I’m running an IT department that’s moving from NetWare to Suse Linux Enterprise Server. I’m new to Linux and I’m going get myself on some SLES courses etc, but in the meantime I’m installing openSUSE on my laptop.
I’m aware that Linux isn’t susceptible to viruses/spam etc as windows is, but do I really need to install a suite of security programs on a Linux laptop thats a) going to access the internet on a regular basis and b) is going to be on a corporate network thats primarily windows PC’s?
I have to disagree whilst there is a minimal chance of a virus, it is connecting to Win PC network, though Linux may not be infected it could be a carrier. So that suggests yes do run one, next it is enterprise so 2 yes do run one.
So I would make sure you do have a virus engine in this instance, certainly for mail.
openSuSE is quite good OoTB, with a firewall setup and AppArmor.
Though GNU/Linux is less SuSEeptable (couldn’t resist, OK susceptable) to malware, actually I have never had a problem since 2001 and know of no real threat. But any user may make mistakes, clicking on a link that will use a known vulnerability in a program (like Adobe .pdf).
My advise: Don’t worry for now and read up on AppArmor in SuSE (it is like secure Linux in Red Hat -SELinux-).
As long as you don’t give out the password for ‘root’ to all users, you will be OK
There are about 30,000,000 GNU/Linux users and never did I hear of a serious security problem that effected a number of users. Actually I have never heard of any security breach. Yes, there are security patches for buffer overflows and such. But remember that as GNU/Linux is open source all eyes are looking and even theoretical threats are reason for a patch. In the GNU/Linux community it gives status & respect if you can find a leak and patch it…
The average user will never encounter a problem, I am a power user and have never seen anything in 7 years, phffff compare that to my 7 years of M$ where malware was a daily struggle !!
For the SLES I’ll install a Virus program of some sort, as suggested SLES could potentially act as a carrier on my windows network. All mail is scanned by messagelabs before it gets onto the company network and on to the email system (GroupWise).
As I’m a network admin I’ll put a Virus app on my laptop so I can check any usb/cdroms that come into the company for scanning.
For SLES, as I’ve always used McAfee VirusScan for NetWare I’ll see if theres a Linux version so I think I’ll stick with that.
Especially for a machine that’s connecting through someone else’ network, it would be foolish to not lock down the machine.
Although the attack surface on Linux is *different *than Windows, it’s not that much less in the number of patches released on a regular basis (and therefor known to hackers). If any hacker detected the presence of the machine, it’s a potential target if it’s in any way mis-configured.
And,the laptop may pose a not as obvious threat becoming an infected carrier. Although an exploit might not be active on the machine itself, the laptop might be infected and pose a threat to your corporate network later.
Consider something like Bastille to harden your machine
Cinq-Marquis wrote:
> openSuSE is quite good OoTB, with a firewall setup and AppArmor.
>
> Though GNU/Linux is less SuSEeptable (couldn’t resist, OK susceptable)
> to malware, actually I have never had a problem since 2001 and know of
> no real threat. But any user may make mistakes, clicking on a link that
> will use a known vulnerability in a program (like Adobe .pdf).
>
> My advise: Don’t worry for now and read up on AppArmor in SuSE (it is
> like secure Linux in Red Hat -SELinux-).
>
I’d advise worry about it now so you won’t run into problems later. We
are talking about a corporate environment ere, not a home network
> As long as you don’t give out the password for ‘root’ to all users, you
> will be OK
>
As well as use strong passwords, place only users that do sysadmin in
the wheel group, use a firewall, build an IDS, setup tripwire, etc.
> There are about 30,000,000 GNU/Linux users and never did I hear of a
> serious security problem that effected a number of users. Actually I
> have never heard of any security breach. Yes, there are security
> patches for buffer overflows and such. But remember that as GNU/Linux
> is open source all eyes are looking and even theoretical threats are
> reason for a patch. In the GNU/Linux community it gives status &
> respect if you can find a leak and patch it…
>
Guess you never heard of the slapper worm. That had a linux variant that
affected users.
> The average user will never encounter a problem, I am a power user and
> have never seen anything in 7 years, phffff compare that to my 7 years
> of M$ where malware was a daily struggle !!
>
>
It isn’t just a virus/malware issue though. Right now I’d say linux is
more susceptible to rootkits and breakin attempts. People may think that
their box is secure or they don’t have any important files on it, but
most “crackers/hackers” are trying to break in to add your box to a
botnet swarm or a spam zombie or to even just help break into other
machines.
