Page 1 of 9 123 ... LastLast
Results 1 to 10 of 81

Thread: Hypothetical Linux Malware Question.

  1. #1
    Join Date
    Sep 2013
    Beans
    1

    Question Hypothetical Linux Malware Question.

    I understand that Linux is significantly more secure than Windows in many ways.

    But if a piece of software convinces the user it's safe and something they want to install and give root privileges to is there anything stopping it doing whatever it wants? For example deleting/modifying system folders, reconfiguring grub, deleting partition table etc?

    I'm not trying to scare monger just a question I've thought about for a while.

  2. #2
    Join Date
    Nov 2010
    Location
    Madras, India
    Beans
    201

    Re: Hypothetical Linux Malware Question.

    Quote Originally Posted by mike_smith2 View Post
    I understand that Linux is significantly more secure than Windows in many ways.

    But if a piece of software convinces the user it's safe and something they want to install and give root privileges to is there anything stopping it doing whatever it wants? For example deleting/modifying system folders, reconfiguring grub, deleting partition table etc?

    I'm not trying to scare monger just a question I've thought about for a while.
    Idiot proofing shouldn't become a goal for PCs in my opinion. Let smartphones and tablets take care of protecting people from the damages of clicking 'OK' to everything willy nilly. PCs should be for serious study, work and experimentation, and in such a scenario we need a 'admin' mode which can do everything possible by the hardware itself. Allowing such a mode thoughtfully should be the responsibility of the user.

    It's not that hard as long as you think about what you're doing, read-up the available documentation/tutorials, seek help on forum in case of further doubt, and use plain common sense. I've used various Windows versions from 98 and Linux since the early Mandrake days and never once caught a virus or malware, except a few false positives.

    And to answer your question, no, once a process has root privileges it can do absolutely anything. Only the BIOS/firmware could possibly prevent it, and most BIOSes wont.

  3. #3
    Join Date
    Feb 2008
    Location
    Mine goes to 11
    Beans
    3,756

    Re: Hypothetical Linux Malware Question.

    root privs usually requires explicit password entry.
    If root is enabled and the user downloading p0wn3d.sh had a visudo entry that specified NOPASSWORD, he'd be in trouble if he ran it.

    I believe the root account is disabled in Ubuntu and requires some very explicit steps to enable it.

    Now, if the user doing the downloading is root, well, for shame.
    Earache, my eye.

  4. #4
    Join Date
    Sep 2013
    Beans
    1

    Re: Hypothetical Linux Malware Question.

    Quote Originally Posted by Habitual View Post
    root privs usually requires explicit password entry.
    If root is enabled and the user downloading p0wn3d.sh had a visudo entry that specified NOPASSWORD, he'd be in trouble if he ran it.

    I believe the root account is disabled in Ubuntu and requires some very explicit steps to enable it.

    Now, if the user doing the downloading is root, well, for shame.
    Hypothetically. An Ubuntu user visits a website that asks them to download FlashPlayer.sh the pop-up explains how to install it with all the official Adobe FlashPlayer logos, they get the normal pop up asking for there account password and they enter it, seems totally plausible.

    What if Ubuntu (or whatever distro) had a large set off processes/terminal commands (etc, to be honest I know very little of the inner working of Linux) that it warned the user of being "Potentially Malicious"?

    If I'm setting up a new Ubuntu install I'll receive the password pop up perhaps a dozen times in a couple hours, do you think people get desensitized to it?

    Quote Originally Posted by santosh83 View Post
    And to answer your question, no, once a process has root privileges it can do absolutely anything. Only the BIOS/firmware could possibly prevent it, and most BIOSes wont.
    I thought so, kinda scary but like you said people should have the power to do whatever they want.
    Last edited by mike_smith2; September 22nd, 2013 at 01:10 AM.

  5. #5
    Join Date
    Sep 2013
    Beans
    1

    Re: Hypothetical Linux Malware Question.

    Sorry this question is going to make me look a bit dim but if a user is allowed to use the "Sudo" command (or the whatever Linux uses when the user receives a GUI popup asking for there password) in which they enter there own password, that has all the permissions of root right?

