Are We Being Paranoid?

**Soul-Sing** · November 28th, 2012

I know guys in the security branche who make a complete reinstall of their system every half year.
- no system related back-ups
- be careful with firefox add-ons
- truecrypt comes with a poor license. Take a look at the Fedora contra truecrypt discours on their forum.

**TheFu** · November 28th, 2012

Originally Posted by Merisi

The last computer I had which was ten years ago pretty much got wiped out by viruses and other nasties which is why I take my security so seriously now. People who see my security set up think I'm excessive but it's pretty standard for most people on the forum.

It's pretty shocking that your young relative thought the solution was just to have a new computer bought for him. Thanks for sharing examples with me about how people's carelessness has led to them getting viruses as it indicates that I'm right to take security precautions. Still I find it quite worrying that you've been hacked twice, but I guess you have been running Linux for quite a while.

It has been over a decade since I was hacked. I've described both situations on here before.

Once was in 1993, before anyone really had firewalls. and the other time was in 2000 when I was running a 3 month out of date BIND version.

The 1st time I was on a government network using an early, very easy to use linux with X/Windows install. They came into my machine, changed the root login and deleted my user account. It was probably an internet script searching for default root logins. I was much younger and much less informed back then. No data was lost and the remote machines I was connected into were not impacted in any way either.

The 2nd time, ZERO damage was done - I'm 100% positive because backups proved all other files to be unchanged. I was running a name server for my home network, but had allowed it to be seen from the internet. At the time, Bind and Sendmail were the most likely remote attack vectors into any UNIX system. I was just a few months behind on the Bind patches, but that was enough. They script that got in never broke out of the bind userid and only wrote files under /tmp. Then it tried to escalate privileges using a perl timing bug that the system had been patched to prevent. Every attempt caused an email to be sent to me - over 140,000 in a few hours. I disconnected from the internet and started my research using a 7 day old backup. It was pretty enlightening.

Versioned backups is the single best and most important solution for computer security. Nothing, NOTHING can solve all the problems that daily, weekly, monthly backups can solve. AV is nice, but never 100%. Most seem to be 50% in real world use, though the AV companies will claim 80-95% coverage. I think that is the marketing people.

A simple mirror backup is better than nothing, but doesn't handle all the times when file corruption occurs or all the times that many weeks pass before anyone notices a virus infestation.

Versioned backups are the best answer.

**haqking** · November 28th, 2012

ahhh the old "never had a problem" most people who havent had one, dont know if they have or havent and wouldnt know what to look for anyways, not all security breaches result in damage to ones machine or software.

It is a process not a product, take the necessary steps whatever you run, keep an eye on logs etc etc and dont be paranoid but be prepared !

Peace

**mike acker** · November 28th, 2012

the following is an interesting read:

http://news.techworld.com/security/3...hishing-email/

a couple quotes:

The most commonly used file types for spear phishing attacks accounted for 70% of them. The main file types were .RTF (38%), .XLS (15%) and .ZIP (13%).
Executable (.EXE) files were not as popular among cybercriminals because emails with .EXE file attachments are usually detected and blocked by security systems, said Trend.

I'm fond of noting that it is critical today to treat all modern documents (web pages, word processing, spread sheets, flash etc ) as executables.

This is why I run Firefox in that "AppArmor" profile (I am using the one supplied by Canonical ) .

I'm pretty satisfied right now that a script will have a hard time updating Linux or any installed app

"Security is a function of the resources your adversary is willing to commit," said Julian Sanchez, an attorney with the Cato Institute in Washington, D.C.

I think our biggest risk right now is that a script might corrupt a browser, most likely by adding some kind of plug-in. I'm told this is not allowed on the Linux version of Firefox ... what worries me is simple: If I can install a plug-in why can a script not do it ? obviously it has the needed file permissions ...

**rg4w** · November 28th, 2012

Originally Posted by Merisi

I have a relative and she uses Vista with no AV and she does everything online: banking, ebay, she even runs an online business. Despite not taking any precautions she's never been hacked or had any problems.

I can think of few things as dangerous, except perhaps this:

I also remember talking to someone at work and she was telling me how she downloads films and tv from illegal sites. I asked her if she was worried about trojans and she rather condescendingly explained how she has a Mac and how they don't get viruses.

With such cavalier disregard for security it's likely neither of these users can say with any confidence that they don't have a keylogger on their system right now.

Security is like backups: no one thinks it's important until they suffer a loss, and only after an otherwise-preventable loss do they start taking it seriously.

**DukeOfMixture** · November 28th, 2012

Does anyone else find that they know people with poor security habits that have no problems?

I cleansed my dad's computer twice and he hasn't had problems since. It may be because of the automatically updating freeware I installed.

But I think he's stopped visiting nasty site. He visited some nasty, nasty sites.

Nasty.

Nasty sites.

**TheFu** · November 28th, 2012

I just saw this related article at Wired: http://www.wired.com/business/2012/0...-all-over-you/

**CharlesA** · November 28th, 2012

Good read. The sad part is it is true - convenience vs security wins in the end.

**Welly Wu** · November 29th, 2012

I find myself going overboard with security regardless of the operating system that I am using at the time. I reinstalled Ubuntu 12.10 64 bit from scratch and I have not done one single thing to harden it or secure it yet. I have been busily downloading and installing my paid software applications from trusted sources and I have been doing anti-malware scans using BitDefender for Unices Free with updated definitions. So far, I am clean in terms of the installed software applications. I think that I will begin the process of hardening later this week and I hope to be able to do one thing at a time per day.

One specific thing that I want to know is if ninja has been fixed for Ubuntu 12.10 64 bit. I followed Bodhi Zazen's guide to install and setup ninja only to find out that my administrator account gets locked out every time using Ubuntu 12.10 64 bit. I don't want to get locked out of my administrator account again by re-installing this ninja and setting it up over again. I copied my specific guid properly in the ninja configuration file and I keep getting locked out of my administrator account every time I reboot my System76 PC.

Can someone enlighten me on this specific topic?

-edit by sandyd-
(please respond in http://ubuntuforums.org/showthread.php?t=2089284)

**offgridguy** · November 29th, 2012

Originally Posted by haqking

ahhh the old "never had a problem" most people who havent had one, dont know if they have or havent and wouldnt know what to look for anyways, not all security breaches result in damage to ones machine or software.

It is a process not a product, take the necessary steps whatever you run, keep an eye on logs etc etc and dont be paranoid but be prepared !

Peace

Totally agree here, myself i am not computer smart enough to know if i have been hacked or not. Paranoid or not i never bank online.