Re: [OS:N:] Virus Protection?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 8/25/05, Jay Scherrer <jay@xxxxxxxxxxxx> wrote: > Linux has been designed with security in mind. But don't let that catch > you off guard. One of my Windows users tells me that the reason Windows > has more viruses is because Windows is more popular over Linux. If that > is true, we should always be ready, just in case Linux starts getting > more popular. You should always be ready. Period. But I should point out that UNIX has been around longer than Windows, and people have had plenty of opportunity to hack it. Good hackers and bad hackers. Linux is built like UNIX in many ways, and is just plain old not as vulnerable. The *real* reason Windows is attacked more often is that it is easy. Do more people dig tunnels under Fort Knox, or steal candy bars from the local store? The majority of WIndows attackes are written to exploit design issues not present in Linux, but more importantly are spread by "script kiddies" who are the 'Nets equivalent of Halloween pranksters. They're not smart, they're bored and easily amused. Point them at a box where they have to think about it, and they're quickly swept off. > There have been several viruses unleashed against Linux > such as rootkit, where these are designed to attack via sudo. The best > practice is to watch your logs and possibly use a file logger like > bastille, or tripwire. One area of security are core files. Core files > are created when a program or daemon crashes do to some unexpected > operation or bug. This core file is used for debugging and can contain > information about your system and even your passwords. A Cracker might > try to crash any number of programs such as Apache or Sendmail, just to > get a hold of a core file. There are many scripts available that can > check file directories for core dumps and zero length files. Once a hacker is on your machine, they can run all sorts of nasty stuff. And if you run as root and execute programs you can be tricked into installing every little chigger they rolled into it. This is not a flaw of either system in and of itself so much as a by product of "crunchy on th eoutside, soft and gooey on the inside" security policies. The big distinction is that on a Linux machine, darn little can be done to root processes with a breached user account, and an even bigger distinction is can the virus/worm propagate itself without user intervention. In the past a hacker has been able to have an easier time escalating their privileges within a "ring" of access, due to what's called "discretionary access control". Under SELinux, for example, it's "mandatory access control" and the rings are cut into slices, so gaining access to Apache, does not mean you can get access to anything at Apache's access level. If the service does not ever need to read a file, you can never read taht file if you are running as that service, same for writing, etc. > A good source for learning about Linux security is the book "Hack > Proofing Linux" by James Stanger and Patrick Lane. This discusses > everything from the common tools you can use to how to protect against > packet sniffers, Those pesky little programs that watch your every key > stroke over the web. Also check out "Hacking Linux Exposed", stop running Windows, and get a firewall. --jeremy _______________________________________________ Subscription and Archive: https://www.redhat.com/mailman/listinfo/open-source-now-list/ - For K12OS technical help join K12OSN: <https://www.redhat.com/mailman/listinfo/k12osn>
[Fedora Linux] [Kernel] [Red Hat Install] [Red Hat Development] [Gimp] [Yosemite News]