Linux is way more secure than Windows, no doubt. But everybody knows that Linux has many security vulnerabilities. No OS is perfect.
I ran into trouble by downloading a .tar.gz package (meant to secure my system…) from a “trusted” source. My luck was that I didn’t run make as superuser. The mistake was that I didn’t scan the files prior to package installing. I ran F-prot afterwards and guess what: the package contained an exploit. That’s the last time I install a package without analyzing it first.
I also installed chkrootkit and rkhunter (although on the forums they say that the two tools are not very efficient when it comes to new malware), just in case. And firewall always ON.
On 2012-04-01 12:56, hcvv wrote:
>
>> My luck was that I didn’t run make as superuser.
> That should not have been luck. It would have been sheer stupidity when
> you would have done it.
You have to run make install as root anyways. The bad guys can delay any
action till then.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
On 4/1/2012 2:26 AM, riderplus wrote:
>
> Linux is way more secure than Windows, no doubt. But everybody knows
> that Linux has many security vulnerabilities. No OS is perfect.
>
> I ran into trouble by downloading a .tar.gz package (meant to secure my
> system…) from a “trusted” source. My luck was that I didn’t run make
> as superuser. The mistake was that I didn’t scan the files prior to
> package installing. I ran F-prot afterwards and guess what: the package
> contained an exploit. That’s the last time I install a package without
> analyzing it first.
>
> I also installed chkrootkit and rkhunter (although on the forums they
> say that the two tools are not very efficient when it comes to new
> malware), just in case. And firewall always ON.
>
>
Yeah, that is true. Isn’t it. No OS is perfect.
Firewall will not protect if your system is already compromised. Only
install from real ‘trusted’ source.
What did you install?
The official website (with a clean SARA package) seems to be The Advanced Research Corporation ® . It was my fault to trust Softpedia for all kinds of stuff that get uploaded.
I would have rather preferred the sentence “I did ran an antivirus-scan afterwards” since we do no “advertising”, do we. Second: what did you want to achieve with SARA? It seams that the proget was put on halt in 2009 that is more than 3 years ago. Is this still advisable?
F-prot is free, and so are clamav, avira, avg, bitdefender for linux (from what I know); advertising applies to non-free stuff; I mentioned it for exactitude, not for advertising.
It may not be advisable, and I’ve just said it was my fault to download it.
Well, this is an error which induced me to post this. Just for your information, F-prot is not free, it is free (of charge) only for private users that do not use it for commercial means (professionally - original quote fprot: “F-PROT Antivirus for Linux Workstations is FREE for use by personal users on personal workstations”). It is also closed source. This AFAIK a big difference with CLAMAV since CLAMAV is not only completely free, but also opensource. Personal use or professional use. Therefore the critique on naming the product is IMO more than justified.
PS. remember, these are snakeoil industries that make their living with sorrow of infection (no matter how improbable the infection might be). And: there is no free lunch in the industry. Never ever.
I also have CLAMAV installed, which is my default Linux antivirus. I’m aware that F-prot is not open-source, and I only used it for testing (on my personal computer, of course). As I’ve already said, I’m a Richard Stallman fan, but I also like testing (not using all the time) closed-source free applications. There’s a difference between testing something which is closed-source and using it daily. I have open-source applications for that!
since we are speaking of security, do you use AppArmor and how many profiles did you join to the one already foreseen. I did set up a profile for firefox. I was somehow consternated that the program two days ago tried to access /etc/passwd, which I honestly do not understand. So I did deny and up to now I do not have had any negative effect. Actually, I think AppArmor profiling would deserve more attention and maybe also be woth some discussion about the profiles.
Overall I have to say the default “inactive” profiles openSUSE delivers are quite more usable than one or even two years ago. One has to do very few adjustments. Firefox (especially with some plugins installed) seems to have a bit more exotic needs.
Any tip to share on that? I would be grateful to know a bit about your experiences in this sector.
Cheers.
BTW what is this for a machine, laptop? Workstation? Server?
But CLAMAV is of course of no use protecting your Linux system. It is only of use in finding vurusus in files that go to and from Windows systems. And the title of this thread talks about Linux security.
I do not know if that F-prot is of any use in a pure Linux wnvironment.
Logically, since F-prot uses the same engine (afaik) then the windows version no. But this is the whole crux. Clamav is nice to avoid to forward an infected mail to a windows PC (since there are many Windows users I do know personally at least protecting them is not intrinsecally bad). But I agree, the ad speaks about 2 million viruses, and there is in the security guide of openSUSE a very nice statement:
Viruses
Contrary to popular opinion, there are viruses that run on Linux. However, the viruses that are known were released by their authors as a proof of concept that the technique works as intended. None of these viruses have been spotted in the wild so far.
That is (ehem) to translate this into plain English: the possibility to get a virus on your system if handling it normally is “in the real world” (in the wild) 0% currently.
Let us read on in the security guide:
Apart from that, you should never rush into executing a program from some Internet site that you do not really know. openSUSE’s RPM packages carry a cryptographic signature, as a digital label that the necessary care was taken to build them. Viruses are a typical sign that the administrator or the user lacks the required security awareness, putting at risk even a system that should be highly secure by its very design.
After all…these guides are b… well written, aren’t they.
So no, you do not need antivirus for Linux IMHO but that was not my problem. More was it that these programs are closed source (security risk) AND they are NOT free. Thanks Henk for reminding us.
Oh thank you very much for your kindness. I really appreciate. This is maybe the most difficult task, to understand what should I allow for an application and how much should I restrict it. I tell this also because e.g. the “secure file settings” of this distribution are very useful. Funnily enough they set the Chromium writing permissions for sandbox in a way that Chromium does not run with the sandbox anymore but gives an error message. No one is puzzled about the reason of this choice but since I use Chromium seldom I know how to adjust this on the fly. Still, I did not find a documentation on this choice. So info as you gave here is highly appreciated. Thank you.
Some Linux antiviruses detect Linux backdoors.
When I’m saying Linux security I’m not referring to Linux viruses, but to trojans, worms and rootkits. These are of real concern. Even if I only have personal computers on which Linux runs, I don’t buy that Linux is 100% safe. That doesn’t stop me from using it!
Just to clarify my earlier post a little: The chances are that “/etc/passwd” does not appear anywhere in the source code for firefox. However very standard library subroutines, such as to find a user name from the uid (the getpwuid() function), will access the passwd file. What you were probably seeing, was a reference via a library call.
