Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

  1. #1
    Join Date
    Jan 2005
    Location
    Sydney (currently)
    Beans
    21
    Distro
    Ubuntu Breezy 5.10

    Lightbulb Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Hello,

    For those who are unaware over the past two months there have been a significant number of targeted Hacker attacks against Pro-Tibetan human rights organisations and individuals. These attacks are covered in the paper that can be found here - http://www.ironcove.net/archives/82

    The paper recommends the use of Ubuntu on the Desktop for these organisations as none of the recent malware attacks would have had any effect on an Ubuntu Desktop.

    My question to the forum is what arguments can be made against the often stated argument that there is no malware for Linux / Ubuntu because the user base is low? If Desktop Linux became popular then malware would be developed and the situation would be the same?

    I have some ideas, but would like to put this out and get some ideas from the Ubuntu community.


    Thanks
    Peter

  2. #2
    Join Date
    May 2006
    Location
    Switzerland
    Beans
    2,541
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Quote Originally Posted by thewanderer View Post
    My question to the forum is what arguments can be made against the often stated argument that there is no malware for Linux / Ubuntu because the user base is low? If Desktop Linux became popular then malware would be developed and the situation would be the same?
    For starters, Linux is not Windows. And the user base has nothing to do with this. I have been hearing this nonsense about "one day there will be Linux viruses!" since I started using Linux back in 1996 .... and guess what? I haven't seen any until now. It's just FUD.

    The designs, concepts and ideas behind Linux are borrowed from UNIX and are thus radically different from Windows: UNIX (and therefore Linux too) was designed from start as being a multi-tasking and multi-user system with strict priviledge separations and security mechanisms in place to keep users and processes apart. Windows started as a clumsy, messy and badly written rip-off of some early GUI-research XEROX did in their research center in Palo Alto (see here and here) and to add to the mess: it was running on top of a 8-bit operating system: MS-DOS ... and MS-DOS had no idea whatsoever about being multi-user and truly multi-tasking capable, let alone any idea of the finer mechanisms such as priviledge separation, process security, task queueing, priority management, and so on and so on.

    We have Windows Vista now. But deep down, even if now all the code is 32-bit, many aspects of Windows are still written with being single-task + single-user in mind (just like MS-DOS ~27 years ago), e.g. certain processes still needing full control over the hardware, giving the user full control over everything (way too much control!)

    It's those aspects that Windows malware is exploiting, up to this day.

    UNIX (and therefore Linux) on the other hand was designed with being network oriented, multiple users running multiple processes around the clock ... The mechanisms involved here and the underlying design are radically different from Windows and malware as you see it on Windows does not have any of the typical attack vectors that are present on Windows.

    This is not to say that UNIX-type OS are "perfectly safe". That would be rubbish. They have their own fair share of security problems of course, e.g. unnecessarily open network services or network ports that a human hacker could exploit for their own dark agenda ... But malware and viruses? Nope. And not anytime soon.

    "To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it"
    http://www.theregister.co.uk/2003/10...ndows_viruses/
    Last edited by scorp123; April 29th, 2008 at 12:52 AM. Reason: more URL's added

  3. #3
    Join Date
    Jan 2008
    Location
    the space between spaces.
    Beans
    1,654

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    whoa i couldnt have said it better myself

  4. #4
    Join Date
    Nov 2006
    Location
    Wisconsin, USA
    Beans
    920
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    In general the security of any given platform depends on how carefully it is administered, not which platform you chose. That said, I generally find security features in Linux to be about 3 years ahead of Microsoft.

    A typical Ubuntu box doesn't offer any outside services. If it does, they usually are designed with separate processes to sandbox priviliged operations, reduced privileges for the real work, address randomization, and non-executable stack protections, etc. Maybe SeLinux too if you are paranoid and running Fedora.
    Compared to windows where any process can send any other process messages, lots of stuff runs with administrative privileges, and the attack surface is larger, the real underlying risks on windows are larger than on Linux or Mac OS-X.

    However, at this point the real problems are mostly social engineering on the one hand, and rogue javascript served from malicious ads or compromised servers on the other. Ubuntu won't protect you from social engineering. Firefox with noscript helps protect you from rogue scripts on any platform; on Windows "DropMyRights" can reduce the escalation risks if something leaks through.

