Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: A large number of opinions about security

  1. #11
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: anti malware programs for linux

    Quote Originally Posted by cariboo907 View Post
    @samiux , all you have been doing, is to try to spread FUD, show us some case studies, prove what you are saying.

    I'm by no means a security exert, and I know one of my accounts was exploited, wouldn't it be better to help us recognize things like this when they happen, instead of just posting veiled warnings?
    I have given my advice to you all after the Forum has been exploited. However, you transfer my thread (originally posted at Security Discussion sub-forum) to Other OS sub-forum.

    Okay, if you cannot find it yourself. I tell you once more.

    That is, employ at least one professional Penetration Testing team to pentest the Forum web application software as well as the Forum server (if the whole network is better) at least once a year.

    Period.

    Samiux

    Edit : One hacker cannot do it, it does not mean that another hacker cannot to it.
    Last edited by samiux; August 29th, 2013 at 02:11 AM. Reason: typo fix and Edited

  2. #12
    Join Date
    May 2005
    Location
    US
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: anti malware programs for linux

    Some users here seem to putting forth a false dichotomy of "Linux is invincible" v. "Linux needs antivirus."

    Antivirus does not in any significant way make your Linux installation more secure. It's like putting tissue paper over chainmail. If something can break the chainmail, the tissue paper on top doesn't really help.

  3. #13
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: anti malware programs for linux

    Another thought that sometimes comes up in discussions such as these: no matter how careful the user is, no matter how secure the OS, an antivirus product is only as good as what it knows about.
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  4. #14
    Join Date
    Mar 2009
    Beans
    1,331

    Re: anti malware programs for linux

    I don't support the idea of a dichotomy. Linux has never been invincible because a system which is exposed to and communicates with the outside world can't be invincible, and UN*X is all about networking. The "linux needs antivirus" idea is not really accurate because the types of exploits typical on Linux are too widely varied to be easily dealt with by a piece of software, IMO. Linux needs informed, careful admins.

    Linux can be extremely secure, and it can be extremely vulnerable. Windows can be extremely secure, and it can be extremely vulnerable. The vulnerabilities typical of each are different.

    I have had the task of putting a couple servers through PCI compliance surveys and testing (so you can process credit cards), and all I'm saying is that there are a lot of extras to go through if you really want to have a secure system.

    PCI compliance surveys make absolutely no distinction between an operating system hole or an application hole or a stupid user hole. Each hole is a vulnerability and can risk your data. In the case of a system which processes credit cards, that means credit card data is compromised.

    All I'm saying is that when somebody says, "Is my system secure?" or "What sort of protection do I need?" you don't just give a blanket "don't worry about it." Give a link to the basic security page, or tell them it depends on what you're doing, and how careful you are. We need users to be smarter and safer, not happier and easier to hack.

    When I started using Linux back when the 1200 baud modem reigned supreme, I believed all the "don't worry about it" people and did some outrageously stupid things, developed habits that lasted too long and got me hacked way too easily.

    It doesn't matter how secure Linux itself is. If somebody convinces you to run something that installs a key logger even in your user's $HOME directory someplace, all they gotta do is wait for you to type "sudo" and send off whatever comes next off to some remote place. You're done, they have root access.

    In terms of your data and your account security, the only thing that matters is that you were compromised, not whether it was Linux or something else that did it.

    Maybe we need a super short security manual for unbelievers?

  5. #15
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: A large number of opinions about security

    I've moved a number of threads from this thread to here, as they weren't really helping the op.
    Last edited by Elfy; August 29th, 2013 at 08:19 AM.

  6. #16
    Join Date
    Jan 2010
    Location
    Hyperborea
    Beans
    1,462
    Distro
    Ubuntu

    Re: A large number of opinions about security

    If you let a child use a computer they will eventually see "Install our toolbar and you get a free candy bar" and of course they will do it.
    I recently nearly installed a deb package from a Chinese site in order to watch streaming movies. I stopped myself when the installer asked me "Do you trust this software?". (D'oh!)
    So we need to grow up and use our knowledge to avoid being owned. We need to educate (if that is possible) Joe Public not to blindly trust everyone on the Internet.
    Sadly, this is unlikely. Most peoples tablets, smartphones and PCs are full of malware of some form or another, regardless of OS.

