Summary: Nothings perfect but come on! Don't underestimate multi-billion dollar marketing, monopolistic propaganda.

Ubuntu A+
Windows F-

On security.

So if your an A with personal security then you need ubuntu and it's A+ (but imperfect still).
If you are an F with your own security then Windows will help you fall with it's self serving F-.
Dual boot your old Windows but DON'T surf with it.

We should understand that true "malware" harms the system. That is, virii and trojans can alter system level services and executables.

Generally the only solution to such system level damage is a complete wipe and reinstall. Sadly, this has been a standard "repair" technique from the M$ crowd since the early days of Windows and for the average M$ user it's seen as SOP.

I come from the *nix side and the idea of having to completely rebuild my OS because of errant programs is almost a foreign concept. A properly administered *nix box is nearly impervious from malware. It's not foolproof but we have the advantage of an incredible collection of tools at our disposal for monitoring system activity and changes which makes even potential damage unlikely to an attentive SA.

The arguments about keeping personal data backed up is a mantra that exists in the IT community and is always the most vulnerable aspect of using any computer. It's just good policy no matter what a person puts on the system. BACKUP, BACKUP, BACKUP. You can't say it long or loud enough and still losses happen. Can it happen to a Linux user? Certainly. As has already been stated, running any script or program has the "potential" for damage. With *nix, it's limited to the user on a properly administered system. That's the main advantage. You might need to restore your personal directory but the system remains intact. System permissions limit any problems to only those files and directories that a given user has access to. As already mentioned -- you must use some common sense. If it's from a trusted source there's probably little to worry about but always be wary. YOU are your own best "anti-virus".

I'm sure Microsoft did not create active X so that hackers could execute code on your machine, it was created to benefit the ease of use. Same as running as administrator (both windows and lindows/linspire), ease of use with the benefit of security risk, which is how sudo is explained. It's a balance of ease of use with a security risk.

Active X is what you call "balance" ? If they really didn't intend for Active X to turn out this way then they're idiots...they might as well all grab bananas and disappear into the vast brazilian jungles. And the same question comes up again like always, if it wasn't intentional that they completely disregard security why the hell is active x still there in 2006...that's right, this is 2006 people. Back when active x was introduced...2006 seemed like the setting for some low budget film about the future where we all wore silver jump suits and halos on our heads...

I guess when active x was introduced that kind of mistake was forgivable...but there's no excuse for it to still be there in 2006...

I like that. You are your best anti-virus.

I'm sure you are not saying Microsoft (or Ubuntu coders) have no moral responsibility to make secure operating systems and apps.

Also, many people do indeed not fully understand the clean install (Windows) problem. Many say that Windows strenth is it's pre-installed and pre-package total systems. I think we miss the point. Not to mention (much) the swill of trial software one needs to move out on the way, if you EVER get or even suspect your Windows system has been exposed then the only way to achieve a known and clean system is by starting over and having a good additional firewall to load WITHOUT going online first.

So, how is all that better than an easier to install Ubuntu CD? Where is the pre-installed advantage?

Why not continue to ease the initial Ubuntu installation? It is TIME we are talking about here dear friends. That's what ease of use is. If it's fast to install(and just works), everyone wins!

Currently ubuntu is easier to install. Any crappy devices you may have to deal with or just replace are FAR worth the effort. You save time and money.

If you are the rare person here that does not know, Ubuntu is free for life.

1. Broadband
2. About 256MB RAM
3. One of the MANY automatically working WiFi devices.

That's all you need. An Nvidia geforce 2 or better ($10) graphics card will also give you direct 3D (DRI.) See TORCS. Google it. It's an easier to click install in the Ubuntu package manager (Synaptic.)

The point is, the architectural differences between Windows and UNIX are such that a virus on windows can bork everything, a linux one can only destroy the home directory. The problem is, the home directory on a desktop is very important, and so malware is still a threat.

I agree with this. But virii under linux - besides destructing datas - are in a so little number that you don't have to think about them.

Malware are now more interested in making zombies and / or get some ransom.

So, a linux user can sleep well. Until a really big bad threat appears.

I like that. You are your best anti-virus.

Your knowledge and an up-to-date system too !


I'm sure you are not saying Microsoft (or Ubuntu coders) have no moral responsibility to make secure operating systems and apps.

What !!!!


Also, many people do indeed not fully understand the clean install (Windows) problem. Many say that Windows strenth is it's pre-installed and pre-package total systems. I think we miss the point. Not to mention (much) the swill of trial software one needs to move out on the way, if you EVER get or even suspect your Windows system has been exposed then the only way to achieve a known and clean system is by starting over and having a good additional firewall to load WITHOUT going online first.

Or to have a modem which also have an hardware firewall in it.


So, how is all that better than an easier to install Ubuntu CD? Where is the pre-installed advantage?

For some users, it is. Some people will NEVER be linux user. I am not pessimistic saying this, just realist. And I am telling this from my own experiments.


Why not continue to ease the initial Ubuntu installation? It is TIME we are talking about here dear friends. That's what ease of use is. If it's fast to install(and just works), everyone wins!

What to add here ?


Currently ubuntu is easier to install. Any crappy devices you may have to deal with or just replace are FAR worth the effort. You save time and money.

Hardware compatibility is a problem, maybe the bigger one.


If you are the rare person here that does not know, Ubuntu is free for life.

1. Broadband
2. About 256MB RAM
3. One of the MANY automatically working WiFi devices.

Or a good old ethernet modem too ;)


That's all you need. An Nvidia geforce 2 or better ($10) graphics card will also give you direct 3D (DRI.) See TORCS. Google it. It's an easier to click install in the Ubuntu package manager (Synaptic.)

I am using a FX5200 and it works flawlessly. And for next ubuntu generation, a FX5200 will be better (xgl !) than a good old GeForce 2.

A friend of mine brought in his flash drive and asked me to print his CV.. one of my Windows machine is open, so i popped in the flash drive and found out that it was infested with virus!.. so I unplugged the flash drive and popped it in my Linux machine, and printed his document.. out of curiosity, I tried openning the virus in my Linux machine, but it just wont do.. I tried clicking it a lot of times, but no success in putting the virus in my Linux machine.. hehehe.. cool..

I am using a FX5200 and it works flawlessly. And for next ubuntu generation, a FX5200 will be better (xgl !) than a good old GeForce 2.

For me FX5200 doesnt work with AGP enabled. the machine freezes at random. I tried many tricks.. However it doesnt matter to me coz I never play games or use a lot of eye candy :) But the thought that the GFX card doesnt work as it should bothers me at times

However its far better than using an OS that is vulnerable at any point of time.

But there is one fact.

Ok, the updates all come from the repo we put our trust in. But since Ubuntu is open source and public, what's stoping someone to actualy put an update in one of those repo that actualy contains malware, spyware, virus or whatever ?

I am not being paranoid. Just pointing out something to make sure the community has plans for.

Are the updates put into the repo actualy verify before people start downloading them ?

Are they in a state of TO-BE-VALIDATED before being elligable to be downloadable ?

Is the changed code verified with somekind of CVS software ?

Lets just prepare for it. It may not be the case now but who knows, maybe in 1 month something will happen ?

But there is one fact.

Ok, the updates all come from the repo we put our trust in. But since Ubuntu is open source and public, what's stoping someone to actualy put an update in one of those repo that actualy contains malware, spyware, virus or whatever ?

Erh, maybe because there is a gpg key which helps preventing such problems ?


I am not being paranoid. Just pointing out something to make sure the community has plans for.

Don't worry about this ;)


Are the updates put into the repo actualy verify before people start downloading them ?

And you said you're not paranoid ?


Are they in a state of TO-BE-VALIDATED before being elligable to be downloadable ?

Is the changed code verified with somekind of CVS software ?

Lets just prepare for it. It may not be the case now but who knows, maybe in 1 month something will happen ?

Ubuntu exists since october 2004. So, if somebody wanted to mess a repository, it would have happened.

Only time will tell, but I am confident about repository security.

For me FX5200 doesnt work with AGP enabled. the machine freezes at random. I tried many tricks.. However it doesnt matter to me coz I never play games or use a lot of eye candy :) But the thought that the GFX card doesnt work as it should bothers me at times

Erh ?!

What is your ubuntu ? Mine is a simple x86 one, with official nvidia drivers. And got no problem at all.


However its far better than using an OS that is vulnerable at any point of time.

Indeed. But unix are somewhat better than windows on one point : a simple user cannot mess the system because of too big powers.

It's All well and good saying 'Im confident, nothing has happened'. But it's also true that more people will try to cause problems on the platform they know they are going to affect a lot of users on. Notice how apple's have started taking it a bit more recently, as their user base increases.

Although yes, a linux machine isnt as easy to cause 'system level' damage too if your not a superuser. Most home users ARE their own superuser, and type it in, whenever prompted, to do software updates, etc etc.

