Doesn't Linux need antivirus and firewall?

For discussions about security.
Message
Author
carmelosawyer

Doesn't Linux need antivirus and firewall?

#1 Post by carmelosawyer »

Hi there. Are there any antivirus apps for Linux, like there are for Windows? Or maybe Linux doesn't need any such apps? I just got puppy linux, but I am afraid to connect to the net without any security apps running. It does have a firewall of its own, though. Anything I need to download and run along with it?

rokytnji
Posts: 2262
Joined: Tue 20 Jan 2009, 15:54

#2 Post by rokytnji »

If you download windows files from the net or music or images and put on a pen drive to share with friends or relatives on Windows computers.

I consider it good manners to run a scan on those files in Puppy linux before putting them on a pen drive and plugging it into their computer.

I have not had any malware issues running Puppy Linux for years though.
Your mileage may vary though.

http://www.murga-linux.com/puppy/viewtopic.php?t=68099

http://murga-linux.com/puppy/viewtopic.php?t=72327

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#3 Post by musher0 »

You may unadvertedly transmit Windows viruses through data files brought in from some Windows system, but in and of itself, Puppy doesn't need anti-viruses, etc. Any Linux is virus-proof, because its structure makes it very complicated to create a virus for it. You can theoretically create viruses for Linux, it's been done in computing labs. But the lab conditions do not exist in the real world.

If you're worried, always boot your Puppy from CD or DVD, and make a double of your pup-save file.

But as the previous poster said, there has never been any report of a virus on PuppyLinux.

BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

#4 Post by Iguleder »

Totally, totally wrong!

Any computer program is insecure! You can always find a vulnerability, either in the program itself, a library it is linked against or even the kernel.

Linux isn't virus-proof either, because it's just another piece of software. One buffer overflow vulnerability that allows remote code execution and you're in the system as root - that's more than enough to install a rootkit. Also, Puppy uses an old kernel, traditionally - e.g kernel 2.6.37.6 (as in 5.3.1) has many known vulnerabilities and exploits already exist. I'm pretty sure they even get executed by scanners on many computers around the world as I type these words ... maybe even yours!

"Lab conditions" is a lie - there's no difference between a pristine Puppy image and an installed Puppy - both share the same vulnerabilities, except those present in extra packages, of course.

Also, remember - virus scanners are not enough. They rely on viruses already discovered by data security companies - maybe you have a trojan no company ever found, installed on your "secure" Puppy for years.

The bottom line is simple: protect yourself as much as you can - get a restrictive firewall (e.g an iptables-based one), be careful with stuff you install, always be aware of what you have on your system, install security updates and be responsible for your actions. If there's a very sensitive piece of data you don't want to be stolen from your digital systems - make a carbon copy; write it down and keep it in a safe.

Remember - software is always insecure and there's nothing you can do about this, because it means you'll have to change the human nature.
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

izezi
Posts: 56
Joined: Mon 19 Mar 2012, 12:10

#5 Post by izezi »


musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#6 Post by musher0 »

Thanks, guys.

I stand corrected...

What's the advantage of Linux, then, from the standpoint of security? ...
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#7 Post by 2byte »

What's the advantage of Linux, then, from the standpoint of security? ...
Linux is less prone to virii and exploits than Windows but the gap is beginning to narrow.

I created a post that has already been somewhat addressed, but I will post it anyway. It may be useful to some.
------------------------
Puppy is vulnerable to exploits; don’t kid yourself. Especially when you use a browser and email client that won’t update and you browse as root.

What can you do to improve the situation?
#1 Activate your firewall. Note, this will not prevent browser exploits.
#2 Change your root password.
#3 Use a browser and email client that can update themselves and keep them updated.
# Disable javascript and flashplayer in the browser. Only enable it as needed.
#5 Run your browser and email client as a limited user. Not spot.
#6 Install Avast! antivirus for Linux, use it and keep the virus defs current.

You are most vulnerable when browsing. I was recently exploited while using Puppy 5.1, a DOS executable that was found in spot’s firefox cache by avast. Yes I have wine and jre installed. I learned my lesson; never accept an expired site certificate even for a trusted site! If you get a popup notice about that, don’t touch the popup gui, just close the browser.

Linux may be less prone to exploits, but it is not immune to them, especially an OOTB Puppy.

A quick tutorial for new kids on the block.
How to add a limited user for browsing, named safebrowser, that uses Firefox.

From a console run:
# mkdir /home
# adduser -D safebrowser

Copy .fonts.cache, .fonts.conf, gtkrc* from /root/ to /home/safebrowser/. If you want to use a copy of your bookmarks, preferences and other things copy /root/.mozilla to /home/safebrowser/. Notice that these are hidden files and directory.

Create a script to launch the browser

Code: Select all

 #! /bin/bash
su safebrowser -c firefox "$@" 
Make it executable and drag it to your desktop for a shortcut.

From a console run:
# chown -R safebrowser:safebrowser /home/safebrowser/.*.*

The reason I did not use ‘user spot’ for this is with all the ‘limited user spot’ experiments going on in woof lately I feel safer creating my own user.


Bruce B

#8 Post by Bruce B »

I don't use a firewall. I use the built in NAT technology in my existing router. The router uses an old version of Linux which is too dumb to be very hackable. (I think)

As for virus scanners, I don't think they have good enough signature files for finding every Linux badware, although they have signatures for lots of badware, mostly Windows badware.

If I were concerned enough about viruses and because I don't think existing Linux anti-virus scanners are good enough, I would defer to making md5sum databases of my key directories.

The utility I would use would be md5deep to make base files to check against. Then run md5sum periodically to see if any files have been added or modified. Looking for files which shouldn't have been added or modified.

Maybe there are scripts written for us to use. If not, scripts to make the task easy could be written.

I think the main problem is that Linux has not suffered enough external compromises or malware to cause enough developer enthusiasm to necessitate building really good and easy to use firewalls and scanners.

Sort of like saying we need some problems in order to make solutions. Maybe a better way of saying what I want to say is; necessity is the mother of invention.

Anyway, not having perfect solutions, here is some information for anyone interested about the feature set of the md5deep program.

Code: Select all

md5deep version 3.6 by Jesse Kornblum.
$ md5deep [OPTION]... [FILE]...
See the man page or README.txt file for the full list of options
-p  - piecewise mode. Files are broken into blocks for hashing
-r  - recursive mode. All subdirectories are traversed
-e  - compute estimated time remaining for each file
-s  - silent mode. Suppress all error messages
-S  - displays warnings on bad hashes only
-z  - display file size before hash
-m <file> - enables matching mode. See README/man page
-x <file> - enables negative matching mode. See README/man page
-M and -X are the same as -m and -x but also print hashes of each file
-w  - displays which known file generated a match
-n  - displays known hashes that did not match any input files
-a and -A add a single hash to the positive or negative matching set
-b  - prints only the bare name of files; all path information is omitted
-l  - print relative paths for filenames
-k  - print asterisk before filename
-t  - print GMT timestamp
-i/I- only process files smaller than the given threshold
-o  - only process certain types of files. See README/manpage
-v  - display version number and exit
For man page: http://md5deep.sourceforge.net/hashdeep.html a similar utility.

Also, http://md5deep.sourceforge.net/md5deep.html
~
Last edited by Bruce B on Fri 06 Apr 2012, 16:10, edited 1 time in total.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#9 Post by nooby »

Apple is a bit like Linux. A unix like kernel with an overlay.
Apple has had problems with exploits.
Here is a text in Swedish and most likely they have that knowledge
either from PCWorld or from IDG News service and from Mac mags.

http://www.idg.se/2.1085/1.437860/myten ... akra-macen

The Myth about the secure Mac.

Linux is mostly protected by being the almost unknown OS
among the majority of average Joe users. So it is finanancely
more attractive to exploit Windows being used by 90% of users.
Here is another such report recently.
Edit Swedes had taken it from BBC

Half a million Mac computers 'infected with malware'

More than half a million Apple computers have been infected
with the Flashback Trojan, according to a Russian anti-virus firm.
http://www.bbc.co.uk/news/science-environment-17623422


Linux being another variant of Unix like OS should be as vulnerable
Consider how much money Apple can affort to invest in good security
compared to Linux Devs who are mostly doing all programming on
free time.

So Linux is less targeted and that is fortunate for us
I use Google Search on Puppy Forum
not an ideal solution though

Bruce B

#10 Post by Bruce B »

Iguleder,

I want to add some things to your excellent post.

