Security software

pe1800 · March 4, 2013, 8:19pm

I am growing tired of Windows 7 and thinking of installing openSuSE, question:

Do I need to install antivirus and/or firewall apps, and, if so, what kind of, free, packages would you recommend?

Thank you for your advice,

pe1800

nrickert · March 4, 2013, 8:53pm

There will already be a firewall installed.

You won’t need anti-virus, unless you are downloading files to be used on Windows boxes. In that case, I think “clamav” is in the standard repos.

user · March 4, 2013, 8:53pm

> Do I need to install antivirus

you need no antivirus software to protect openSUSE or any Linux,
because there are no known Linux viruses in the wild…

i’ve used Linux since '98 and never had a reason to run anti-virus
software.

> and/or firewall apps

a default install of openSUSE includes a firewall, which will run
automatically every time you boot and offers very reasonable
protection right out of the box…

all of that above is not to say that as a user there is nothing you
can do to keep your machine clean…there is much you can do to make
it harder to crack…and, much you can do to make if far too easy…

Linux security is more about administrative practices rather than
paying bucks to try to purchase security…

i’ll leave it to others to explain the security practices we all (who
know and care) use…

–
dd
openSUSE®, the “German Engineered Automobile” of operating systems!

hcvv · March 4, 2013, 9:01pm

As you can see all over the place here, it is openSUSE. One reason less for getting RSI by using the shift key to much

tsu2 · March 5, 2013, 2:46am

Although Linux as a Desktop is relatively ignored as a malware target, it’s not totally immune from attacks.

Example the recent Java vulnerability and resulting recommendation to disable Java in all browsers until patched.

There are also well-known attacks on software apps like webmin, PHP and Oracle databases all which run more commonly on Linux than other OS.

Rootkits could potentially compromise Linux boxes, but are relatively difficult to construct today.

Most malware infections that suggest use of AV and similar consumer use though are installed using email spear-phishing and clicking on advertising and few of any of those are written to compromise any but Windows boxes.

IMO,
TSU

user · March 5, 2013, 11:42am

my different view/opinion:

> Although Linux as a Desktop is relatively ignored as a malware target,
> it’s not totally immune from attacks.

it has long been the standard line from Microsoft®, and its
proponents, that: if Linux had a larger market share then it would be
just as vulnerable and infected as is Windows®…which is just pure FUD!

the MS system is less secure because of its design and its operating
practices, NOT because of its monopolistic market share.

> Example the recent Java vulnerability and resulting recommendation to
> disable Java in all browsers until patched.

the attack vector through java had nothing to do with any virus!

and there was no (and is no) security software sold by anyone or
delivered freely which could do, or did do, anything to minimize the
threat posed by the recent java vulnerability…

remember this thread is to answer the OP question “what kind of,
free, packages would you recommend?” and there was and is no free or
purchasable software solution to the java problem (other than just
FIX java, of course…)

> There are also well-known attacks on software apps like webmin, PHP and
> Oracle databases all which run more commonly on Linux than other OS.

is not the frailty in the named packages rather than the system they
operate in?

and, like the Java example, are there any software packages that
can be recommended which ‘solve’ the vulnerabilities in webmin, PHP
and Oracle db’s? (and also the encountered problems of Flash and Acrobat)

> Rootkits could potentially compromise Linux boxes, but are relatively
> difficult to construct today.

rootkits do compromise Linux boxes and they are neither overly
difficult to construct or install…

the construction difficulty comes only in the hacking magic needed to
hide the evil so it can go undetected…

and, installation is no more difficult than installing any other
program. (which is one reason that good administrative practices is a
must)

there are programs to help find installed rootkits, but the best
defense is to use the correct administrative practices to keep them
OUT in the first place…

once in, it is game over.

format and start a new game.