Hi Bob…welcome to Linux country! There has been some good advice here, but I’ll add a few cents (adjust for inflation it may not be worth that). The previous post about clamav is a good suggestion. It generally is not necessary to run heavy programs such as Symantec or McAfee on your Linux desktop/server unless their is a corporate guideline and policy that states you must. Clamav is free, updates itself accordingly and is not heavy and intrusive. It can be a bit confusing with all the command flags so it might be beneficial for you to grab a gui frontend (clamavtk or gclamav…gclamav is on sourceforge.net).
It goes without saying your first line of defense is the firewall. Restrict everything from the outside that does not need to specifically access the box (i.e. perhaps you are running a webserver).
If you are really interested in understanding nuts/bolts of securing your Linux system this is a good place to start -> Linux Security Administrator’s Guide: Linux Security Administrator’s Guide
THXbob wrote:
> Thanks for the suggestions…
>
> For the SLES I’ll install a Virus program of some sort, as suggested
> SLES could potentially act as a carrier on my windows network. All
> mail is scanned by messagelabs before it gets onto the company network
> and on to the email system (GroupWise).
>
> As I’m a network admin I’ll put a Virus app on my laptop so I can check
> any usb/cdroms that come into the company for scanning.
>
> For SLES, as I’ve always used McAfee VirusScan for NetWare I’ll see if
> theres a Linux version so I think I’ll stick with that.
>
> Any ideas for the laptop?
>
> Thanks
>
> Bob Mothershaw
>
>
I do believe there was at least 1 point where McAfee had a linux scanner
though it costed a decent amount iirc.
Thanks all for the useful comments and links etc its really very much appreciated.
My new laptop has arrived (Acer travelmate 5520) chosen from the HCL list of laptops for openSUSE 11. Just booted it up to make sure that I don’t need to make my own recovery cds etc and then its goodbye windows hello Linux.
Right now I’d say linux is more susceptible to rootkits and breakin attempts.
More than… ? What ?? Window$ ??? FUD !
People may think that their box is secure or they don’t have any important files on it, but most “crackers/hackers” are trying to break in to add your box to a botnet swarm or a spam zombie or to even just help break into other machines.
WOW, and how will they find my machine on the Internet ? or do you mean a user activated attack ??
Guess you never heard of the slapper worm. That had a linux variant that affected users.
Yep, I read about that in 2002, FUD, just 3,000 machines reported (a)(in)fected on 30 million that is 0.1% and it was 6 years ago ! Thanks for reminding me. Linux.Slapper.Worm - Symantec.com
Do you have any recent examples ? Say from 2008, that would interest people. Please state;
-name of malware
-threat level
-# of PC’s infected
I have a problem with people scaring people when it comes to GNU/Linux. The only reason for Clamv* is when GNU/Linux is the server for Window$ machines in the same network.
A well configured openSuSE 11.0 with firewall (enabled by default), AppArmor (enabled by default) & Clamv is a very secure system.
Yes, when you step outside your house in the morning the risk of being killed increases… very true !
*I run Clamv every 6 months and have never ever found anything since 2001 when I started using GNU/Linux, back to you !!
Cinq-Marquis wrote:
>> Right now I’d say linux is more susceptible to rootkits and breakin
>> attempts.
>
> More than… ? What ?? Window$ ??? FUD !
>
First off, they are 2 totally different attack vectors. Secondly, I
meant it is more susceptible to rootkits and break is then to viruses
and malware but that can change in the future as the attack vectors are
going more from the OS towards more of an application front. Especially
now since there are multi-platform apps that people use.
>> People may think that their box is secure or they don’t have any
>> important files on it, but most “crackers/hackers” are trying to break
>> in to add your box to a botnet swarm or a spam zombie or to even just
>> help break into other machines.
>
> WOW, and how will they find my machine on the Internet ? or do you mean
> a user activated attack ??
>
Port scans, going to wrong sites, sheer luck. It really doesn’t matter
how though it seems you favor the security through obscurity ideology.
>> Guess you never heard of the slapper worm. That had a linux variant that
>> affected users.
>
> Yep, I read about that in 2002, FUD, just 3,000 machines reported
> (a)(in)fected on 30 million that is 0.1% and it was 6 years ago !
> Thanks for reminding me.
> ‘Linux.Slapper.Worm - Symantec.com’ (http://tinyurl.com/63hppg)
>
You are the one that “never heard of a serious problem” for linux. This
isn’t FUD though if you don’t see slapper as a serious problem, that is
your opinion.
> Do you have any recent examples ? Say from 2008, that would interest
> people. Please state;
> -name of malware
> -threat level
> -# of PC’s infected
>
As I said, viruses aren’t the biggest concern right now for linux users.
> I have a problem with people scaring people when it comes to GNU/Linux.
> The only reason for Clamv* is when GNU/Linux is the server for Window$
> machines in the same network.
>
And I have a problem with people misinforming others that linux is this
bulletproof system that is not susceptible to any type of security risks.
> A well configured openSuSE 11.0 with firewall (enabled by default),
> AppArmor (enabled by default) & Clamv is a very secure system.
>
Agreed
> Yes, when you step outside your house in the morning the risk of being
> killed increases… very true !
>
And this is coming from…where exactly?
> *I run Clamv every 6 months and have never ever found anything since
> 2001 when I started using GNU/Linux, back to you !!
>
>
Congrats.
You are a dangerous person for the GNU/Linux advancement. Consider yourself a terrorist… (Echelon are you listening?).
Sir, you are a worm, trying to wriggle out of your wrong assumptions !
…susceptible to rootkits and break.
You must be kidding.
Port scans, going to wrong sites, sheer luck. It really doesn’t matter how though it seems you favor the security through obscurity ideology.
“Security through obscurity” ? Huhh, you heard the bell but know not where the clapper, tongue of a bell, hangs. You are clueless.
You really, seriously want to worn new people wanting to use GNU/Linux about a piece of malware dating back to 2002, when my Grandfather was still alive, six years ago and infecting just 0.1%, and tell them GNU/Linux is as dangerous as window$ ? FUD.
You are unable to mention any malware that affected GNU/Linux users in 2008 !
PS I never mentioned that GNU/Linux is, or was, bullit-proof, that would be rather stupid. But please tell me (and the rest of the GNU/Linux community) what you think are the security flaws as opposed to window$.
I am curious.
(beginning to think that you are a M$ employee).
Cinq-Marquis wrote:
> You are a dangerous person for the GNU/Linux advancement. Consider
> yourself a terrorist… (Echelon are you listening?).
>
> Sir, you are a worm, trying to wriggle out of your wrong assumptions !
>
And why am I so dangerous?
>> …susceptible to rootkits and break.
>
> You must be kidding.
>
Why do you think I kid? Are you trying to say linux is not susceptible
to rootkits and break ins? If not, is it susceptible to anything?
>> Port scans, going to wrong sites, sheer luck. It really doesn’t matter
>> how though it seems you favor the security through obscurity ideology.
>
> “Security through obscurity” ? Huhh, you heard the bell but know not
> where the clapper, tongue of a bell, hangs. You are clueless.
>
> You really, seriously want to worn new people wanting to use GNU/Linux
> about a piece of malware dating back to 2002, when my Grandfather was
> still alive, six years ago and infecting just 0.1%, and tell them
> GNU/Linux is as dangerous as window$ ? FUD.
>
I’m not warning people about malware from 5 years ago. I was countering
your point that you made here: “There are about 30,000,000 GNU/Linux
users and never did I hear of a
serious security problem that effected a number of users. Actually I
have never heard of any security breach.”
Nor did I make any mention of Linux being as dangerous as windows, but
to be honest it can be. It all depends on the user behind the copmputer.
If you use an old EOL distro and don’t keep up with patching, you can be
just as bad as if you did the same under windows.
> You are unable to mention any malware that affected GNU/Linux users in
> 2008 !
>
Correct, as I said I believe Linux is more open to rootkits and break in
attempts.
> PS I never mentioned that GNU/Linux is, or was, bullit-proof, that
> would be rather stupid. But please tell me (and the rest of the
> GNU/Linux community) what you think are the security flaws as opposed
> to window$.
>
Unpatched apps, using EOL distros, not hardening your running services,
running services you don’t need, etc.
> I am curious.
> (beginning to think that you are a M$ employee).
>
>
Ad hominem attacks are against the T&C’s of this forum so can we please
stray away from going there.
Cinq-Marquis wrote:
> PS
> @69_rs_ss
>
> I just saw that you are an ‘Administrator’. In that light I find your
> remarks even more apprehensible.
>
>
And why is that? What is so wrong with my remarks that linux should be
hardened as opposed to doing nothing?
It wasn’t a “Ad hominem attack” from my side, pls read back. That was you !
You scare people with FUD !
A 2002, 6 (!) years ago vulnerability is not an issue anno 2008 !
openSuSE is well protected as far as the OP’s question goes. Let him/her try to get started and read up on tweaking AppArmor.
You seem not to read very well but still accuse me. I never mentioned that GNU/Linux was bullit-proof. That could be considered an “Ad hominem attack”.
Please do not do that again or just disregard my postings and pls do not remark on them.
As an “administrator” whatever that means…, you should be pleased with new users/people who want to try GNU/Linux and especially openSuSE ! If you write that actually they are vulnerable to malware (last seen in 2002) and should be carefull, you do not do the GNU/Linux community a service.
Please consider helping them iso scaring them away !
That is my beef with you, personally…Ad Hominem, if you like.