Of course as we all know a CD disc can't be modified by a hacker.

Also, the mounted SFS included with our Puppy can't be modified remotely with any ease at all, even if it is copied to writeable media such as a hard disk or USB stick.

Modified or added files will be found in /initrd/pup_rw subdirectories, (at least in my version and I hope in all versions)

I think knowing where to look makes the task of monitoring one's system easier. It is for example, much easier to peruse /initrd/pup_rw/usr/bin because it contains only changes than it is to peruse /usr/bin because that directory displays the changes as well as the unchanged.

Bruce

~

User avatar
Iguleder
Posts: 2026
Joined: Tue 11 Aug 2009, 09:36
Location: Israel, somewhere in the beautiful desert
Contact:

#11 Post by Iguleder »

Right, it's impossible to modify a CD, but:
- A virus can penetrate through network, an infected hard drive/flash drive with some file system or SCSI/IDE driver vulnerability. Maybe even through the optical device driver.
- The virus can stay in memory, without being written to a file you can see in the writeable Aufs layer.
- Maybe the virus is a rootkit that hides files - that's the ultimate win. It lives in the kernel and hides itself.
- Maybe it replaces an existing, legitimate file that is always present in the writeable layer - e.g /etc/windowmanager with the path to a dummy window manager contained in a naive-looking, binary log file that runs JWM and some evil code.
- Overburn? :lol:

In short, you can never know. Thinking like a hacker means always being at least two steps ahead of the victim.

There is always a way to penetrate a system - sometimes it's because of the human stupidity and sometimes it's the hacker's technical skills. No matter what it is in this case, the bottom line is: it's impossible to be secure in the digital world.
[url=http://dimakrasner.com/]My homepage[/url]
[url=https://github.com/dimkr]My GitHub profile[/url]

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#12 Post by amigo »

The argument that your read-only CD cannot be altered ignores what may be happening *while you are running*. A rootkit or other malware doesn't need to live on a disk in order to work. Sure, if you are only on-line for a few minutes and then shut down your system then you are at less risk. But many people boot their system and then leave it running for a long time. They are just as vulnerable as anyone can be.

Jasper

#13 Post by Jasper »

I would be interested in participating in any experimental test(s) if the object was to demonstrate vulnerability as opposed to inflicting malicious damage.

Bruce B

#14 Post by Bruce B »

Considerations of Attitude


I think many of the theoreticals introduced in this section are not strictly theoreticals, they could really happen.

Just yesterday, a script I run daily changed. It lost one character and this caused a malfunction in almost all the script. Say what! How?

It just doesn't seem practical for me to cover myself for almost all scenarios. Worse yet, it doesn't seem practical for me to cover myself for all scenarios in the real world, where damages can be much worse, such things as injuries, financial disasters, loss of loved ones.

Also, fear, (too much of it), at a minimum, will make a person miserable if he has to live it day in and day out.

I don't want to be fearful. Frankly, I want to enjoy my computing.

I could reduce many, many risks simply by not connecting to the Internet. But that would take away much of the joy of computing. I think I'd rather have risks associated with Internet usage, than not have the Internet.

I propose something like this: Reduce risks by being informed and taking smart minded precautions. With the knowledge that there are still risks, then enjoy your computing.

Take a personal inventory of one's greater concerns or fears. In other words things he really doesn't want to be a victim of and try and cover himself for those scenarios.

For example: What I hate the most is losing irreplaceable data. The basic solution for that is, for me, making backups of files on a separate storage device.

Concluding

We can never be 100% safe. Even if I take every precaution, it may not be enough, some could still swipe my computer. Do I want to install it in an air-conditioned safe? I suppose I would like to, but I don't have the kind of money to justify the expense.

I don't like taking losses. I don't like the emotion of fear or over concern having much of a role in my life.

I suppose others feel the same.

Asking ? ? ? ? ? ? ? opinions - thoughts ? ? ? ? advice ???

~

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#15 Post by musher0 »

Bruce B.,

I'll endorse that. There has to be a balance; one's computer security is important, but, as you said, not to the point of killing the enjoyment of using a computer.