All im saying is it's very true that people are nowadays the weakest link in computer security, and although program writers are trying to help combat this problem, with increased warnings, and higher security defaults etc,

it's still the case that if a windows user, who happily reads an email from 'their bank' who need to 'veryfy their details' and then goes to the web and gives a website those details...
suddenly becomes an ubuntu user, eventually, similar could easily happen on ubuntu 'we need you to run this and 'verify you are the main user of the computer by typing your root password when pompted''

does it really sound that far fetched? It is easily possible, therefore, user support and training is what will really keep this OS secure... especially as more and more people start to use it in their homes, on their own, with no *nix admins around :P

Also (And yes im rambling now) is it only me who thinks, 'yes, linux may be harder to get into than windows... but once your in.. you have much more powerful hacking platform to carry on network exploration, than you would if you'd got into a windows box' for example... The default installed scripting languages perl, php, even shell, etc. the shell access without needing something detectable that wasnt there originally. (such as vnc or a backdoor on windows)It just seems like a much 'jucier' target for hackers, or people that want to own botnets, so i think attempts will become quickly more popular... and with single users only just moved from windows, and geting used to linux... penetration could be easier than expected.

Just my 10p anyway. (At work.. waiting for a compile... what else am i meant to do :P)


(And just out of curiosity... has anyone tried a recursive forced remove, ignoring errors, from the / directory as a normal user... )

Regards,
Tx

It's All well and good saying 'Im confident, nothing has happened'. But it's also true that more people will try to cause problems on the platform they know they are going to affect a lot of users on. Notice how apple's have started taking it a bit more recently, as their user base increases.

The good old relation between marketshare and malware threats ?!


Although yes, a linux machine isnt as easy to cause 'system level' damage too if your not a superuser. Most home users ARE their own superuser, and type it in, whenever prompted, to do software updates, etc etc.

Yes, and so ? If you're not using root for a daily use, I don't see what's wrong ?


All im saying is it's very true that people are nowadays the weakest link in

Wrong ! Users are always the weakest link. Always.


computer security, and although program writers are trying to help combat this problem, with increased warnings, and higher security defaults etc,

Leading to crappy thing like UAC in Vista.


it's still the case that if a windows user, who happily reads an email from 'their bank' who need to 'veryfy their details' and then goes to the web and gives a website those details...

Phishing there. A good anti-spam tool kills this.


suddenly becomes an ubuntu user, eventually, similar could easily happen on ubuntu 'we need you to run this and 'verify you are the main user of the computer by typing your root password when pompted''

As old as the humanity.


does it really sound that far fetched? It is easily possible, therefore, user support and training is what will really keep this OS secure... especially as more and more people start to use it in their homes, on their own, with no *nix admins around :P

Any OS could be more secure if users are trained and no more "brainless" clicker.


Also (And yes im rambling now) is it only me who thinks, 'yes, linux may be harder to get into than windows... but once your in.. you have much more powerful hacking platform to carry on network exploration, than you would if you'd got into a windows box' for example... The default installed scripting

You have to get in first.


languages perl, php, even shell, etc. the shell access without needing something detectable that wasnt there originally. (such as vnc or a backdoor on windows)It just seems like a much 'jucier' target for hackers, or people that want to own botnets, so i think attempts will become quickly more popular... and with single users only just moved from windows, and geting used to linux... penetration could be easier than expected.

Well, no more than a big bag of possibilities. You have to find an ubuntu with php installed by default.

And Windows are simpler to crack because of its bad roots.


Just my 10p anyway. (At work.. waiting for a compile... what else am i meant to do :P)

Using ccache to speed up the build process ?


(And just out of curiosity... has anyone tried a recursive forced remove, ignoring errors, from the / directory as a normal user... )

Regards,
Tx

You mean a rm -rf ? I am not suicidal today.

Erh ?!

What is your ubuntu ? Mine is a simple x86 one, with official nvidia drivers. And got no problem at all.

Its a 64 bit machine running 32 bit Dapper.

AMD-64 3000+
1G RAM (512x2 Kingston)
Gigabyte K8MV800M mobo
NVIDIA FX5200 card 256MB (running at 8x AGP)
Sony DRU-810A DVD+RW

Installed the official 8756 drivers from ubuntu (nvidia-glx)

If I dont disable AGP, the machine freezes , mostly when browsing / scrolling thru large text

Tried it on 64 bit Ubuntu Dapper also same results.

Erh ?!

What is your ubuntu ? Mine is a simple x86 one, with official nvidia drivers. And got no problem at all.

Its a 64 bit machine running 32 bit ubuntu.

AMD-64 3000+
1G RAM (512x2 Kingston)
Gigabyte K8MV800M mobo
NVIDIA FX5200 card 256MB (running at 8x AGP)
Sony DRU-810A DVD+RW

Installed the official 8756 drivers from ubuntu (nvidia-glx)

If I dont disable AGP, the machine freezes , mostly when browsing / scrolling thru large text

Edit
Its a K8VM800M mobo not K8MV800M

What threat does malware pose to Ubuntu users ?

I've heard many statements that Linux is not vulnerable to viruses, but is this true? Surely someones written viruses to attack Linux servers and maybe even the desktop.
Apart from viruses, should we be worried about the many other forms of malware?

The constant bombardment of malware on Windows was one of the many reasons that I moved to Linux. Now that I've settled down with Ubuntu and upgraded to Dapper, I want to ensure that it stays clean and stable.

Can anyone enlighten me; does malware pose a threat to us? If so what can we do to minimise the risk?

Thanks,
Tony.

Let's see... The latest kernel is 2.6.17.4.

The reason it is the latest kernel is because Red Hat was doing research and found a certain dump error with write premissions...

If Red Hat is doing "research" they are bound to fix any flaws... Which they are working on.

The reason you hae to ask this question is because we don't see any of it, and you have to wonder, where in Windows, you have to wonder, how to get it out...

I think, it isn't the distro the malware would be applied to, but the packages within the distro, and the kernel.

As long as you have the latest kernel, which is in, some cases, the most secure, you should be fine?

A few nights ago my wife downloaded what she thought was an ebook from Limewire (in ubuntu). She executed setup.exe with wine and it was indeed a virus. However, from what I can gather it was only able to propagate itself in the limewire shared directory (/home/lisa/shared). While it created several thousand copies of itself in that directory, it did not appear to have the knowledge of how to exit the directory.

I deleted all the files in the directory and all seems well. My only concern now is if this would have happened while she was downloading mp3s... if one of those were infected and then she copied it up to the Win2K3 server.... now the very thought of that sends a chill down the old spine

The reason would be, .exes aren't native.

I know that virus. If you were in Windows, theres a downloader, and it's a bitch to get rid of.

Linux just wont start running 'wine virus.exe'. Good thing about linux, the command has to be issued, and always asks for premisson. You can juse "sudo cp viruses through everywhere" unless your in a sudo session...

Anyone who MAKES a virus for linux, is going to get shot, killed, eaten, murdered, jumped, bagged, and pantsed, in that order.

I would personally risk going to jail to ICMP nuke there connection dry.

No one in there right mind would do that, because everyone who uses linux is either a "linux geek" or a smart buisness owner, or a windows hater. If anything, we'd make virsues for windows. :)

Spyware is what? The excessive amounts of adware and things going on without your premission? Not on Linux.

Here's the difference:

In Windows, there are so many viruses, it takes companies like Symantec all the strength they can muster just to keep up with the latest definitions.

In Linux, there are no active viruses (only proof-of-concept ones). So when the first one comes out that's actually a danger to Ubuntu users, you'll probably hear about it way before you could possibly be infected.

Also, for users like me, the repositories suit all needs. If Microsoft offered more software for free, Windows users wouldn't go to sketchy sites to download "freeware."

aysiu : I completely agree.

But when I was under windows, I tried to escape paying antivirus. I used freeware ones, and it was perfect.

When I don't have a software in repositories (official ones, the others ?!), I go to the site, grab the source, and build it. Maybe it is not good with apt management, but it works. :)

If you want it good with apt management, check out checkinstall:
https://help.ubuntu.com/community/CheckInstall

Here's the difference:
Also, for users like me, the repositories suit all needs. If Microsoft offered more software for free, Windows users wouldn't go to sketchy sites to download "freeware."
Surely it is because people will use so called "freeware", without considering the price to pay, that problems arise. Nothing is free in this world except Linux /etc . People won't read EULA since it always says the same thing ( Deosn't it?), and will happily install "Winfixer adware" except it is "malware" along side their free stuff. I know from experience how hard it was to get rid of that junk, which virus-like hides itself away. I know I cheerfully installed it along with something seemingly attractive. I soon learned that anything involving "Gator" in it was poison( that handy little calendar program thingy.) It's like walking through a muddy field, some of it sticks on your boots.
It is only 6 months ago I discovered why Hotmail messages via my Tesco mail weren't arriving. Customer services replied that Microsoft failed to come up to acceptable anti spam standards and so blocked them all (includes mail to NTL of course).
So if anything involves £/$ then someone wants to get some of it. Theres not a lot of opportunity to collect in this freeworld we live in here, and so there isn't a lot of interest from outside. I know this reply is basic and non technical but it is just a reminder of the way the world outside works.
If I was one of those writing this junk then at least I would make sure I had a healthy financial investment in the companies being paid to remove it all.

Lot's of good data in this thread...
Back to the topic:
Keep in mind that there are only 2 basic reasons for the existence of spyware, malware & viruses or virus-like programs: criminality &/or money, that's all. Even the curiosity dosed script kiddie who lives next door is practicing a smaller form of criminality.