  7. #17
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: A large number of opinions about security

    I don't want to misleading anyone here.

    I suggest to use anti-malware/virus to all kind of systems, including Linux, Mac OSX, *BSD, *nix and Windows. My home network is implemented UTM (Unified Threat Management System), and IDS/IPS (Intrusion Detection/Prevention System).

    However, it does not mean that my home network is safe and no need to keep my eyes on it. I always monitor the incoming and outgoing traffic of my home network.

    Anti-malware/virus, UTM and IDS/IPS as well as WAF (Web Application Firewall) are based on signature. If the malware/virus/exploits are in the wild, experts/professionals will include such signature of those malware/virus/exploits in their products/programs. If not, no signature at all. By the way, those signature can be bypass very easily in most cases.

    I also use Firefox add-on, NoScript and etc, but it does not proof that I am safe when surfing internet. If a legit website, which I trusted, is infected or intruded, I may have chance to be infected too.

    So, there is no bullet-proof or silver bullet. The missing part is education even you implemented all of the above. Education includes how to monitor the traffic as well. Does education is a silver bullet? It is still not, sorry.

    So? How to get the silver bullet? I can show you how - not to use computer, not to surf internet, not to use smartphone and etc.

    Samiux

  8. #18
    Join Date
    Mar 2009
    Beans
    1,331

    Re: A large number of opinions about security

    The entire thrust of my part in this discussion is that to separate any part of security as not relevant to Linux security is passing the buck and a disservice to any new user who's trying to find out about security.

    "Don't worry about it, Linux is secure." Does not help. "The forum hack was a human error, it does not affect Linux security." Does not help.

    Again, let's go back to the forum hack. The black hat convinced someone with access to give him the keys to the forum. That's every bit as pertinent to a security discussion as a buffer overflow problem. The problem lies with a different system (the human one) but it's still a major issue with security.

    Do some forum searches on antivirus/malware detection. How many of those threads have, "Don't worry about it, Linux can't get viruses?" All of them have it, so fervently that they drown out all the people saying what the problems really can be.

    This forum and most other Linux forums I've been on incorrectly educate users to believe that once they install Linux they need not worry about security. It's just not true.

    There are all sorts of issues with where beginning users go after they finish with the installer CD. They do it because of convenience and because they don't know any better.

    There's another thing: Linux provides all sorts of logs about what's happening in the system, but if you never look at them then almost no security breach or attempted security breach can be detected, during or after the breach. I suspect all sorts of forum members have had malware on their systems for months or years, and they would never know because they never look.

    I've had an intrusion that I detected from pure log file diligence, the only way I knew about it is the log entry that said that my user logged out from a remote location. Reverse DNS pointed at a company based in China. There was no matching login entry. I never logged in remotely, so I knew right away that was an intrusion. How did it happen? Brute force ssh exploit. He guessed my password. He had cleaned up the current log for all the attempts, but I'd seen the attempts before, done nothing about it (yes, my fault and my laziness) thinking that my password was unguessable. Suddenly all those entries are gone, and only this one place where I logged out.

  9. #19
    Join Date
    Jan 2010
    Location
    Hyperborea
    Beans
    1,462
    Distro
    Ubuntu

    Re: A large number of opinions about security

    but I'd seen the attempts before,
    A genuine question: Does fail2ban work with ssh logins?

    I've seen tutorials on blocking logins from outside of an IP range and general hardening of systems but it would be nice to find them all in one place.
    e.g. here

  10. #20
    Join Date
    Mar 2009
    Beans
    1,331

    Re: A large number of opinions about security

    There are a lot of Linux security write-ups. Here's my favorite Ubuntu-specific one:

    https://wiki.ubuntu.com/BasicSecurity

    The issue with yet another one is you need to add significant value or you just litter googlespace with more noise.

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •