Re: Linux viruses -- everything you need to know!

Right, reformatting does not affect the MBR.
Installing grub for a dual-boot system, however, does overwrite the MBR, and anything obnoxious that a virus may have placed there.
Many BIOS these days can be configured to shout if anything attempts a write to the MBR.

Re: Linux viruses -- everything you need to know!

Thanks all. No, I was not looking for antivirus; it was all about rootkits and whether a Windows contamination could affect the MBR and hence possibly the Linux partition. Thanks DrDPhD (again!) - it seems that re-installing grub would clear out any possible problems!

Re: Linux viruses -- everything you need to know!

When I checked the syyslog and kern.log I didn't find any "block specials" or blkid mentions.
But that doesn't mean there isn't any. I could eaasily miss them.
Reading through the bug report it mentions software RAIDs. I have Win7 on a 3 disk
software RAID. During boot I get 3 messages that say no such file or directory and list each of
the hard drives in my RAID. Could these be my block specials?
I don't use the RAID in Kubuntu.

Linux vulnerability

I think a good part of the reason Linux has not in general been infected by malware is that it isn't a juicy target for blanket attacks. If you're an attacker, why waste your time with Linux when there are so many more Windows systems out there, and on top of that they're much easier to penetrate?

The notion that good security practices are important is in a way misleading. A truly secure system should be safe in the hands of a gullible six-year-old. The Linux community seems quite ambivalent about what level of sophistication it expects of its users -- and by "users" I mean anyone at all who downloads and installs Kubuntu. On the one hand we make a big point of how easy it is to use Linux and how you don't have to be a sophisticate to use it. On the other hand we push for security practices that demand wisdom in what you pick up from the Net. The limitation of privileges to the root account isn't as much protection as it appears, since a clever social engineer might well persuade a naive user to provide access to the root account in one way or another. And anyone who installs a Linux system perforce has the root password.

Let's also remember that targeted attacks on high-value systems are a very different kind of beast. A good friend of mine who's a system programmer of great sophistication was "rooted" by a targeted attack on his network. It's hard to defend any system, even Linux, against an attacker who's focused on that specific system and is a Linux expert. The fact is that high-value Linux systems have been penetrated. What convinces me of that is that (a) we often hear of corporate or governmental systems that have been penetrated, and (b) some if not most of those systems are surely running Linux, if only for the reasons that the readers of this forum are.

And then there's the whole issue of browser-based attacks. They may not be able to gain root access, but they can cause considerable damage nonetheless. You don't need root access to conscript a system into a botnet -- a single non-root user can send out enormous amounts of spam.

Re: Linux vulnerability

Think again! At least here, in the good 'ol U.S. of A., the Department of Defense uses Microsoft Windows Vista, and all the branches of the Military are required to use it. Likely, most of the actual Government as well. M$ is like a cancer - once 'contracted' it's very difficult to get rid of! :P

Re: Linux vulnerability

Somehow I expect that NSA and CIA are using Linux, not Windows -- unless they're building their own OS's. And probably the national labs are using Linux also.

I wonder if Siemens had been using Linux rather than Windows in their controllers, the creators of Stuxnet would have considered that an impossible challenge.

Re: Linux vulnerability

If Windows isn't being used, it is likely that Linux isn't either. But it is possible/likely that if Windows isn't being used, that some variant of Unix is. On our 'servers' at work, Unix is what is used.

Re: Linux viruses -- everything you need to know!

As a retired Federal Employee I can' t imagine why anyone would assume any Government agency is smart enough to make an intelligent choice about anything.

I endured "Security" briefings on using M$ IExplor(vomit)er. I always made a point of asking "If security is so important, why are we forced to use the least secure internet browser on the least secure operating system?" This never failed to illicit chuckles from the crowd.

No offense intended pw, but I think your expectations are somewhat derived from optimism. Which means you're likely a smart and pleasant person to know - unlike the Feds you give oh-too-much credit to.

Re: Linux viruses -- everything you need to know!

Unicos, more than likely.

Government intelligence

Actually, I'd assume that the folks at NSA are no intellectual slouches.

Updates and security

Here's an angle on this I didn't think of before: how secure is an unpatched two-year-old Kubuntu installation? Presumably a lot of the updates are fixes for security holes. And thinking of it another way: how secure is a current Kubuntu system against someone who psychically happens to know about all the fixes coming down the road in the next two years?

Let me make my feelings clear: I consider the risk level of Linux to be far less than the risk level of Windows. That's one of my main reasons for using it. But the risk level isn't zero.

Re: Updates and security

Risk can never be eliminated, only mitigated and managed. The best anyone can do, in anything they do, is recongnize what the risks are, and do what they can, within their capabilities, to reduce those risks. But, the possibility of risk will always be greater than zero.

Re: Linux viruses -- everything you need to know!

Some ideas:

1. There is no computer system that cannot be cracked, except for ones that are not plugged in.

2. The primary security risk to any system is the user. Whether intentionally, unintentionally, or out of pure ignorance or hopeful apathy, most security compromises are the result of users doing one thing or another that allows an attacker in.

3. Knowing the code won't necessarily help. Just because you can read the source code for gpg, won't help you a bit in cracking a properly encrypted gpg file.

4. I would say, if a person is THAT talented, why would they need to crack your system in the first place? They could read it right out of your mind, right?

Re: Updates and security

I totally agree. In fact I can just imagine someone satisfied with themselves for just having patched the last vulnerability, and hardened the system to the nth degree. The person is sitting at their desk and smiling. Getting ready to go home, he unplugs his computer, just to be completely sure. It is 4:52 in the afternoon on Tuesday, 12 January 2010. The place is Haiti. Not funny - but real.

I would measure that security by the number of documented successful attacks. Nothing less.

PS: I know, I have this morbid fascination with reality.

Re: Updates and security

I'd say that the existence of a security patch is an indication that the system maintainers have discovered a hole in the system. Whether anyone actually managed to take advantage of that hole is very difficult to know.