These malware are propogated mainly for economic reasons, they display ads, they force infected users to see ads (called impressions in marketing lingo). It's a fact that the more impressions a product gets the more its sales increase. It's more of a dynamic law of nature & even physics, outflow results in inflow. Madison Avenue knows this well!

So, is it necessary to use av, antispy & such on linux? Well that depends on the user. If a user engages in criminal activities himself, he is bound to become infected/screwed with something along the way, even if it's something like a script or app he snagged on a p2p network. But the odds of getting a screwed system resulting form that are far far less than on Windows. The marketing money is invested in Windows users' ignorance, Windows users' own criminal tendacies (p2p, music, video) and their pocketbooks.

Frankly, it is not financially viable to target linux users' pocketbooks, we are all overworked, underpaid, a bit more tech savvy and we make more noise publicly. In essence we do not make good marks to the shills & con men!

The only real security concern for linux is if running a server. Servers store data that is often private or confidential. Home servers are targets for warez users and script kiddies. (criminality)

Myself, I don't use antivirus on any of my systems, Windows or linux. I have avg av on my windows systems but all I ever do is update it & it never runs in the bg. I keep it because I know I am not 100% perfect 100% of the time. Like the man said ealier in this thread: backup, backup, backup.

2-1/2 years running various Linux distros. No virus protection, no malware protection.
2-1/2 years, no viruses, no malware.

regards,
-dc

I managed to get a Java trojan on my system from a website, passed through Firefox on Ubuntu Linux, believe it or not. It was something like Java Classpath. ClamAV picked it up and notified me, however. (Most people don't configure their clamav!)

I also use an iptables firewall because I'm a web developer and use ports on my system. I test them from my home LAN occasionally (PCs besides my own).

When I received the first trojan, because I couldn't identify what it was capable of, I abandoned ship -- I got that anal about it. I blew away everything but /home (which was on a separate partition) and redid it again through the Ubuntu installer. And, before I used my old home directory, I created a new login and copied over all my old files into that profile under /home -- all except the hidden folders.

Even with this one small issue, which was really the fault of a loophole in Java, I've been on Ubuntu since 5.04 and it's protected me a great deal on the Internet.

Now I don't use Java in my browser, only Javascript. I dislike Sun anyway.

how safe is Linux compared to Windows when it comes about viruses, troyans, internet security, etc.. basically all that stuff that occur once in a while in Windows even when you're carefull.

is it worth to install an antivirus or a firewall in Ubuntu?

"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. plese read this for more info linux vs windows viruses (http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/)

how safe is Linux compared to Windows when it comes about viruses, troyans, internet security, etc.. basically all that stuff that occur once in a while in Windows even when you're carefull.

is it worth to install an antivirus or a firewall in Ubuntu?
As for virus, worms, and trojans. Very very very very low if you even get a virus with Linux. If you do, please let every one know, because they are rare. http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
http://www.viruslibrary.com/virusinfo/Linux.htm
http://librenix.com/?inode=21
There is some links to get you started to read up. Most of the virus crap is an windows exe file. Yep there is a chance that you my unknowing send it off on attachment to a email.
Internet is more secured, like not haven spyware crap DL on your pc. If there was spyware for Linux O/S. I am sure there will be a program to sweep it out. Ubie has a security up date every 4 mounth. Basicaly every upgrade.
Ubie has a firewall all ready in the program. You can run more firewalls if you so do choose. Most hackers are hacking into windows base systems. Some of the hackers are using Linux O/S to hack with. That Is what I have read.

dont worry about it, i have been using linux 4 years now and i havent gotten a single bad anything

Windows is like the ceramic piggy bank on your dresser....Linux=Fort Knox

thanks for the information. The articles explain it pretty well.

thanks for the links and answers. It basically would be:

1-root user gives you control when a file or application wants to affect the system, while in Windows it just executes itself.

2-variety of distributions and programs makes it more difficult for virus-makers.

3-in Windows program files are mixed with system files, what makes it easier for programs to affect the system.

4-firewall comes included in Ubuntu.

If you keep your passwords strong, and update the system when it's suggested you'll be very safe.

is ubuntu linux safe without an anti-virus or a firewall if i an using a 24 /7 broadband connection

and if i need to install an anti-virus then which one shall be the best anti virus for ubuntu linux 6.06

Ubuntu is safe without antivirus.

But you could still transfer windows viruses to windows users. It's up to you whether you run antivirus software or not.

You still need a firewall.

Ubuntu is safe without antivirus.

But you could still transfer windows viruses to windows users. It's up to you whether you run antivirus software or not.

You still need a firewall.

I have a firewall installed but I am still not really 100% sure what they do exactly. Could someone please explain to me.

unless your running it as a server with windows boxes attached anti-virus isn't nessesary.
there are viri for linux but it's only e few(about 40 i think)and they're mostly targeted at servers and very uneffective.
if you wanna know more this is a good read: http://librenix.com/?inode=21
and if you want to have anti-virus you can install clamav or f-prot.
as for a firewall....ubuntu has one build in the system and there aren't any ports open by default but if you want extra protection you can install a graphical firewall configuration tool called firestarter.

I have a firewall installed but I am still not really 100% sure what they do exactly. Could someone please explain to me.

A firewall controls what goes in and out of your computer by way of "ports"

BTW, kewl pic of you I presume and Dave..:o

thank you all for yuor prompt replies,
i would just like to ask one more thing
i'll be running ubuntu as a desktop environment ,
and that too primarily for internet usage
so would i be needing to install an anti virus or
a firewall ...
which onces would you be recomending and are best for
ubuntu linux

thanks fro all the help !!

so would i be needing to install an anti virus or
a firewall ...

No. Neither of them.

No. Neither of them.

True, although a firewall never hurts, especially when you don't use a router.
Use this code to install a gui firewall.
sudo apt-get install firestarter

The firewall is installed and activated by default under both Ubuntu and Kubuntu. The only reason to install Firestarter is if you want to be able to use a GUI to make changes to the IP tables. Otherwise, you don't need it.

Firestarter is an editor for the firewall; it is not the firewall itself.

True, although a firewall never hurts, especially when you don't use a router.
Use this code to install a gui firewall.
sudo apt-get install firestarter

You should mention to enable universe if you recommend that.

The only reason you need a firewall on a desktop is to have control of what your box does. If you fear that an application will phone home or spy on you, it is useful.

Out-of-the-box, ubuntu does not ship with anything that can spy on you like that. All of the software in the main and universe repositories come in source form, which means that if anyone wanted to upload some spyware into the archive, it is likely it wouldn't last long.

So you don't need a firewall by default.

I was wondering, what does Linux so safe compared to Windows? Wouldn't it be as insecure as windows, if it has more marketshare? Why would this affect Linux, it can't be that hard to make viruses for it, especially not when you have the source code, then you'll be able to make devastating viruses, right?

The quick answer to this is, no it's not (http://www.securityfocus.com/columnists/188).

thx for the article :)

i am using a "Cable" 24/7 broadband connection, and i am on a lan connection with most users running windows OS, and i will be running Ubuntu as a desktop enviornment and primarily use it for internet usage , so in that case is it neccesary for me to use a Firewall or an anti-virus , and if "Yes" which one will the most recommended onces..

i am using a "Cable" 24/7 broadband connection, and i am on a lan connection with most users running windows OS, and i will be running Ubuntu as a desktop enviornment and primarily use it for internet usage , so in that case is it neccesary for me to use a Firewall or an anti-virus , and if "Yes" which one will the most recommended onces..

Unless you have installed any software that would allow other users access to your box you do not need anything.

It's as though your box is not even there.

By default, you are secure. Jyst pick a strong password and keep up to dat with security updates.

Unless you have installed any software that would allow other users access to your box you do not need anything.

It's as though your box is not even there.

By default, you are secure. Jyst pick a strong password and keep up to dat with security updates.

thanks a lot azz for the suggestion,however i dint get one thing ,
what is the "Box" that you are talking about,and how can i check whether other users in my lan have access to me or not(as some users are usinf windows OS and some linux)

I was wondering, what does Linux so safe compared to Windows? Wouldn't it be as insecure as windows, if it has more marketshare? Why would this affect Linux, it can't be that hard to make viruses for it, especially not when you have the source code, then you'll be able to make devastating viruses, right?

Well, the permission system is a whole different thing in linux, tnah it is in windows.
A second thing, Windows is installed on most computers (home, office (not servers))
One more thing, about the source. Well, if it's open, and there's a security hole, then more people get involved with fixing it and releasing a path.
On the other hand, while it's not released, hackers/scipt kiddies can use it on a poorly configured system

Well, that's the basics :)

Well, the permission system is a whole different thing in linux, tnah it is in windows.


It always looked pretty similar to me?
What's the difference?

Well, the permission system is a whole different thing in linux, tnah it is in windows.And Window's is superior, so...

A second thing, Windows is installed on most computers (home, office (not servers))Means nothing.

One more thing, about the source. Well, if it's open, and there's a security hole, then more people get involved with fixing it and releasing a path.No, that's no true.

On the other hand, while it's not released, hackers/scipt kiddies can use it on a poorly configured systemAlso not true. They can do that on Windows too.

A second thing, Windows is installed on most computers (home, office (not servers))
Means nothing.
How can it mean nothing? If it's installed on more PC, logically, viruses should be created to target the most PCs that is possible. In this case, running Windows.

One more thing, about the source. Well, if it's open, and there's a security hole, then more people get involved with fixing it and releasing a path.
No, that's no true.
Why not? Well, maybe I phrased my thouth wrong here. Open source software usually gets bugs fixed faster than closed-source, doesn't it?

On the other hand, while it's not released, hackers/scipt kiddies can use it on a poorly configured system
Also not true. They can do that on Windows too.
They can. But... Doesn't open-source software publish bug reports and everyone can read them?
Some (maybe most, but not all) closed-source creators tend to quietly fix bugs instead of publishing them first.

The biggest pitfall in Windows design is that it's a mono-user styled system. Programs are designed to run as administrator and would mostly fail if you didn't. Becuase of this, trojans and whatever else have easily been able to run rampant once they have access to the system.

The reason Linux is so safe is the layered permissions system it has in place. Since Windows designed its OS from the beginning with a one user style it has been frantically trying to intigrte a Linux type permission system without breaking all previous software codeing in the process.

If windows implimented a permissions system similar to Linux right now, a good portion of Windows software would fail to run as it would require access to Adminstrator priveleges to function; effectively eliminating any gain in such a system.

Correct me if I'm wrong...

The biggest pitfall in Windows design is that it's a mono-user styled system. Programs are designed to run as administrator and would mostly fail if you didn't. This isn't directly Microsoft's fault. Third-parties create those programs that way because most Windows users run as administrator anyway, which is the default. By the way, here's a list of programs that fail when run as limited user (http://support.microsoft.com/default.aspx?scid=kb;en-us;307091). What's sad, though, is how the "Run as..." feature doesn't really work fully (it's similar to Ubuntu's sudo). Windows Updates with the "run as..." command fail. You need to log in as administrator to run those. And some programs (like certain Control Panel applications and Explorer) won't take the "run as..." command at all.

But I think most people would agree the files that are really important are the user files. So whether you're using Windows or Ubuntu:

1. Create strong passwords (hard-to-guess ones)
2. Back up your personal files regularly
3. Don't run as root/administrator all the time
4. Don't do anything stupid (like falling for phishing or clicking "OK" on something when you don't know what that "OK" will do).

Whether it's Microsoft's fault or not seems rather moot in the user's perspective. The fact that most users run in adminsistrator mode does not justify the permissions system, but rather highilights its flaws as a necessity for reconstruction.

The issue of these programs running as admin does matter since flaws in the code give admin access rights once comprimised (http://news.com.com/5208-1002-0.html?forumID=1&threadID=10613&messageID=78366&start=-146).

Well, as I said before, though, it's ultimately people's personal files that are most important to them. If a system is compromised either locally or systemwide, most end-users would feel the "only" solution is a reinstall anyway... in which case, having back-ups of personal files is more important than back-ups of system files.

Also, these days a lot of the exploits I see in browsers tend to be "escalation of privilege" exploits, which do not necessarily need the user to run as admin, if I'm understanding them correctly.

Ultimately, security all boils down to the user. I would consider a Windows computer run as administrator by someone who knows what phishing is (and how to avoid it) and uses only hard-to-guess passwords and makes regular back-ups, to be far more secure than a Ubuntu computer run as limited user by someone who will click on anything, install anything, give away credit card and personal information to any link, and who doesn't make regular back-ups.

Ultimately, security all boils down to the user. I would consider a Windows computer run as administrator by someone who knows what phishing is (and how to avoid it) and uses only hard-to-guess passwords and makes regular back-ups, to be far more secure than a Ubuntu computer run as limited user by someone who will click on anything, install anything, give away credit card and personal information to any link, and who doesn't make regular back-ups.

....partially agreed

Well, as I said before, though, it's ultimately people's personal files that are most important to them. If a system is compromised either locally or systemwide, most end-users would feel the "only" solution is a reinstall anyway... in which case, having back-ups of personal files is more important than back-ups of system files.

Two things:

One, personal files are definately most important. But, a close second is having your system included in some massive zombie network or worse; having everything keylogged and your identity/bank account stolen. (That may actually be MORE important than my personal files as now we're talking about my personal $$)

Two, most basic Windows users (the mjority of people out there) would have no clue when there systems have been infaltrated. Lets face it, nowdays if you have a fiewall, antivirus and update regularly you're pretty far ahead of most users. That being said, what good is doing regular backups and reinstalling if those users have no idea in the first place.

In comes my frustration with Windows. To some extent it IS their responsibility to lock down their product at the core level apart from any user knowledge level assumptions; you kinda have to play to the lowest common denominator when it comes to security which, I think, is not being done.

Exactly my point--it all boils down to the user. Yes, an OS should be designed with security in mind, but if the user is stupid, who cares?

I don't see why a keylogger couldn't be installed locally (not system-wide) and serve the same purpose. And if you're a dumb user, you'll give away your sudo privileges to make your computer a zombie network.

I think Seinfeld said it best. I'm paraphrasing: "It's the Clapco 3000. It's the most impenetrable lock on the marketplace. It has but one design flaw--the door... must be closed!"

How can it mean nothing?Because it doesn't change the security practices on the majority platform or the minority platform. Linux is still targeted, so it's not like Canonical gets to stop releasing security updates for Ubuntu.

If it's installed on more PC, logically, viruses should be created to target the most PCs that is possible. In this case, running Windows.But that's meaningless.

Open source software usually gets bugs fixed faster than closed-source, doesn't it?Nope. It may appear to be faster, but frequently the processes are dissimilar. The amount of testing MS goes through on an IE fix is much, much larger than what the Mozilla organization goes through on an FF fix, for example.

It's difficult to compare when you have very dissimilar processes.

They can. But... Doesn't open-source software publish bug reports and everyone can read them?Sometimes, sometimes not. Mozilla.org was guilty of hiding major security flaws in the seamonkey codebase related to XUL for years. Not days, not weeks, years.

Some (maybe most, but not all) closed-source creators tend to quietly fix bugs instead of publishing them first.No, because many (if not most) security bugs are found by third party researchers.

The biggest pitfall in Windows design is that it's a mono-user styled system.No, it isn't. It's nothing of the sort and hasn't been since the days of Windows 9x.

Programs are designed to run as administrator and would mostly fail if you didn't.Nope, you're crazy. Some programs are badly written, but not all are. But I can point to plently of badly written core UNIX stuff too: bind (pre-9.x), sendmail, virtually anything written by ISC, etc.

Becuase of this, trojans and whatever else have easily been able to run rampant once they have access to the system.They can do that anyway. Sure, they can't delete C:\WINDOWs, but that's not really important. I can restore that rather easily.

The reason Linux is so safe is the layered permissions system it has in place.Linux doesn't have layered permissions. It has DAC w/ capabilities, and 99% of systems run in: no privileges and all privileges.

Since Windows designed its OS from the beginning with a one user styleSorry, I just have to repeat this again, you are totally wrong. You are so wrong in fact, you really shouldn't say anything technical about Windows security until you read some really basic documentation (i.e., Wikipedia level). NT has always been a fully multiuser system. I've proven this half a dozen times on this forum alone. I should not have to repeat this information. It's simply too basic.

it has been frantically trying to intigrte a Linux type permission systemI don't see why they would when they have a superior system, since they mandate the use of ACLs.

If windows implimented a permissions system similar to Linux right now,Window's is vastly superior.

a good portion of Windows software would fail to run as it would require access to Adminstrator priveleges to function; Much less than you think, but you can create a limitd account and try this yourself.

What's sad, though, is how the "Run as..." feature doesn't really work fully (it's similar to Ubuntu's sudo).Actually, it's much closer to su.


Whether it's Microsoft's fault or not seems rather moot in the user's perspective.But it's clearly not.

The fact that most users run in adminsistrator mode does not justify the permissions system, but rather highilights its flaws as a necessity for reconstruction.But it doesn't. Linspire does the same thing with their Linux distribution, yet no one cites that as a failure of the Linux permissions system.

The issue of these programs running as admin does matter since flaws in the code give admin access rights once comprimised.But plently of compromisable UNIX code runs as root. Go read secunia.org.

Two, most basic Windows users (the mjority of people out there) would have no clue when there systems have been infaltrated.Neither would most Linux users, so this is again, a moot point.

To some extent it IS their responsibility to lock down their product at the core levelThey largely do, to the same extent everyone else does.

In comes my frustration with Windows. To some extent it IS their responsibility to lock down their product at the core level apart from any user knowledge level assumptions; you kinda have to play to the lowest common denominator when it comes to security which, I think, is not being done. (This is a loose analogy, although I think it's pretty solid) One analogy could possibly be your car: you expect the car manufacturer to present you with a car that is both safe to use and doesn't fall apart.

Exactly my point--it all boils down to the user. Yes, an OS should be designed with security in mind, but if the user is stupid, who cares? At the same time, if you've got an irresponsible driver, it doesn't matter how solid the car is, the possibilty of doing extensive damage is still a factor.

Actually, it's much closer to su. Yup, you're right. Thanks for the correction. When you "run as," you're actually using a completely different user with a different password. Nevertheless, I wish it would allow you the equivalent of gksudo nautilus for Explorer, the ability to install Windows Updates without failure, and access to all the Control Panel functions.

At the same time, if you've got an irresponsible driver, it doesn't matter how solid the car is, the possibilty of doing extensive damage is still a factor. This is the conclusion I've come to after reading a lot and seeing people in action in real life (writing down passwords on their monitors, using lousy passwords like abcd)--the user is what matters most in terms of how secure a computer is. A secure system can help, but only so much if you have a stupid user.

There is some sort of sudo.exe available for Windows, but I've never used it nor do I know how well it works.

I don't think it'll solve the problems "Run As" has, since it uses the same mechanism.

Really what would be acceptable (to me anyway) is if desktop versions of Windows supported more than one login session at once. If they supported two, then you could RDP to yourself and run RDP as a privileged user.

Are you not allowed to log in twice? Bummer. Well, in the meantime, when I need to do Windows Updates on my work computer or use certain Control Panel options, I log out and log in as administrator, log out again, and log back in again as user.

I can't use the "switch user" function, since one of my logins is on a domain, and the other isn't.

Well, you can do Fast User Switching on XP, but that's suboptimal, really.

Well, you can do Fast User Switching on XP, but that's suboptimal, really.
No, unfortunately, I can't do fast-user-switching, as one of my users is on a domain login and the other isn't.

More details here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;280758

Well, I didn't mean "you" specifically, aysiu :p I was speaking in general terms.

http://www.theregister.co.uk/security/security_report_windows_vs_linux/

Well, I didn't mean "you" specifically, aysiu :p I was speaking in general terms.
Ah, I see. Thanks for the clarification.

http://www.theregister.co.uk/security/security_report_windows_vs_linux/And? That article is totally wrong. Don't ask an opinion columnist for technical information.

Ask someone who actually does this stuff for a living, like the Common Criteria people at NIST.


And guess what they say? They're equally secure, for what they've tested.

While Nicholas Petreley does not specialize in security, he is not merely an opinion columnist. From O'Reilly's website (http://www.oreillynet.com/cs/catalog/view/au/2076): Nicholas Petreley is an award winning columnist who currently resides in Asheville, NC. He has been a freelance writer, editor, consultant, teacher and programmer in the computing industry for almost twenty years. He writes a monthly column for the IT journal Computerworld, and weekly columns, tutorials and reviews for LinuxWorld, a webzine he founded in 1998. Prior to that, he was executive editor of the InfoWorld test center, and editor in chief of the webzine NC World Magazine.
Books

Linux Desktop Hacks (O'Reilly) March 2005
With hacks that any user can follow, Linux Desktop Hacks demonstrates how easy it is to modify Linux to suit your desires. The book is packed with tips on customizing and improving the interface, boosting performance, administering your desktop, and generally making the most out of what X, KDE, Gnome, and the console have to offer.

99% of his writing is rather poor opinion columns. Virtually all columnists have written something else, if you look hard enough.

And? That article is totally wrong.

Interesting....thanks for clarifying...

It made the same basic mistakes you did, by and large, and it made much more of them.

I don't and shouldn't have to educate you on security fundamentals. I already corrected you and gave you some direction in which to go do further basic research.

Nor do I need to repeat myself when you quote something that suppports you using the same wrong statements.

You can test for yourself any Windows NT supports limited users. Create an account that's only a member of the 'Users' group. Then try to delete any other user's data in their profile. You can't do it. Try to create or delete anything in 'Program Files'. You can't do it.

Obviously, it's not all or nothing.

I don't and shouldn't have to educate you on security fundamentals.

The room is spinning as I lay humbled....

And guess what they say? They're equally secure, for what they've tested.

I'll have to let the analysts at CSC in on this little seceret... Seems all I here is quite the opposite.

Well, lots of people are uneducated about security realities. But NIST through Common Criteria certaily has given EAL4+ to versions of Windows and versions of Linux. The information is publically available at commoncritera.org IIRC (though you may have to dig for it, it's not in an easily linkable form anymore).

But seriously, 30 seconds of testing shows that Windows supports limited users. I've even proven that here in a thread. I don't have a link, but I'm sure you can find it. I'm pretty sure I've provided screenshots.

I like this article--it seems fairly balanced:
http://www.linuxpipeline.com/showArticle.jhtml?articleID=160902079

I like this article--it seems fairly balanced:
http://www.linuxpipeline.com/showArt...leID=160902079

Good stuff....

Well, I agree with aysiu's opinion that it's the user that matters the most in security.
Here's an extract from interview (http://www.cnn.com/2005/TECH/internet/10/07/kevin.mitnick.cnna/index.html) with Kevin Mitnic (http://en.wikipedia.org/wiki/Kevin_mitnic):
A company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted.

can any one tell me whats the "Box" thing in Ubuntu and how can it affect ubuntu security and how to protect this "Box" in ubuntu.

the "box" he is talking about, is basicaly your cumputer ;) 8)

And like he said, if you don't install apps like apache, ssh, httpd, that need to open port, you are totaly secure.
The linux kernel have a build-in kernel, and by default the configuration of ubuntu is 0 open port, so you are totaly secure.

the "box" he is talking about, is basicaly your cumputer ;) 8)

hahahahahaha:D ,
thanks givré , for the info
from now on i would use the worg "Box" for my machine too

thanks again
cheers;)

In Ubuntu there's not really any need to use a firewall / frontend like firestarter unless you want to open ports and make your system less secure as a trade off for some other benefit - like messing around trying to get faster bittorrent downloads on another port or something. Installing firestarter won't make your system any more secure than it already is. This is quite different from Windows.

Are there any viruses for linux?

Yes, but they are rare and weak. Nothing like Windows virii and rapildy squashed. Just keep your box up to date.

is ubuntu linux safe without an anti-virus or a firewall if i an using a 24 /7 broadband connection

and if i need to install an anti-virus then which one shall be the best anti virus for ubuntu linux 6.06
you absolutely need the firewall for EVERY operating system. the firewall is already there in linux - its called iptables. you can download and install a frontend for it, though, such as firestarter which will give you the ability to configure it easily. the antivirus isn't that necessary for linux uness you're running a server.

Yes, but they are rare and weak.

Thats good. I used windows for a long time(and all versions) and i get used to viruses, 'blue screen of death, and so on.. Well, ubuntu is much better. i use it for a year by now and i never had any viruses or anything. i started to ask my self 'where are they?' :)

Nothing like Windows virii and rapildy squashed. Just keep your box up to date.

I don't update my box at all. I can download only 512MB per mont so it's problem for me because i often format my drives so every time i have to donwload it again. And i'm too lazy to backup all these updates.
I even have offline repository so i don't have to download new programs :)
Yeah, i know it's not good at all, but...

kepos; Not to worry. In the unlikely event you get maleware it is gone.

consider running a live distro from your CD ROM. Some are very small and very fast. DSL, Puppy, AUSTRUMI

" Austrumi is a business card size (50MB) bootable Live CD Linux distribution. Imagine the ability to boot your favorite Linux distribution whether you are at home, at school or at work."

Austrumi used ELive, loads to RAM, and should serve all your web browsing needs.

http://cyti.latgola.lv/ruuni/index_en.html

bodhi.zazen - i used to have live linux on my mp3 player(puppy - 64MB). but i want it as my primary os on my computer. just like i have now. And in case any viruse suprise me, i have all date backped so reinstall or cleaning shouldn't be problem.

In any way, who already had a virus using linux ?
I don't know one myself.

In any way, who already had a virus using linux ?
I don't know one myself.

yes, thats true. Neither do i know someone.

virus no.

Rootkit yes.

In the spirit of this thread I have a question, as I'm getting ready to adopt an old laptop and getting the nerve up to try something completely new on it. (I'm excited. This is going to be so much fun.) I understand that I don't need to install a firewall or antivirus, and why, but what about spyware and adware? Should I be concerned with either of those two, and do I need to install and run something to squash them?

Thanks,
Mimsy

Spyware etc. are Windows problems that usually result from using IE to surf the net. Using Firefox in Win, for example, results in a lot less spyware and adware. If you use Ubuntu and Firefox you will have no problem, and no additional software to squash the pests.

How very nice. I think I shall like this Ubuntu. :-)

Thanks for replying so quickly!

/Mimsy

I'm excited. This is going to be so much fun.

I hope you have been properly informed about Ubuntu and Linux in general. Yes it can be a lot of fun. I had fun, still do. In fact, I love it. But it can also be a pain. Depends on your needs and your hardware.

Linux != Windows (http://linux.oneandoneis2.org/LNW.htm)
Is Ubuntu for you? (http://www.ubuntuforums.org/showthread.php?t=63315)

Um... define "properly"? 8-[

I have read more threads than I remember on these forums, after I found the one that asked me if Ubuntu was for me. I read that one twice and decided it was.

I will, assuming I understand things right, trade a flashy GUI and scheduled monthly security patches for a stable system that won't be infected by a virus if I relax for three seconds. In return for that I'm going to have to actually think about what it takes to make the hardware and software on my new/old laptop work together, and I might even have to learn something about programming. I hope not, I don't think I would be very good at it.

I was given links to some very informative webpages by a very nice forum member in a thread about a previous Ubuntu version, who happened to have the exactly same type of laptop, so I have a hunch what to expect. With any luck it will only crash twice a day or so, from my bumbling attempts to make things work.

The only thing I know with absolute certainty is that I will be spending a lot of time in these forums once I get Ubuntu installed on that laptop. ;)

/Mimsy

Just remember that it takes a while to get used to doing things in Ubuntu, especially if you have used Windows for a long time. Very simple things seem almost impossible at first. But over time it gets easier and at some point you will start to think "why does Microsoft do it that way anyway?" ;) .

And about the crashing Ubuntu. I never had a problem with my own hardware. I installed Ubuntu for a relative who wanted it. A day later it started crashing and he of course blamed Ubuntu. I don't know if he tweaked something important. But I reinstalled it for him and has been stable since.

Um... define "properly"?

There are some zealots going around praising it to the penthouse of heaven. It creates false expectations from new users. In fact, I must shamefully admit I did that at first :-$ . I was quick correct my ways. But it sounds like you are prepared so I won't say more :D .

Ah, yes. I have met those zealots. They scared me away from anything Linux for several years. ;)

Once again, I expect to spend a lot of time in this beginners forum once the laptop arrives. I'm not even sure I know what to do with a command line, let alone what if I would recognise it. But the learning is half the fun anyway. *shrug*

/Mimsy

My new laptop arrives 11.9... I'll probably be flooding these forums then as well :D .

In the spirit of this thread I have a question, as I'm getting ready to adopt an old laptop and getting the nerve up to try something completely new on it. (I'm excited. This is going to be so much fun.) I understand that I don't need to install a firewall or antivirus, and why, but what about spyware and adware? Should I be concerned with either of those two, and do I need to install and run something to squash them?

Thanks,
Mimsy

As you now know ubuntu has a firewall already there is no need to install one (unlike other OS).

For spyware consider editing your hosts file. See this thread:

http://www.ubuntuforums.org/showthread.php?t=110440

There are websites that will give you a script to download and update your hosts file.
Host file: http://hostsfile.mine.nu/downloads/

Use 127.0.0.1 Format... unless you run a server in which case condiser 127.0.0.0

Hey.
Funny you mensioned an anti virus
I rebooted my box b4 and I noticed that it said Clam AV.
Clam is an antivirus that is free for Windows and Linux. It is also stand alone
Maybe you could look into that if you are alittle concerned. I am pretty sure it would be somewhere in the repository.;)
Cheers
muz

A couple of thoughts for newcomers. First welcome!
Second don't be afraid to ask questions, just provide plenty
of info when you do.
I have been using Ubuntu since the late Hoary days,about a year.
It was daunting at first but I am getting pretty good with it.
Be patient.
The CLI (terminal). Remember you can copy/paste commands.
Especially useful for doing stuff from tutorials etc.
Be patient with us also, most of us volunteer our time in these
forums so try to be civil. There is a great wealth of experience
here use it wisely.

As to the original topic unless you have deliberately bypassed
the built in security of Ubuntu, viruses would have a very
hard time infecting a Linux machine. Out of the box XP
and earlier versions have catered to the "lazy" user by letting
him/her run as admin or root. This makes viruses and other malware easy to install. Some people are willing to trade security for easy use. Not so with Linux. You have to request root to install most software in Linux (Ubuntu uses sudo).
A virus would have to know your password to install itself.
Same thing with drive by spyware etc. If you are behind a NAT
router that is all you need for a firewall. NetworkAddressTranslation or NAT is the tech behind most routers
today. In a nutshell what NAT does is reject incoming network traffic not requested by your machine.

Again welcome and most of all have fun.

BTW, daou what laptop are you getting? The link below is a forum
devoted to laptops by manufacturer

http://www.notebookforums.com/forums/

The next one is our own laptop forum

http://ubuntuforums.org/forumdisplay.php?f=102

I have no idea if my router is a NAT one or not. All I know is it couldn't understand the notion of port forwarding to save its sorry little life. *glares*

But in essence, all I need to do for security on my adopted laptop is to install the Ubuntu iso thing I burned to a CD last night, and keep it updated as new ones arrive, and then I'm good?

Thanks again,
Mimsy

Just a quick question about the built in firewall. Do I need to configure anything to download torrent files? Using Bittornado, the light is green and I am getting decent download speeds, but just wanted to know if I am safe using bittorrent with only the built in firewall from Ubuntu?

I have no idea if my router is a NAT one or not. All I know is it couldn't understand the notion of port forwarding to save its sorry little life. *glares*

But in essence, all I need to do for security on my adopted laptop is to install the Ubuntu iso thing I burned to a CD last night, and keep it updated as new ones arrive, and then I'm good?

Thanks again,
Mimsy

The short answer is: Yes you should be good to go. Linux is much more secure then Windows. You router is almost certainly NAT. As you ue Linux you will learn more then you ever knew under Windows.

Long answer: What router do you have?....

Just a quick question about the built in firewall. Do I need to configure anything to download torrent files? Using Bittornado, the light is green and I am getting decent download speeds, but just wanted to know if I am safe using bittorrent with only the built in firewall from Ubuntu?

You are also good to go. If you open some ports you may upload to others faster, but you will be less secure.

Surely you don't expect me to remember that off the top of my head, without actually having the thing here to look at? :)

It says d-link on the box, I remember that, and when I spent two hours on configuring Azureus for the WinXP PC a few weeks ago, following a great and detailed guide that I actually understood, it failed on the complete lack of port-forwarding in the router configuration menus. ](*,)

Correct me if I'm wrong here, but did you just say that in Linux I mght be able to do that anyway? :-k

/Mimsy

You are also good to go. If you open some ports you may upload to others faster, but you will be less secure.

By default which ports are used by bittornado for downloading torrents? Or is it totally random?

Surely you don't expect me to remember that off the top of my head, without actually having the thing here to look at? :)

It says d-link on the box, I remember that, and when I spent two hours on configuring Azureus for the WinXP PC a few weeks ago, following a great and detailed guide that I actually understood, it failed on the complete lack of port-forwarding in the router configuration menus. ](*,)

Correct me if I'm wrong here, but did you just say that in Linux I mght be able to do that anyway? :-k

/Mimsy

When you use Azureus, if you get a "NAT" error, your router uses NAT.

As far as your second question, if I am understanding your correctly, you need to first open a port in Ubuntu (they are closed by deflault) then configure your router (2 steps).

You can use a linux box with 2 network cards as a router.

By default which ports are used by bittornado for downloading torrents? Or is it totally random?

Bittornado defaults to port 6881 (last time I checked that is, I use utorrent [with wine, I have wine installed for a different purpose, utorrent is a "bonus"] or Azureus). I suggest you change (use a random port > 5000).

I have no idea if my router is a NAT one or not. All I know is it couldn't understand the notion of port forwarding to save its sorry little life. *glares*

But in essence, all I need to do for security on my adopted laptop is to install the Ubuntu iso thing I burned to a CD last night, and keep it updated as new ones arrive, and then I'm good?

Thanks again,
Mimsy
Almost all routers use NAT. It is how they "route". They won't
stop outgoing traffic though. Your default Ubuntu firewall will.
However a trojan would have a very difficult time installing on your machine, unless you allow it to. Because of open source
it would be very difficult for someone to create and publish a
trojan or spyware that "calls home" so to speak. The open source
community would discover it quickly. Common sense is the best security tool out there, IMHO.

When you use Azureus, if you get a "NAT" error, your router uses NAT.

As far as your second question, if I am understanding your correctly, you need to first open a port in Ubuntu (they are closed by deflault) then configure your router (2 steps).

I never got the NAT error. I was just stuck at yellow downloads that took forever, no matter what I did to my firewall, to Azureus, or tried to do to the router. Baseball bat was not an option, I was told... :rolleyes:

As for question number two, I would then have to open a port in Ubuntu, then configure the router to allow Ubuntu to let Azureus out through that port, correct?

/Mimsy

I never got the NAT error. I was just stuck at yellow downloads that took forever, no matter what I did to my firewall, to Azureus, or tried to do to the router. Baseball bat was not an option, I was told... :rolleyes:

As for question number two, I would then have to open a port in Ubuntu, then configure the router to allow Ubuntu to let Azureus out through that port, correct?

/Mimsy

Short answer is yes. Longer answer is Azureus (file sharing) can be tricky and, at times, blocked by your IP provider (so you may have Ubuntu and your router configured to no avail). Chedk with your IP provider re: file sharing policies or try a different port.

I haven't had problems with any other filesharing clients, only Azureus, and only when I tried to make the router behave in ways it didn't want to. Very odd.

Ah well.

As long as Ubuntu can run my laptop and I can use all the applications I need on it, I'm going to be happy. :)

Thanks!

/Mimsy

BTW, daou what laptop are you getting?

I am getting a Fujitsu-Siemens Amilo Si 1520-22
Specs, as far as I'm aware:

CPU: Intel Centrino Duo 2300E
RAM: 1GB DDR2 533MHz, using Intel 945GM chipset
HDD: 120GB SATA
Graphics: 12" 1280x800, Intel GMA 950
DVD: DL DVD+-RW
LAN: (Manufacturer?) Integrated 10/100
WLAN: Intel PRO/Wireless 3945ABG (802.11a/b/g) integrated
Bluetooth: (Manufacturer?) Integrated Bluetooth 2.0
Audio: Integrated Azalia Codec, likely Intel.

Oh...! =P~

Um. Excuse me. Congratulations?

I am getting a Fujitsu-Siemens Amilo Si 1520-22
Specs, as far as I'm aware:

CPU: Intel Centrino Duo 2300E
RAM: 1GB DDR2 533MHz, using Intel 945GM chipset
HDD: 120GB SATA
Graphics: 12" 1280x800, Intel GMA 950
DVD: DL DVD+-RW
LAN: (Manufacturer?) Integrated 10/100
WLAN: Intel PRO/Wireless 3945ABG (802.11a/b/g) integrated
Bluetooth: (Manufacturer?) Integrated Bluetooth 2.0
Audio: Integrated Azalia Codec, likely Intel.
Ought to play well with Ubuntu.
Centrino machines usually do.

I have another security-related question now. I've got ubuntu installed and running, and the W200 has been whipped into submission and connects just fine in wireless hotspots. I've got all my bookmarks imported to Firefox, and it also works fine, but I'm wondering if I need to worry about strange webpages. Should I install the noscript and adblock plugins for the browser, or can I feel safe without them? I am ignorant about how vulnerable Linux is to these things and I am still to new to it to be able to clean up unwanted messes.

Thanks,
Mimsy

i would like to extend my question and would like to ask whether ubuntu
is safe from spyware,trojans and key loggers type malwares
and if not what should be the precautions / steps required to deal against
these types of security threat...

i had a bit of a discussion in a thred earlier about using firewalls in linux for security.

i was informed that linux users have got to get used to not needing firewall protection like windows users.this is due to the lack of viruses and trojans etc. i was also told that home users dont really need them and there really just for people with servers set up.
.i have spent an hour or so going through old threads and and have found that this is a popullar belief.

i would like to here what other users think on this subject.
have you given up the firewall??
do you feel safe without firewall protection??

Just wait a sec FIREWALLS for Linux? I thought Linux was hack proof? Why is the linux community bashing microsoft with security expolits holes when Linux it self has a dirty little secret? What is the point of having linux when you have to download more security software?

the main reason i use a firewall is because of hackers port scanning me.
scoping out my system.

i never bothered with it to stop trojans.
my antivirus always took care of them so i didnt need a firewall for that.
linux is definetly not hack proof right???
i here linux web servers are the most commonly targeted of all systems.
most of the exploits i have seen out on security web sites are aimed at linux boxes.
unicode exploite etc.
there are hundreds of them.

[edit] --> it obviously aint that flawless... i just read a post of someone found a virus!
well people are saying it was probably a false alarm.

I've gone to a couple of different sites that scan for vulnerabilities and they didn't find any. I was not using a firewall at the time.

these sites that test for weaknesses,
when i have checked them out they scan all of the ports u specifie.but they only seem to send tcp packets.while i have probed a computer i hooked up to my computer to test its firewall,i was trying different types of packets and the program i was testing with had stealth options.
when i used them, ie xmas tree scan etc alot of them never triggered the fire wall.
i dont think the website tests are thourough enough.

This one seemed quite thorough to me. Of course it would be off line now but it didn't just use one type of packet. I'm not using a server or anything like that either.

http://www.dslreports.com/tools

maybe the reason you got good feedback is the fact that scanners offline
joke

www.grc.com --> ShieldsUp!

/Mimsy

ok i see what you think.

have you actually got firestarter installed but switched off?
its still running even when the symbol isnt there.
i think you have your firewall still turned on.???ur happy not having it on because it is on and making yuou feel safe???
i thought that was the point of a firewall to hide the presence of being online.
when i turned it off my computer was responding to the packets sent to me i think and saying port closed.
thats not good news i think.

Do you have something against using a firewall? The way I see it is, if a firewall doesn't compromise how your computer works, then definitely use it. Nothing is hacker-proof (except maybe some super-encrypted stuff).

By all means, use a firewall unless you are experiencing problems with internet use because of it!

no the exact oposite.
i was on about other people turning them off because they here linux is very secure without them.
i think thats insane.
im trying to figure out wether there right or not.
if you have a look at some older threads and see how many people dont use a firewall.

Firewall, What's that? ;)

a stunt on tele i thinks?

I didn't use one on M$W either untill I saw good reason to. They hog memory and bandwidth. You're never totally secure, the best you can be is secure enough. I seem to be secure enough without a firewall. I also know that they are always on. My computer tested secure after I removed Firestarter from my system.

what do you mean by secure?
were the ports stealthed or just closed?

I use a firewall (Guarddog) and yes it makes me feel save.
i would recommend using one home/server what ever.
Personal thing that is feel free to ignore it :)

No system is hacker proof. Basicly a system is as secure as the person using it. But fact is, that windows is flooded by viruses and linux is not. And another fact is that a standard installation of windows has lots of ports and security holes open and linux does not (depends on the distro though). The reason why mostly linux webservers are attacked is that apache rocks the world and there is no webserver software for windows that you can take seriously (IIS is garbage).

About your firewall: installing a firewall has two good reasons. One, to cover the open ports of a standard installation and deliberately open the ports in the firewall that you really want to use. Two, to permit trojan horses accidently executed by a user to open a backdoor for attackers.

The best path to walk is: do not execute a program that you don't know. Get familiar with the netstat command. Understand what the output means and how to find what ports you have open and what service they belong to. If you reach the state that you know the ports and you would open them in your firewall anyways then you don't really need a firewall anymore.

i would like to here what other users think on this subject.
have you given up the firewall??
do you feel safe without firewall protection??

A default install of Ubuntu does not need a firewall, because there are no open ports, hence nothing to firewall off (unless you are filtering outbound too, which would break the box for novice users).

If you set up a program that listens on a certain port (like ssh, apache, ...), yes you benefit from a firewall.

My understanding is that firestarter is just the GUI frontend for iptables. So iptables *is* the firewall, not firestarter. Since iptables comes with the default install of Ubuntu, a typical Ubuntu system is already protected by a firewall even without adding firestarter.

You'll only need to install firestarter to fine-tune the iptables settings (often necessary when using P2P file sharing programs), or to view blocked attempts at scanning your system.

I also learned from another thread that iptables by default is set to block all ports, hence the assertion by many that ubuntu is practically hack-proof.

I don't know these things for sure, so if there's an ubuntu expert here reading this thread, please feel free to confirm or refute my post.

EDIT: Ooops! Looks like nocturn can type faster than I do.

Just wait a sec FIREWALLS for Linux? I thought Linux was hack proof? Why is the linux community bashing microsoft with security expolits holes when Linux it self has a dirty little secret? What is the point of having linux when you have to download more security software?

Linux is not hack proof (nothing is). It's basicly Unix, which is also hackable, but eventhough it is much older then Windows, it has never been that easy to hack, you have to work at it.

Additionally, you do not need to download a thing to have a firewall (unless you want a frontend) because a firewall is built in to the Linux kernel, I never knew it any other way.

Thanks for posting about this stuff guys. I was wondering about it.

I also remember reading somewhere that Ubuntu automatically closes all ports, so it's safe.

Let's make some things clear.
Firewalls are concepts to protect networks against other networks.
iptables is the userspace frontend for netfilter, mostly a packet filter.
So no, iptables ist not equal to "firewall", though it is often a part of it.

The most trivial firewall is a standalone packet filter running on a client.

If you are sitting behind a NAT router, this is your firewall. Don't even think of installing iptables on your pc.

If your pc is the gateway connecting your LAN and the internet, you have to use iptables (otherwise it never becomes a gateway ;) ) and never ever open a port on the gateway for itself to the WAN. If you dont't have any open ports relax, on the other hand reject the WAN access to it.

iptables is very powerfull as a part of an sophisticated "Intrusion Detetcion System" or an "Intrusion Prevention System", but the idea a "Desktop Firewall" makes you safe ist just promotion BS.

My understanding is that firestarter is just the GUI frontend for iptables. So iptables *is* the firewall, not firestarter. Since iptables comes with the default install of Ubuntu, a typical Ubuntu system is already protected by a firewall even without adding firestarter.


NOoooo!
The default install of Ubuntu installs iptables - it has to because iptables is part of the kernel - but leaves it with its default configuration of allowing anything to/from anywhere. The only protection you have by default is the fact that Ubuntu installs with no listening services, and is therefore unassailable.

If you install listening services, then you may also want to configure iptables to control who can connect to those services. The eaasiest way of doing that is to install a GUI like firestarter or guarddog that configures iptables in a GUI-like way for you. Beware, I have read a few threads suggesting that firestarter dosn't ensure that iptables gets configured again when the PC reboots, which if true is a huge security hole.

Alternatively, you could configure the listening services to only talk to the IP addresses you trust, but not all services have this ability, and it can be confusing to configure them. See the man pages for hosts.allow and hosts.deny. A GUI firewall app is probabbly easier to use.

It is possible to configure iptables to limit outcoing internet traffic, by protocol (destination port number) and by destination IP address. I am not aware of any capability within iptables to limit internet access to only chosen executables within the PC, although if malware is making your executables do bad things then it's Game Over anyway. So I don't really see a lot of point in restricting outgoing traffic unless you don't trust your users.

So what your saying is that, if your not behind a hardware firewall and you install any listening services, you are screwed?