Beyond that balance point, it becomes paranoia. Reminds me of the tale of the old miser who didn't trust banks: he had put double locks on his doors and windows, and had sensors recording at every angle for fear that whatever cash he has stored in a lead drawer underneath the floor will be stolen. He also had a shotgun, of course. One evening, he inadvertedly shot his son who came in late because he thought he was an intruder... The son had had one beer too many, had forgotten the security code and was simply knocking at the door instead...

Sure it's a tale. But transpose it to the computer situation, and paranoia may lead you to do yourself more harm than good.

FWIW. BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

izezi
Posts: 56
Joined: Mon 19 Mar 2012, 12:10

#16 Post by izezi »

2byte wrote:

# Disable javascript and flashplayer in the browser. Only enable it as needed.
#5 Run your browser and email client as a limited user. Not spot.
Beyond practicing basic computer security steps such as not clicking on email attachments and such, I think the smartest thing a person can do is not let JavaScript run by default on any site you visit. NoScript for Firefox is a great extension.

BSD doesn't run as root by default so it limits to some extent what damage can be done.

Other than a few passwords to throwaway email boxes I never keep anything important on my machines.
Last edited by izezi on Sun 08 Apr 2012, 03:44, edited 1 time in total.

Bruce B

#17 Post by Bruce B »

izezi wrote:
2byte wrote:

# Disable javascript and flashplayer in the browser. Only enable it as needed.
#5 Run your browser and email client as a limited user. Not spot.
Beyond practicing basic computer security steps such as not clicking on email attachments and such, I think the smartest thing a person can do is not let JavaScript run by default on any site you visit. NoScript for Firefox is a great extension.

BSD doesn't run as root by default so it limits to some extent what damage can be done.

Other than a few paswords to throwaway email boxes I never keep anything important on my machines.
Along the lines of making easy work of disabling browser features, I recommend a Firefox entension PrefBar 6.01

I'm attaching a partial pic of the toolbar it makes. One can check and uncheck features with ease.

~
Attachments
prefbar.jpg
(9.1 KiB) Downloaded 2111 times

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#18 Post by 8-bit »

In my case, I do not keep any personal information on my PC that could be considered a security risk.
What I have on my PC that is important to me is backed up to CD or DVD and not just once.
I recommend making two so one has a copy just in case.
I once had the luck of dropping a windows install CD and it hit in such a way that it had a major scratch that ruined it.
So a backup is a good thing.
If you want anything from my PC, just ask and I will save you the trouble of hacking in and just send it to you!
That is the way I feel about the stuff on my PC.
My Puppy installs have the Pupsave file backed up on a regular basis to external media so a restore of Puppy is simple.
If Win Vista goes, oh well.
Other than a few games, I do not use it at all.
And I did make the factory restore DVDs, about 5 DVDs if you can believe that! Or was that for windows 7 64 bit?
It makes one appreciate Puppy all the more.

I run the firewall that comes with Puppy and have avast on demand antivirus that I update once in a while to do a check of my system.

But if you think about antivirus programs that are free or even those you pay for, I think the first thing a cracker would do in designing malware is to design it to get past a virus checker or a firewall.

How does one know that their PC is not being used remotely as a BOT?

If I worried enough about all the evils ones computer can be exposed to, I would be using pencil and paper.

Be like Alfred E. Newman (Mad Magazine) "What? Me Worry!"

Bruce B

#19 Post by Bruce B »

8-bit wrote: How does one know that their PC is not being used remotely as a BOT?
There could be a number of ways. My preferred way is disconnect the computer for the internet and connect it to a local proxy server. A proxy server which keeps detailed logs.

By not having any direct access to the Internet, any activity has to go through the proxy server. The log files will tell the story.

~~~

An easier setup is using netstat. The way I do this is using the continuous option >> to a file.

The problem is the file becomes huge and the disk is continuously in fairly heavy use.

I discourage the big file size somewhat effectively by filtering for only the information I'm looking for by use of grep

Then I defeat the disk writes by writing to a mounted /dev/shm directory. This way the writes are to an accessible file in RAM.

~~~

Sorry I don't have an existing script, and I only do this monitoring when seriously concerned.

I guess I would recommend starting by searching the Internet for Linux netstat examples.

With modest study of the netstat man page you might not even need to see an example.

~

Bligh
Posts: 480
Joined: Sun 08 Jan 2006, 11:05
Location: California

#20 Post by Bligh »

Would an app like conky provide that info?
Cheers

Post Reply