  5. #5
    Join Date
    Dec 2007
    Beans
    32

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Hi, I might be a little dense, Know I know very little about Linux. But I thought that Mac & windows based on Linux or Unix originally. I started with an Apple -- original. And that and some of the other systems out there were like command line Linux. Many of these commands I miss, & do not know nearly enough yet about linux to be comfortable with the command line to any degree. Maybe it will come in time. But I mean if you run flash -- in windows can take the whole shooting match at the wrong site [flash files are not safe] -- You belong to them totally from one flash file. Are you saying it is impossible? I have trouble believing anything is totally impossible, as Linux & Mac [which is a linux shell] get more Windows like or at least seem to be trying -- why can nothing be written to wipe or as they would want take your machine. Most hackers [so I have been told] operate from linux -- so they would know it better. -- possibly know it well enough to know that they could not do it & not care .............., because part of being a hacker is your humility about systems and the safeguard's in them.

    Fred

  6. #6
    Join Date
    Apr 2008
    Beans
    10

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Quote Originally Posted by fcorourke View Post
    Hi, I might be a little dense, Know I know very little about Linux. But I thought that Mac & windows based on Linux or Unix originally. I started with an Apple -- original. And that and some of the other systems out there were like command line Linux. Many of these commands I miss, & do not know nearly enough yet about linux to be comfortable with the command line to any degree. Maybe it will come in time. But I mean if you run flash -- in windows can take the whole shooting match at the wrong site [flash files are not safe] -- You belong to them totally from one flash file. Are you saying it is impossible? I have trouble believing anything is totally impossible, as Linux & Mac [which is a linux shell] get more Windows like or at least seem to be trying -- why can nothing be written to wipe or as they would want take your machine. Most hackers [so I have been told] operate from linux -- so they would know it better. -- possibly know it well enough to know that they could not do it & not care .............., because part of being a hacker is your humility about systems and the safeguard's in them.

    Fred
    Nope Windows is a totally different design philosophy. Windows does not separate out actions according to privileges. Typically a user on a Windows desktop can do almost anything and thus any process running on behalf of the user can also cause havoc. Windows ships with many open ports and default process that are in effect running as servers and listening in these ports and will respond if that port is probed. Try the port scan test from www.grc.com on Window machine with no firewall and on a Linux machine with no firewall. For best security a computer should not respond to probes that are from outside its security zone. When you download a file in Windows if it can be executed then it can be executed without any further intervention In Linux by default all downloaded files have to explicitly made executable and then only to the privilege allowed to the user. And so on and on. Thus in your example the "flash" program will only manage to affect the user who is browsing the PC and not the entire system. Having said that it is always important to be vigilent and refrain from visiting suspect sites.

    Best Wishes - Dev, Suffolk, England

  7. #7
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    if you can own one process in Windows, you normally can own the whole machien and you have your zombie...

    if you can own one process in Linxu, you normally own just this one process...

    Now what is appealing more to you (from a hacker's point of view)?

  8. #8
    Join Date
    Jul 2007
    Location
    Saint-Petersburg, Russia
    Beans
    79

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    Apart from all the security features in Linux (which are definitely true), Linux has some faults. One of them is an awkward right managing system with only user/group/other file attributes. In windowsXP more fine permission schemes can be implemented.
    The problem is solved by SELinuix and ACL-s, but those are not istalled by default (in Ubuntu).

  9. #9
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    just because they are not installed by default it doesn't mean they cannot be installed... for most needs the current proven RWX Owner/Group/Worlds rights are sufficient.

  10. #10
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Tibetan Hacking Attacks - Targeted Malware on Ubuntu

    But I thought that Mac & windows based on Linux or Unix originally. I started with an Apple -- original. And that and some of the other systems out there were like command line Linux.
    Windows isn't and never has been derived from Unix or Linux. They may both have command shells, but that doesn't mean the kernels have anything in common. Mac OSX uses an open-source kernel called Darwin BSD. Darwin BSD and Linux are both Unix derivatives. Mac versions before OSX were not. I'm not sure how secure the Darwin BSD kernel is, but I think most security vulnerabilities in Mac OSX come from their non-free software.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •