Hi everyone. I know that running linux makes you safer from viruses, since viruses are mostly windows based, however IMHO there are still chances to get some kind of viruses or better said some malicious code in scripts/cookies via browsing. I’m no expert if this field and would therefore need some of your advice. So the thing that made me think, happened yesterday, when I, as a registred user on forum Allgemeines Forum got an email, from one, who obviously didn’t have good intentions. I did report the mail on the forum, here Forum abused?!you can check the thread with original mail I got. I did follow the link in the mail to check what is it about, and saw a script that fired up, pretending that it scans my computer for viruses and as a result showed that I have many viruses on my pc on various places. Quickly I saw it can’t be true, since the content on the page displayed was showing as if I had a Win xp system. And when I tried to click to close it, it offered me some exe file to install, at that point I closed the browser and didn’t download the file. However I am a bit in doubt if anything else downloaded automatically without my confirmation (a cookie, script,…), which executes with the help of the browser and is not OS dependent. So now I wonder how could I check I didn’t get anything malicious? The most threatening I find some potential “key logger” which would monitor my input on password protected areas I browse. Browsing around I found a nice site showing how to protect you browser better Securing Your Web Browser and I tend to follow some of the advices mentioned for firefox. I know that for safe browsing it is not just the browser responsible, but also the user using it. So any your advices from this field would be appreciated and by posting this, I would also like to point at some most tricky ways, that some f****** imbeciles try to use in order to steal private data, so watch out. Thanks, Arcull.
I followed that link and this is what I got.
http://thumbnails23.imagebam.com/6836/1d5d8168359937.gif](http://www.imagebam.com/image/1d5d8168359937)
Even if it was a virus, it’s you as a user who’s browsing, so the virus has no system permissions. No doubt that there will be malicious threats for linux. My advice:
Refuse mail from hotmail.com addresses, they’re being hacked a lot.
Don’t do tests like you did with mail etc. you already don’t trust.
Use the firewall
Like you said, you can configure FF to browse more secure.
I followed that link and this is what I got.
Yes, by now google has already marked it as a “dangerous site”, but it wasn’t marked yesterday.
I tried it in Konqueror
And see what you mean
I shouldn’t worry about it. It’s designed for Windows.
Even if it was a virus, it’s you as a user who’s browsing, so the virus has no system permissions. No doubt that there will be malicious threats for linux. My advice:
Refuse mail from hotmail.com addresses, they’re being hacked a lot.
Don’t do tests like you did with mail etc. you already don’t trust.
Use the firewallLike you said, you can configure FF to browse more secure.
thanks for advices. But now I would like to make sure my suse and FF are clean. Is there a way to prove, that I didn’t get any “key logger” or something dangerous like that. Thanks again.
The important thing is not to download anything to your hard drive with root permissions (such as a root kit). Its very unlikely a web site will be able to plant something on your Linux PC, without the Linux community not already being aware of this and without you being aware of this.
I suspect there may come a day when Linux users have to worry about virus, but that day is not here yet. Instead there are other threats to Linux security that Linux users should worry about.
I confess I am very skeptical of all software that claims to be able to scan virus for Linux. The reason being is there are no Linux virus to speak of (compared to Windows PCs) and hence it is in essence impossible to check if the Linux software that purports to detect Linux virus will actually work. If there is one thing I have learned in decades of work with software, is if the software is not tested at all, it will likely not work. And its really impossible to test the effectiveness of Linux software for detecting Linux virus, since there are no Linux virus.
Hence rather that waste time on software that is most likely NOT to work, one should spend their time defending against the real threats to Linux security, which are NOT virus.
You didn’t OK.
It’s crapppy winders stuff. Even if you actually accepted the download it couldn’t do you any harm it was an .exe
How can a key logger be remotely installed ? It has to execute some how.
How can it execute ?
It can only execute if it is run.
How can it run ?
It can only run if it can replace the name of a file that is normally executed.
As a regular user, most executeables are in an area that a regular user can NOT write to. Hence if one was surfing as a regular user, any software you mistakenly download will NOT install in a nomal area outside of /home.
Hence IMHO the risk to you is that some software was installed in /home/your-username/bin , marked as an executeable file, with a file name that matches a command you might send. So take a look at /home/your-username/bin and ensure there is nothing inappropriate in there.
Frankly, I have never heard of any web site doing what I described above, but if I wanted to hack into a users PC after fooling them to download something, I would try to get them to unintentionally download a file into /home/your-username/bin , … but I confess, … I don’t know how to trick them to download something into /home/your-username/bin.
Ok, thank you all, I feel a bit more relieved now 
How can a key logger be remotely installed ? It has to execute some how.
How can it execute ?
It can only execute if it is run.
How can it run ?
It can only run if it can replace the name of a file that is normally executed.
you have a good point, however I have a feeling that you must have overlooked something. I haven’t done any java programming yet, but as much as I know from the school theory (please correct me if I’m wrong), java applets placed on a web site, do not execute it self on the web server, but on the client, which connects to the web page, meaning that it is using your local resources (ram, cpu, disk,…), therefore the logic, someone wants to realize, can be executed localy, and you run it via clicking something on the web page. And suppose you have a run time of java installed on your pc and enabled in your browser, this scenario seams possible to me. I know I must have exaggerated a little bit, but when something like this happens to you, you get pretty paranoid about security. Well I hope this didn’t happen in my case. And here is what I learned within years of programming ;): The most dangerous type of users are two, the ones who don’t know how to use computer at all, and those ones who know a lot about computer
well, you probably know way more about java than I.
But again, note that you are running the java app as a regular user. Right ?? (ie not as root). Right ?? … Please say "right !! " …
Hence no Java app can write to the executeable locations, as those locations all require root permissions, which a java application does not have. At the very most, a java application would be able to write to /home/your-user-name/bin, and you just checked that (like I suggested) and you confirmed there was nothing there! Right ?
But again, note that you are running the java app as a regular user. Right ?? (ie not as root). Right ?? … Please say "right !! " …
Right
At the very most, a java application would be able to write to /home/your-user-name/bin, and you just checked that (like I suggested) and you confirmed there was nothing there! Right ?
Yes I did check my /home folder, but didn’t see anything suspicious, my /home/username/bin directory is empty.But there are a lot of hidden files/folders starting with dot in my /home folder, some of them I know what they are, but some I don’t, should I care about them. Thanks.
… those are configuration files for various applications and for your user’s desktop. I seriously doubt that there are any executables there. And those config files are likely not on any path.
Well I wouldn’t be looking in ~/bin any one wanting to do this would highly likely to put it in ~/.local/share/applications/name.desktop without any execution bit needed or in .config/autostart or the desktop autostart as covered here…
Step by step AV install Guide Plz… - openSUSE Forums
But any way I’m digressing, so did you accept a signed applet, OK I know the answer … so here you go
JavaTM Web Start version 1.5.0 - Frequently Asked Questions (FAQ)
JavaTM Web Start version 1.5.0 - Frequently Asked Questions (FAQ)
If that is not under /home then root permissions will be needed and it has to be on the path to be run instead of the apps normally under a place such as /usr/share/applications. And to write in /usr/share/applications one needs root permissions.
So one has to be very judicious where any such name.desktop file is placed. Also noting different desktops put .desktop files in different locations so what works for xfce may not work for kde or gnome or what ever. This is getting less and less credible by the second IMHO. At least in the case of /home/username/bin it IS typically on the path (desktop independent) and IT does NOT need root permissions to write to.
Having typed that, in my view this is all getting highly speculative. Far too speculative.
… anyway. … I’ve said my 2 cents on this thread.
I’ll go back to my projects, and spend my time on ensuring I have my PC’s security in places where it is needed. I don’t waste my time speculating on less than vapourware virus going after Linux.
I don’t see why it shouldn’t be possible to install a keylogger with user-rights only. Take for example Google Earth, it can be installed without root permissions - it takes user interaction, of course, but so do virus-.exes on Windows (as far as I know, never really worked with Win).
So even when Linux is more secure (by far!), Brain2.0 is still needed.
Show me a Linux virus. Show me some real tests by Linux anti virus software and their success failure in detecting the Linux virus. Show me some statistics on this. Show me their success % in finding such virus. Show me their failures. … How about 1/2 dozen articles from well known PC magazines for Linux. Show me how the developers of the Linux antivirus software tested their software? Which REAL linux virus do they claim their anti-viral software works against?
Thats not asking too much? Is it?
What ? No virus to test against? How can that be? And if so, why are we wasting bandwidth on this subject?
I know where I will not be spending, and where I will be spending my time.
… anyway, … its your time. Best wishes in using it wisely.
oldcpu, you seem to have misunderstood my post. I was talking about the possibility of malware being installed without the need of root permissions. I never said that any scan being offered could actually detect a Linux-virus. But to claim potential threats need root permissions is wrong. It won’t harm the system on /, but it might harm the user.
But it would only be active when the program is running and in focus. It can not grab key events from another app. So in order to do that you would have to subvert X or the target app and that is not in userspace so the nefarious code would need to some how become root.
The real reason that viruses and other malware find Windows so cozy is that the API’s never or hardly ever change. So you have millions upon millions of people with the exact same environment. The same holes the same browser. The same API. The Linux kernel API changes almost on every version and we get a new version almost every 6 months or so, not counting fixes. So Linux presents a moving target. That and the fact that Linux is based on Unix and was designed from the ground up for multiuser and security. Windows was designed from DOS (no security single user) and multiuser and security were bolted on as an after thought. Just like in biology a mono culture presents the perfect place to breed viruses and other pests. Diversity helps keep things in balance.
There are virus scanners for Linux but their purpose is to keep you from accidentally passing on a virus ridden file to a weaker OS.
~/.local/share/applications/ will be predictable and probably .config/autostart (Desktop specs I think followed by all DE iirc) but I digress again.
~/…app will change or add into the menu…
Well most of home is in the path and I don’t know about you but given a choice between losing home or root I would choose losing root every day of the week. I can re-install the OS but retrieving rm’d files is **** near impossible.
The theory is there but as for the exploit no, but had you allowed a signed an applet then it is possible to write to the client, hell for all I know perhaps java can retrieve the name of the DE. It still comes down to user idiocy what ever way, at some point you have allow something you shouldn’t of.