> Most malware infections that suggest use of AV and similar consumer use
> though are installed using email spear-phishing and clicking on
> advertising and few of any of those are written to compromise any but
> Windows boxes.

because Linux users who employ secure administrative practices don’t
read email or click on web site advertising as root, it would be a
waste of time to write those attacks to run both on Windows® and Linux…

on the other hand, i was using an Android tablet a few weeks ago and
its built in browser was hijacked (opening page was set to some rogue
site selling junk online) by a click somewhere–but that too was a
program (browser) failure, rather than the system (Android Linux)
failing, and the system was not in any danger from the attack…

imo the bottom line remains the same: for openSUSE there is no
software package which can be bought, received for free, or
recommended which will increase a default installed system’s security
as much as just using the standard operating practices well known for
decades…

[and, if those practices are not followed then the system is not
quite as insecure as is the typical Windows® system but it is a long
long way from where it should/could be]

as usual, ymmv.

–
dd
openSUSE®, the “German Engineered Automobile” of operating systems!

pe1800 · March 6, 2013, 7:55pm

Thank you. Very interesting and instructive.

pe1800 · March 6, 2013, 7:57pm

Thank you. Exactly what I was looking for.

dd:

> Do I need to install antivirus

you need no antivirus software to protect openSUSE or any Linux,
because there are no known Linux viruses in the wild…

i’ve used Linux since '98 and never had a reason to run anti-virus
software.

> and/or firewall apps

a default install of openSUSE includes a firewall, which will run
automatically every time you boot and offers very reasonable
protection right out of the box…

all of that above is not to say that as a user there is nothing you
can do to keep your machine clean…there is much you can do to make
it harder to crack…and, much you can do to make if far too easy…

Linux security is more about administrative practices rather than
paying bucks to try to purchase security…

i’ll leave it to others to explain the security practices we all (who
know and care) use…

–
dd
openSUSE®, the “German Engineered Automobile” of operating systems!

pe1800 · March 6, 2013, 8:01pm

Thank you. It answers my question.

pe1800 · March 6, 2013, 8:04pm

Thank you, very useful information.

PattiMichelle · March 15, 2013, 8:01pm

It is absolutely incorrect to think using linux automatically protects you from viruses and malware.
Android is a linux distro and is the most-targeted platform for international cybercrime:
Malware RATs can steal your data and your money, your privacy too _ ESET ThreatBlog.mp4 - YouTube
Linux malware - Wikipedia, the free encyclopedia

I’m still trying to determine if ClamAV is enough protection.

malcolmlewis · March 15, 2013, 8:24pm

Hi
Is there anything in the wild at present on linux? I’ve been trying hard now for 10+ years and still haven’t found one in one of my linux partitions…

user · March 16, 2013, 6:01am

On Fri, 15 Mar 2013 19:26:01 GMT, malcolmlewis
<malcolmlewis@no-mx.forums.opensuse.org> wrote:

>
>PattiMichelle;2535749 Wrote:
>> It is absolutely incorrect to think using linux automatically protects
>> you from viruses and malware.
>> Android is a linux distro and is the most-targeted platform for
>> international cybercrime:
>> ‘Malware RATs can steal your data and your money, your privacy too _
>> ESET ThreatBlog.mp4 - YouTube’
>> (http://www.youtube.com/watch?v=cOkX2KQxkQI)
>> ‘Linux malware - Wikipedia, the free encyclopedia’
>> (http://en.wikipedia.org/wiki/Linux_malware)
>>
>> I’m still trying to determine if ClamAV is enough protection.
>Hi
>Is there anything in the wild at present on linux? I’ve been trying
>hard now for 10+ years and still haven’t found one in one of my linux
>partitions…

Asw i understand it several dozen were developed, but lacked penetration
on regular Linux machines. Andriod is another matter, they have made a
lot of compromises of security for dumball user convenience. The result
is security problems. Consequently, i would call it Linux based rather
then real Linux,

?-)

user · March 16, 2013, 9:53am

On 03/15/2013 08:06 PM, PattiMichelle wrote:
> I’m still trying to determine if ClamAV is enough protection.

of course it is not!

ClamAV only looks for viruses which attack Windows® systems…it
cannot look for Linux viruses–because as of today there are none in
the wild!

if one pops up in the next hour ClamAV won’t see it because it has
not been given that new viruses ‘signature’ to look for…

therefore, ClamAV is totally useless in protecting Linux
systems…that may change in the future but it is the fact today…

on the other hand there are many things one can do to protect
themselves from rootkits and other malware (but ClamAV is NOT
effective in protecting Linux, in any way.)

you wrote “It is absolutely incorrect to think using linux
automatically protects you from viruses and malware.” which is
absolutely correct–there is plenty to worry about out there, but
ClamAV is no help at all…for example, here is a new (this month)
article in Linux Magazine about rootkits…notice how many times
Windows® viruses or ClamAV is mentioned:

http://www.linux-magazine.com/Online/Features/Kernel-Rootkits-and-Countermeasures?

finally, (from what i understand) attacking Android and its
applications is pretty easy…however, it is not the linux kernel
which is being compromised but rather the user space which is often
FILLED with applications of unknown resistance to being
compromised…one can think of Android as being like just another
Desktop Environment sitting on top of, and running on a Linux
kernel…all of the attacks i am aware of are inside that far softer
and easier to invade and takeover Android space…

last: the only safe computer is the one which is totally isolated
from the internet…and not running…and no one has access to it,
nor can start it up…(but, in none of those cases would ClamAV help
protect it)

ymmv

–
dd

robin_listas · March 16, 2013, 2:43pm

On 2013-03-16 09:53, dd wrote:
>
> you wrote “It is absolutely incorrect to think using linux automatically
> protects you from viruses and malware.” which is absolutely
> correct–there is plenty to worry about out there, but ClamAV is no
> help at all…for example, here is a new (this month) article in Linux
> Magazine about rootkits…notice how many times Windows® viruses or
> ClamAV is mentioned:

Yesterday I watched a TV report (I still have to watch half of it, I
have it recorded). It was about hackers. Mostly spam and phishing
attacks, not in depth.

They demonstrated something on camera that I did not know it was so
easy. They created a targeted email with an attachment for a victim (the
TV person). It was a text based program that asked what attack method
and vulnerability to use: they chose acrobat, they created a PDF, and
they sent the email with an enticing tittle.

When the recipient gets that PDF and clicks on it, it opens a connection
to the attacker who in real time gets administrator access to that
Windows machine.

Scary.

Not a virus, it is a Trojan.

Of course, they used a Windows target that was not fully updated, no
current antivirus, etcetera. But it is war out there: the antivirus
people create updates daily, but so do the bad guys. When they discover
a hole they do not publish it, they use it!

And my antivirus software in Windows does not warn me that my acrobat is
known to have a hole. Neither does the antivirus in Linux.

Some years ago a chap demonstrated to me some Windows security software
in a local network. It scanned ports on all local machines, as nmap
does. But instead of listing open ports, it lists the versions of the
software it finds on those open ports and what vulnerabilities and known
vectors attacks can be used against those machines. It also lists what
updates have to be applied on those machines to plug the holes. And yes,
it also scans Linux machines.

Unfortunately I lost the paper where I took note of the name of the
software. I have been told of possible names, but I also don’t remember
them

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

user · March 16, 2013, 5:19pm

On 03/16/2013 02:43 PM, Carlos E. R. wrote:

> When the recipient gets that PDF and clicks on it, it opens a connection
> to the attacker who in real time gets administrator access to that
> Windows machine.
>
> Scary.

yes very! so, we know that that same exploit would not give the
cracker root access to our machines because 1) we never ever ever
read email or browse the net as root, right! and 2) that exploit is
only against a known Window’s hole…

> And my antivirus software in Windows does not warn me that my acrobat is
> known to have a hole. Neither does the antivirus in Linux.

but there are lists/etc you may join to stay up-to-date on the known
exploits…and, sometimes someone does make an announcement… like
the recent US government announcement on the java vulnerability…

> instead of listing open ports, it lists the versions of the
> software it finds on those open ports and what vulnerabilities and known
> vectors attacks can be used against those machines. It also lists what
> updates have to be applied on those machines to plug the holes. And yes,
> it also scans Linux machines.

right! nmap scans Linux as easily as Window (or Mac, or AIX, or
whatever) and put together with other software can learn all sorts of
things depending on the security of the machine being scanned…

some folks don’t know what their browser gives a web site all kinds
of info that can be used to launch an attack…

like, go here and see what your browser tells:
http://browserspy.dk/showprop.php
http://aruljohn.com/details.php

> Unfortunately I lost the paper where I took note of the name of the
> software. I have been told of possible names, but I also don’t remember
> them

i do not know the name either, but there are lots of commercial
(proprietary and open source) applications a site administrator can
use to learn the vulnerabilities of his/her networks…and, yes
those same tools can be used also to find vulnerabilities in other’s
networks as well . . .

and, there is a reason they call some of the crackers “script
kiddies”…because they don’t even have to understand what is going
on to detect a weakness and launch a successful attack–just run the
script.

–
dd

robin_listas · March 17, 2013, 12:54am

On 2013-03-16 17:19, dd wrote:
> On 03/16/2013 02:43 PM, Carlos E. R. wrote:
>
>> When the recipient gets that PDF and clicks on it, it opens a connection
>> to the attacker who in real time gets administrator access to that
>> Windows machine.
>>
>> Scary.
>
> yes very! so, we know that that same exploit would not give the cracker
> root access to our machines because 1) we never ever ever read email or
> browse the net as root, right! and 2) that exploit is only against a
> known Window’s hole…

An Adobe Acrobat hole, actually, maybe combined with other Windows
holes. And that thing is also used on Linux, where it has had security
updates at times.

I don’t open unknown PDFs with acrobat, just in case…

Even getting access only as my user to my machine (not as root) is scary
as they can then read my documents.

>> And my antivirus software in Windows does not warn me that my acrobat is
>> known to have a hole. Neither does the antivirus in Linux.
>
> but there are lists/etc you may join to stay up-to-date on the known
> exploits…and, sometimes someone does make an announcement… like the
> recent US government announcement on the java vulnerability…

Oh, yes… I don’t have anything else to do but read all the security
lists, both Windows and Linux, both normal and “black”. Yah.

If I were paid for that job, then maybe.

>> instead of listing open ports, it lists the versions of the
>> software it finds on those open ports and what vulnerabilities and known
>> vectors attacks can be used against those machines. It also lists what
>> updates have to be applied on those machines to plug the holes. And yes,
>> it also scans Linux machines.
>
> right! nmap scans Linux as easily as Window (or Mac, or AIX, or
> whatever) and put together with other software can learn all sorts of
> things depending on the security of the machine being scanned…

That software gave way more info than nmap does.

For example, for Windows it tells you what updates you have to apply to
plug those holes it finds.

> some folks don’t know what their browser gives a web site all kinds of
> info that can be used to launch an attack…

I know…

>> Unfortunately I lost the paper where I took note of the name of the
>> software. I have been told of possible names, but I also don’t remember
>> them
>
>
> i do not know the name either, but there are lots of commercial
> (proprietary and open source) applications a site administrator can use
> to learn the vulnerabilities of his/her networks…and, yes those same
> tools can be used also to find vulnerabilities in other’s networks as
> well . . .

Yes, double use.
I believe some of these tools were outlawed on some countries
(Germnay?), making security administrators life quite difficult.

> and, there is a reason they call some of the crackers “script
> kiddies”…because they don’t even have to understand what is going on
> to detect a weakness and launch a successful attack–just run the script.

Right.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))