I don't run a firewall even though I have a few ports listening on my box. If I install a firewall (enable iptables rules) then I have to open the ports for the services listening anyway. If I wasn't NAT'd I would want iptables to block ICMP and a few others.

So what your saying is that, if your not behind a hardware firewall and you install any listening services, you are screwed?

No, not unless you have services that have a flaw in them.

So what your saying is that, if your not behind a hardware firewall and you install any listening services, you are screwed?

Off course not. You're only screwed if there is a vulnerability is said services and someone exploits it withing the timeframe until a patch is out or if you have SSH listening and have a predictable user/password combination.

So what your saying is that, if your not behind a hardware firewall and you install any listening services, you are screwed?

Where did you get that from? Every public web server in the world runs without a firewall on port 80, adn they're not all screwed by any means - they have to be careful though.
If you install listening services, you would be wise to think about a firewall, just in case a vulnerability is found in that service. iptables will do - you don't need a hardware firewall, and the GUI front ends make it easier to configure. In fact, lots of hardware firewalls run Linux anyway - what do you think is so magical about a hardware firewall?

Where did you get that from? Every public web server in the world runs without a firewall on port 80, adn they're not all screwed by any means - they have to be careful though.
If you install listening services, you would be wise to think about a firewall, just in case a vulnerability is found in that service. iptables will do - you don't need a hardware firewall, and the GUI front ends make it easier to configure. In fact, lots of hardware firewalls run Linux anyway - what do you think is so magical about a hardware firewall?
Maybe you didn't notice the ?:KS

I often hear that Windows just gets the bulk of the viruses because it's the most popular, and thus the virus will do the most damage. It seems like some angry hacker out there would throw together linux viruses or something just to show it can be done.

Is Ubuntu really more secure, or is it just that no one cares?

The main idea is that if viruses were to be released they'd be restricted because they don't get 'root' (super user) powers by default. On windows most programs get complete access to the system.

Most Linux OS's that would get hit by a virus would be limited to destroying the /home/ folder and it would be a lot harder to spread.

Of course windows (Vista) is getting a lot more restricted like Linux afaik, Windows Firewall anyone? ](*,)

Still we yet have to see a real virus that spreads largely, until that day I don't think there is anything to fear. If you are worried about security; install a firewall. If you send files to windows clients then install an optional virus scanner. :)

Yes, if Ubuntu were more popular it would be at more threat. However, it wouldn't be as bad as Windows currently is.

As livingtarget says, the problem with Windows is that users are generally root so any program that gets run is free to do anything. Vista fixes this and has a security model much more like *nix.

There's also the Microsoft dislike (amongst some quarters) effect, lots of people simply target Microsoft software because they have nothing better to do. Would Ubuntu ever get this bad? Probably not...

Actually virus could get root rights.. if the virus uses some unknown hole, that allows it to become root, then it could do about anything.

I often hear that Windows just gets the bulk of the viruses because it's the most popular, and thus the virus will do the most damage. It seems like some angry hacker out there would throw together linux viruses or something just to show it can be done.

Is Ubuntu really more secure, or is it just that no one cares?

Linux is inherently more secure than windows. For several reasons. See https://wiki.ubuntu.com/CriticismFAQ#head-ca863b6bbded881485c72bd283bb8ab794a65fbe

Also consider the following pictures about system calls for a sample task. Each line represents a potential target for exploits, hence, the more lines there are, the more insecure is the system...

Linux
http://blogs.zdnet.com/images/SysCallApachesmall.jpg

Windows
http://blogs.zdnet.com/images/SysCallIISsmall.jpg

http://blogs.zdnet.com/threatchaos/index.php?p=311

Do not forget that Linux is extremely popular TODAY on extremely valuable machines. Most web servers and data centers in the world run Linux, not windows... Aren't those interesting targets?

It is certainly true Cr|Hackers might throw more viruses at Linux if it was more popular, but it is also true that it is FAR, FAR more difficult to write an effective virus for Linux. You would see more attempts, but nowhere near as many and as successful ones as on windows...

Not to mention that after a successful attempt, you would not simply see the virus list being updated as it happens in Windows, what you would observe instead is the full kernel and/or responsible application(s) immediately react to that and being modified... So I doubt you would ever need an AV...

Finally, you need to consider that the more successful is Linux >> the more developers help out >> the more eyeballs check the code >> the more difficult it is to find open exploits. In closed source software the number of eyes is relatively unresponsive to the popularity of the software. Even when the popularity is huge, in order to protect IP, the code simply gets segmented and assigned to different teams. For each piece of code there are relatively few eyes watching, and even worse, they are always the same eyes...

I don't know about viruses per se, but if we get more users we will get more malware... mainly because attracting more users means attracting both malicious parties and stupid users.

You put the two together, and you get rampant malware (whatever that means--spyware, trojans, worms, phishing).

Ever watch "The Robbery" episode of Seinfeld? Jerry's place gets robbed when he's away because Kramer left the door to Jerry's apartment open. The exchange goes something like this (I'm paraphrasing heavily):

J: Wait, wait. You left the door open, or the lock open?
K: The door...
J: The door? You left the door open?!
K: Wide open!
J: Oh, Kramer
K: But you have insurance, right, buddy?
J: No
K: Jerry, how could you not have insurance
J: Because! I spent all my money on the Clap-Ko 3000--it's the most impenetrable lock on the market. It has but one design flaw: the door... must be closed!

And that's the same with computer security. Get a secure OS like Ubuntu and put a stupid user on it... you might as well get the most impenetrable lock on the market on your apartment door and have Kramer in your apartment.

Smart users will download only software they trust or stick to only the repositories.

Once Ubuntu gets more popular, stupid users will go to Download.com or whatever the Ubuntu equivalent, double-click a .deb, give their passwords, and then get whatever anyone wants to package that looks appealing to dumb users.

I like the idea of having a secure OS. I think software should try to be written is such a way as not to facilitate attacks and malware, but far more important than having good software is having educated users who do not value only convenience.

Perhaps if all 3rd parties use apt-get then windows users who come over to ubuntu will simply learn that all software is available via apt-get (or gui)

Getting rid of that double click exe nature is where one of the issues can be sealed.

ultimatly though any unix machine is hostile to malware. even in trusted code. just think about all the automatic md5 checks we have.

Of course there will be more problems, but not nearly as many as in Windows. If a user installs something while giving his root password, this program can do whatever it wants to the machine. Also, if users enable an SSH server with very weak/common username/password combinations, it will get hacked.

What won't happen is a complete system hijack after just opening Internet Explorer or going to the wrong webpage.

About 2/3 of the web servers use apache and most of the rest use windows. Guess which one has more viruses?

The main advantage lies in software being open source. Thus, it is easier to check out the source and see if it is malware or not. But then, how many people bother to check the source before installing?

I believe, if a trusted source like the ubuntu repo gets cracked and people download from it, then malware would spread like lightning.. or else, a cute program that needs sudo to install..

There will always be "stupid" people in computing.

About 2/3 of the web servers use apache and most of the rest use windows. Guess which one has more viruses?
But wouldn't you concede that the average person who runs a server (Linux or otherwise) generally know more about maintaining security than the average desktop PC owner?

If Ubuntu as a desktop operating system (not server) were more popular (I'm talking over 15% here), then we would attract many, many dumb users who would click on anything and give their passwords for anything.

Perhaps if all 3rd parties use apt-get then windows users who come over to ubuntu will simply learn that all software is available via apt-get (or gui)

A solution might be to create a "self-service" repo, where devs can put their sources, check dependencies and debs and hashes are generated (semi) automatically. A team should only be watchful of reports about misbehaviour and block affected packages.

That said I do not think that average joe will really feel the need to explore packages not available in the standard official repos... All you have to explain is that the software he needs is accessible via Add/Remove programs... And put a warning in gdebi/dpkg.

I think the whole setup.exe culture that's become mainstream now has been the ruin of security and Windows-to-Ubuntu migration.

Ordinary people get used to the idea of going to the scary "out there somewhere" to track down "free" programs to do what they want, and then they end up with spyware, adware, and who knows what else.

Since Microsoft does so much of your thinking for you (You look as if you're writing a letter--do you want help with that? Take a tour of Windows XP. Do you need help with your search? Woof woof), why didn't they create an Add/Remove Applications that actually adds?

The repo idea would work really well for Windows users who have gotten used to the idea of being scared of downloading applications. I know I got scared when I still used Windows. Can you imagine if, instead of having a cable or satellite company bundle channels together, people had to go find channels and set up getting them running on their TVs one by one? That's how it is for computers now.

With that culture in mind--where people have already done research to track down obscure applications they've gotten used to using, and where people are used to having to track down applications instead of using what's all neatly in one place; Windows users now have a really tough time adjusting to a one-stop shopping arrangement that's extremely convenient.

It's sad.

A lot of the bad started w/ the inception of the Windows Registry, the be all end all of the OS... It wraps around the kernel and keeps it warm unless you rub a USB thumb-drive, get a lot of static on it, and jam it into one of the ports on the PC.... Then you see the kernel!!! KERNEL_SOURCE_ERROR and all those other related errors referencing kernel requires drivers, blah blah blah.... The spread & release (of virus') generally is controlled by the registry, the one thing that's supposed to hold everything together...