  6. #6
    Join Date
    Nov 2010
    Location
    Madras, India
    Beans
    201

    Re: Hypothetical Linux Malware Question.

    Quote Originally Posted by mike_smith2 View Post
    Hypothetically. An Ubuntu user visits a website that asks them to download FlashPlayer.sh the pop-up explains how to install it with all the official Adobe FlashPlayer logos, they get the normal pop up asking for there account password and they enter it, seems totally plausible.
    You mean installing something from a malicious website impersonating as Adobe? In that case, screwed just as much as a Windows guy. Unless you can install the software purely as a non-privileged user, in which case using the software would at most mess up the user's account. If that user had privileges to use sudo and the malicious software asked him to do so, and he did, then again screwed.

    What if Ubuntu (or whatever distro) had a large set off processes/terminal commands (etc, to be honest I know very little of the inner working of Linux) that it warned the user of being "Potentially Malicious"?
    You mean like a blacklist? But a blacklist of what? Virus scanners do exist for Linux but they aren't as sophisticated as for Windows since so far malware hasn't got a foothold on Linux yet.

    If I'm setting up a new Ubuntu install I'll receive the root password pop up perhaps a dozen times in a couple hours, do you think people get desensitized to it?
    That's a possibility, but unless you login as root (which is disabled under default Ubuntu configuration) you'll have to enter the passwords each and every time. There's a way to tell sudo to increase the time period during which it won't ask for reauthentication, but I'm not sure if you can do the same for the graphical version as well.

    Note that during a standard Ubuntu install no password is set for root at all. The first created user is simply given the privilege to use his password to gain superuser powers, but he won't become the root user by that, and his password isn't the root user password.

  7. #7
    Join Date
    Nov 2010
    Location
    Madras, India
    Beans
    201

    Re: Hypothetical Linux Malware Question.

    Quote Originally Posted by mike_smith2 View Post
    Sorry this question is going to make me look a bit dim but if a user is allowed to use the "Sudo" command (or the whatever Linux uses when the user receives a GUI popup asking for there password) in which they enter there own password, that has all the permissions of root right?
    As far as I understand, for a specific command, sudo gives all the powers of root. But it is fine grained and very configurable, and not the same as actually logging in as root or su'ing as root. These pages better explains the differences than I could:

    https://help.ubuntu.com/community/RootSudo
    http://superuser.com/questions/29932...-root-and-sudo

  8. #8
    Join Date
    Sep 2013
    Beans
    1

    Re: Hypothetical Linux Malware Question.

    Sweet cheers for the responses, I have no doubt Linux is more secure than Windows.

    I guess the question is, how do you (or simply "do you") try to protect Linux users from themselves?

    PS. Maybe delete this thread once it's run it's course I don't want to advertise Linux Malware "loop holes".

  9. #9
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Hypothetical Linux Malware Question.

    We don't delete threads, other than occasionally moving them to areas of the Forum that cannot be viewed by any but the staff.

    Nothing that has been said here is a secret and this thread is not likely to expose any loophole not already known.

    As for the general theme of the thread, what you've been talking about is social engineering -- which is just as dangerous in Linux as in Windows.

    How would anyone "flag" particular commands to protect the user from him/herself? If you did that, then you would still have to let the user say "Oh, it's OK. I really do want to do that!" because something might actually need to be done. In that case the "protection" would just have been thwarted by the same social engineering.

    While it is feasable to include a great number of protections against possibly malicious unattended processes, protecting against all possible malicious attended processes allowed by a user with appropriate privileges would make the OS useless.

    The only truly "secure" OS is the one never booted.
    Please read The Forum Rules and The Forum Posting Guidelines
    My Blog
    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  10. #10
    Join Date
    Sep 2013
    Beans
    1

    Re: Hypothetical Linux Malware Question.

    I don't want to open a can of worms in saying this but is the only way to protect users from from Malware that successfully convinces users to lower there guard real time Antivirus?

    That or not allowing users to run anything outside of the official repositories with root privileges (even for installation).

Page 1 of 9 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •