|brotherhood of LAN|
| 4:44 am on Sep 9, 2012 (gmt 0)|
Windows is pretty much the dominant player on the market, so it's the obvious choice for virus writers to target as it offers the most lucrative returns.
Linux isn't flawless but that fact alone does make it a little safer.
| 9:33 pm on Sep 9, 2012 (gmt 0)|
Recent trojans are capable of working out the platform and infecting appropriately, so linux, mac etc are no less vulnerable now. Except: most linux users seem to be more savvy and know how to avoid becoming infected.
But go to an infected web site or click the wrong link in an email and it probably makes little difference now which system you are using.
I always tell my customers and friends to use Firefox with NoScript, whatever the platform, and learn to set it up and use it correctly. That is not foolproof but a good beginning. And regardless of email client, make sure it's reading and writing emails in Plain Text mode, otherwise you may be tempted to click on a disguised link.
Of course, if you are using Android with carelessly selected apps, your system is probably toast anyway.
| 7:56 am on Sep 11, 2012 (gmt 0)|
Thanks for the nice info.keep it up.
| 7:36 pm on Sep 11, 2012 (gmt 0)|
Linux is probably still a lot safer.
1) There are FAR fewer Linux viruses in existence. You can find web pages that claim to list every Linux virus know. Tens vs hundreds of thousands.
2) Linux us more varied. Windows comes in fewer versions, so there are more vulnerabilities a virus author can rely on being present on a Windows target. It is rather like why crop monocultures are more vulnerable to disease.
3) Almost all software is installed from a repository (like an appstore, except Linux has had them for a decade) , and is digitally signed. Much safer than downloading something off somewhere on the net.
4) A single mechanism updates all the software on your computer. Makes users much likely to be up to date with security fixes.
5) The GUI has fewer ways of making you unwittingly run a malicious program (i.e. you click on a document/attachment/hatever, and it turns out to be a virus). The only real hole in this are .desktop files.
6) There are strong additional security measures such as Apparmour, and, again, these vary between Linux distributions, so a hole would only affect some people.
7) Linux encourages secure practices: not logging in as root, each person using different logins. Even my four year old can switch users correctly. Most Windows and Mac users I know use a single login for a family. The problem is with things like Mac having fast user switching off by default - the underlying systems are there, but often unused.
IMO Linux is a LOT safer, and if you are savy or careful you are very unlikely to get malware. My family have never managed to infect any of our Linux PCs, and they are not savvy or particularly careful.
| 9:50 pm on Sep 12, 2012 (gmt 0)|
I agree the software is more robust in that it is difficult to install non-repository software but a lot of viruses are "social" - clicking on links in FB, in emails (because the default is "view as html"), clicking bad links in SEs (yes, they do exist!) and following stupid links on a suspect web site. If the link/whatever carries a multi-platform installer then it IS possible to install viruses on linux.
Linux can mitigate these but I do not think it can entirely prevent human stupidity.
| 7:09 am on Sep 13, 2012 (gmt 0)|
Nothing can prevent human stupidity!
I read email as plain text by default, and my mail client warns of links that do not match the link text, and I hover look at the url (in the rare cases when I click on a link in email).
This thread prompted me to turn on ufw (firewall) and enforce the Apparmour profiles for Firefox (it is unenforced by default), Chromium, and Avahi.
As for social links, even there the risk is lower: WIndows remains the main target, and every thing other than a .desktop file will not run unless marked - and I have never heard of that hole being exploited.
I wonder if there is a way to scan .desktop files just in case?
| 8:38 pm on Sep 13, 2012 (gmt 0)|
You mean with a virus scanner? Do scanners not usually scan desktop?
It's probably not feasible to install programs in the user space rather than root (or is it?) but there are a lot of config, ini and xml files associated with root-installed programs within "home" space that could cause havoc if a script with a virus in it were installed there.
| 8:06 am on Sep 14, 2012 (gmt 0)|
That is what I am talking about.
.desktop files can show on the desktop, or in menus, and will run an arbitrary command - so it offers a way to run a file that has not been marked executable.
It used to be the case that they would run if clicked on anywhere. That has largely been fixed, but it still means that if an attacker can get a simple text file into ~/.config/autostart or ~/.local/applications they can run an arbitrary command (perhaps running a script they dropped elsewhere).
What it needs is something much simpler than a virus scanner. It needs to search for files with name s *.desktop, and look for any running a command that looks suspicious (anything other than just an executable: even passing a file to it is potentially an issue).
| 8:05 pm on Sep 14, 2012 (gmt 0)|
I was thinking a little deeper than that.
A lot of software (eg firefox, opera, various graphics etc) have "local" ini and config files. Supplant those and you could have control through, say, browsers as to where the browser is directed (eg startup page etc). Not sure that could actually happen but it's a possible entry point.
| 11:56 am on Sep 15, 2012 (gmt 0)|
Apparmour would help there as well: only the config files of the application that was compromised could be changed if you have a restrictive apparmour profile.
Ideally, any application connecting to the network, or dealing with data that might carry malware would not be able to edit its own config files: implementing that would either mean going back to editing config files manually, or a huge effort to create a universal config GUI...
....and it seems a much harder exploit to me than the .desktop file one - except in the case of applications that locally install extensions (especially web browsers).
| 7:42 pm on Sep 15, 2012 (gmt 0)|
And web browsers, really, are the problem. Redirecting a browser to a bad site increases the chance of getting a virus.
One of the virus actions on windows is to modify hosts - I don't think that's possible on linux but I worry that browsers can be redirected by other means - eg a bad extension in FF.
That is, in fact, one failing in the repository (I think!): that although (eg) FF is packaged and (presumably) validated before offered via the repository, extensions and plug-ins are not. Admittedly a major task but it would be more reassuring.
| 2:44 am on Oct 3, 2012 (gmt 0)|
The problem with this thinking is no one mentioned any virus would need to be given permissions to be installed and then given permissions to execute. That is why viruses have no success on *nix. Of course, if a user does all that, it has nothing to do with *nix. And the popularity of the OS doesn't either. In fact, there has been no successful virus in the wild since 2001.
| 5:52 am on Oct 10, 2012 (gmt 0)|
Not true. You do not need special permissions to install anything in your own user directory (which is one reason you need things like Apparmour). The problem with .desktop files is that they are executed even without execute permissions.
I agree Linux is a lot more secure, but its not perfect.
@dstiles, I have noticed some extensions and most plugins in the Ubuntu repos, and other extensions are installed per user, not system wide, from what is effectively a repo (using a different mechanism) run by Firefox, so I do not see that as a huge risk.
I agree web browsers are the problem. There are solutions, but they are either imperfect (user multiple browsers or profiles for different uses), or inconvenient (Apparmour, running multiple browsers as different users).
| 12:21 am on Oct 21, 2012 (gmt 0)|
@graeme_p - Of course it's true. YOU have permission to install things on YOUR computer but an outside executable downloaded via a browser, directly or indirectly, DOES NOT have any such permission unless you give it. And THEN you must give it permission to execute.
There have been NO successful viruses in the wild since 2001 and, even then, it was extinguished within a day or so.
| 5:21 am on Oct 22, 2012 (gmt 0)|
Sorry, no it is not always true any longer if you use the major desktop environments. If the outside executable you download is a .desktop file, then clicking on it in Gnome or KDE will execute it even if it does not have execute permission. See:
OK, that is a much smaller attack surface than the Windows equivalent, but it exists.
| 12:47 pm on Oct 22, 2012 (gmt 0)|
Yes. Anything you download and execute can infect your computer. I'm talking about programs which attempt to download/execute/install without user intervention as you see and hear about so often on Windows systems.
| 2:52 pm on Oct 22, 2012 (gmt 0)|
True, I have never heard of download + execute without user intervention in Linux.
It is this bit of your previous statement that I say is no longer true:
|And THEN you must give it permission to execute. |
The issue has not lead to any problems so far, but it is an unfortunate removal of one layer of protection.
| 10:25 pm on Nov 10, 2012 (gmt 0)|
When you say Linux what do you mean ?
There are so many distribs out there, most are based on Debian
Which is the reference.
A Unix system is far safer then Windows (70% of the worlds PC's with MS have some kind of malware on them)
If you use Ubuntu or something like that where you need sudo to administer the system a malware will need your normal user password only and the chances are that only your /home dir will be messed (never seen it though)
But a dist like Debian will need a root password to alter the system and that is a tough nut to crack..
Personally I use Linux for years and have never had a problem it just works, every day, the same
I also use MS for my Adobe apps and to test my sites in IE..
Just recently I did a Windows update and the PC did not start again, the restoration point did not work either
result an other half day reinstalling (added to the hundreds already since Win3/dos)
So yes its safer to use linux, never seen a virus..
| 11:39 am on Nov 11, 2012 (gmt 0)|
Linux for desktop use is very very safe; for server use, there are risks (mostly due to the exposure and the need to run certain core outward-facing services) but with good practice you can almost entirely remove them.
I've had no virus problems in around a decade of desktop Linux use, as in no virus problems at all. In fact, I've generally used the Linux system to check third party media for dodgy executable before risking using the media in a Windows machine.
| 9:49 am on Nov 13, 2012 (gmt 0)|
@pp46, even if malware only damages your home directory, that is where all my work is.
@vincevincevince, agreed, that is why I use a Linux desktop.
Yes, Linux is a LOT safer than Windows, and better than MacOS as well (and about as good as BSD?), but its still worth being aware of potential issues (browser flaws and .desktop files were the examples we discussed), and taking some precautions. Of course, the precautions I take are still a lot less of a pain than the what Windows requires (vrius scanners etc.).
| 8:06 am on Nov 14, 2012 (gmt 0)|
Just to clarify, what I am saying is:
1) If a Windows user neglects security, they will almost certainly be infected by malware fairly soon.
2) If a desktop Linux user neglects security they probably not be hit by any malware.
3) If you want to be really safe, use Linux AND pay attention to security.
| 3:01 am on Nov 15, 2012 (gmt 0)|
Windows 8 has Windows Defender built-in, so there's no pain involved there. It seems that paying attention to security on Linux involves keeping track of a lot of arcane news that involves in-depth knowledge of the particular *nix variant you happen to be running.
If I put Linux on grandma's machine how easy would it be for her to pay attention to security? On Windows 8 it's not really an issue.
| 3:34 am on Nov 15, 2012 (gmt 0)|
bill; modern versions of linux do that for you, and you can easily have it update itself on boot or daily. I'd be much happier to have someone who doesn't understand security using linux than windows.
Windows 8's Windows Defender does sound good, but only time will tell whether virus writers find a way to slip around it. Until then, I only have the past security record of Microsoft to go by, and that tells me to remain cautious.
| 4:02 am on Nov 15, 2012 (gmt 0)|
Regular updates are fine, and Windows 8 does that by default on a regular basis. It looks daily for updates even though the default for Microsoft is to regularly post updates on Patch Tuesday, mostly in deference to the enterprise market where out of band updates require extra testing and possible disruption to their networks.
However, I'd argue that system updates are not necessarily the same as virus protection. Sure, they may patch some exploit holes in Linux, but what if it's a 3rd party software that's being exploited? Is there a built-in scan in all Linux distros that handle those sort of issues? What if grandma opens an e-mail attachment with a Linux capable virus? They do exist.
| 4:00 pm on Nov 15, 2012 (gmt 0)|
|What if grandma opens an e-mail attachment with a Linux capable virus? They do exist. |
NO Linux distrib will install something automatically, a "linux capable virus" would have to be an executable script and as far as I know nothing you receive by mail can be executable you have to chmod it and for that you need a root or sudo pwd..Before installing it.
| 4:41 pm on Nov 15, 2012 (gmt 0)|
>>>It seems that paying attention to security on Linux involves keeping track of a lot of arcane news that involves in-depth knowledge of the particular *nix variant you happen to be running.
Nu-uh. It's nothing of the sort. Paying attention to security on a desktop linux machine involves nothing more than installing it and forgetting it.
I've never heard of a desktop linux install getting a virus. I'm sure it's possible, but it's effectively hypothetical - and that's with no attention paid to it whatsoever. No updates, no reading, nothing. Install it, and forget it. The odds of actually getting a virus are effectively 0. Doesn't matter why or how, but it IS. If you want a virus/worry free desktop, go with linux.
On the server level, I don't recall a virus ever hitting any of my servers either. And that's also with minimal security. The only time I've seen hacks are due to mysql injections on old scripts - easy enough to close and frankly, that's just basic security at the server level anyway.
| 6:22 pm on Nov 15, 2012 (gmt 0)|
@bill any Linux grandma should be using will check daily for updates for every single bit of software grandma is likely to install.
I assume Windows 8 does the same for software installed from the Store, finally bring it to parity with what Linux has had for about a decade (still no dependency management, I thin, right?).
I am not too worried about grandma type users. It is really unlikely that my wife, kids or father (they all use Linux) will end up with a infected machine. I am taking about additional security measures to cover potential weaknesses points such as web browsers, before someone finds an exploit.
The very fact that Windows Defender is (among other things?) a virus scanner tells me that Windows is nowhere near as secure as Linux. Linux does not need a virus scanner because there are no viruses. Linux security relies on architecture and configuration, Windows still relies on cleaning up the mess.
Despite my paranoid attitude to desktop security, the only things I have able to do find that Ubuntu does not do out of the box, is to restrict (at the OS level) which folders Firefox can access. I am advocating a configuration change to optimise out of the box settings for tight security.
| 10:32 pm on Nov 15, 2012 (gmt 0)|
From a security blog earlier in the week, the MS Tuesday Patch included...
"...six security patches, four of them considered 'critical' for Windows 8, and Surface-ready Windows RT operating systems."
If only linux could do what my wife needs I could and would switch over completely for desktop work. :(
As it is, my three linux machines - two Ubuntu Lucid and (now) one Mint Maya - are causing me no security headaches at all.
Incidentally - Mint's updater has an option to go down to hours and minutes - no idea if there is an actual minimum refresh period but even a few hours should be far better than the once a month MS.
And there are ways of adding third party updates into linux repositories as well, which there isn't in MS - witness the hassle over Adobe updates!
| 8:10 am on Nov 16, 2012 (gmt 0)|
I have been using Linux for more than a decade, between one and four machines at a time, with not one security issue, and until recently I never did ANY security configuration on desktops. Currently three machines in my household, and my father uses Linux as well (I switched him to Linux because its easier for me to support, especially from a distance).
Third party repositories are another massive advantage over the Windows/MacOS way. My plan now is to use the latest Ubuntu LTS (for a stable OS) with Get Deb (and especially PLay Deb) repos for the latest apps.
| This 46 message thread spans 2 pages: 46 (  2 ) > > |