Announcement

Collapse
No announcement yet.

Linux viruses -- everything you need to know!

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Re: Linux viruses -- everything you need to know!

    Originally posted by dibl
    The worst thing that ever infected my Kubuntu system was strigi ...

    or anything from Adobe

    Please Read Me

    Comment


      #17
      Re: Linux viruses -- everything you need to know!

      I run ClamAV (it's a Linux version of an Antivirus programme) on a weekly basis, and as I have a lot of files, some incoming as well as out-going, I need to check the incoming ones to make sure I'm free of anything scary - So far I've not had anything land on my door-mat but that doesn't mean it won't in the future - Linux is getting more well-known and it only takes a troll to get ideas... so be safe!
      Terabyte<br /><br />Non sibi sed omnibus (Not for oneself, but for all)

      Comment


        #18
        Re: Linux viruses -- everything you need to know!

        Originally posted by terabyte
        I run ClamAV (it's a Linux version of an Antivirus programme) on a weekly basis, and as I have a lot of files, some incoming as well as out-going, I need to check the incoming ones to make sure I'm free of anything scary -
        The only value to running an AV product on incoming email is if you want to forward it on to Windows machines your friends use and so you clean up the email as a courtesy. IF there were a Linux virus attached you would have to do three things to get infected:
        1) Save it as a file. Linux can't run an app unless it is a file. There are no "ActiveX" controls or automatic scripting engines on Linux.
        2) Add the execute permission to make it executable. Even then, it will only execute IF it is an ELF binary or a properly written script (i.e., has #!/bin/bash or something similar as the first line of the script)
        3) Run it. IF you want to run it as root then you have to change its ownership and/or use sudo.

        Those are three VERY FOOLISH STEPS and would require someone who is extremely gullible and easily influenced by Social Engineering. Also, since social engineering is a person-to-person action it would be impractical to try and create a bot farm of Linux zombies. If it took a bad guy 15 minutes of social engineering to get a Linux user to infect his own box that's only 32 boxes a day, or 960 a month. To create a 1.5 million zombie bot farm out of Linux boxes would take 130 years at that rate. It would take a single Windows virus only a few days to accumulate that big of a bot farm.


        So far I've not had anything land on my door-mat but that doesn't mean it won't in the future - Linux is getting more well-known and it only takes a troll to get ideas... so be safe!
        Linux in the USA is already over a 12% desktop market share. If infection rates were proportional to usage rates, and Windows had 2,900,000 viruses last year alone, then Linux should have at least 300,000 active viruses plaguing Linux users. How many active Linux viruses, found in the wild, have you heard about during the last year? None.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #19
          Re: Linux viruses -- everything you need to know!

          In the light of a couple of recent events:

          1. The resurgence of the Zeus virus targeting firefox (the articles don't seem to emphasise it is windows only)and
          2. Someone attempting to use my credit card number to send £2 to Oxfam resulting in it having to be cancelled. The bank told me it could be down to a Trojan or a random credit card number generator. I (and they) suspect the latter as the nature of the transaction suggests it's a test.

          In light of the above, I have run KlamAv on both the home and system files. On both it has found "heurstics.broken executables" saying they are "probably a virus". I have got rid of the files from the home directory but am concerned about the system ones. The system scan didn't complete before I had to stop it but the ones I saw were in /usr/lib virtualbox. I have not elected to quarantine them until I know what they actually are. Any thoughts please?

          Thanks

          Ian

          Comment


            #20
            Re: Linux viruses -- everything you need to know!

            You should
            man aa-enforce
            and consider using it on FireFox if you are concerned (and if it isn't already protecting FF by default, which I am not sure of).
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #21
              Re: Linux viruses -- everything you need to know!

              Thanks - Here's the output

              Code:
              ENFORCE(8)              AppArmor              ENFORCE(8)
              
              NAME
                  aa-enforce - set an AppArmor security profile to enforce mode from complain
                  mode.
              
              SYNOPSIS
                  aa-enforce <executable> [<executable> ...]
              
              DESCRIPTION
                  aa-enforce is used to set the enforcement mode for one or more profiles to
                  enforce. This command is only relevant is conjuction with the utility
                  complain which sets a profile to complain mode. The default mode for a
                  security policy is enforce and the aa-complain utility must be run to change
                  this behavior.
              
              BUGS
                  None. Please report any you find to bugzilla at <[url]http://bugzilla.novell.com>[/url].
              
              SEE ALSO
                  apparmor(7), apparmor.d(5), aa-complain(1), change_hat(2), and
                  <[url]http://forge.novell.com/modules/xfmod/project/?apparmor>[/url].
              
              Canonical, Ltd.           2010-03-11              ENFORCE(8)
              Am I right in concluding that it's running at the highest level by default, given I haven't knowingly changed anything?

              Comment


                #22
                Re: Linux viruses -- everything you need to know!

                I don't believe it is: http://www.uluga.ubuntuforums.org/sh....php?p=9180831

                If you have "usr.bin.firefox" in /etc/apparmor.d/disable/ then I doubt you are.

                You can read /etc/apparmor.d/usr.bin.firefox and see what it does to see if you want to enable it.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #23
                  Re: Linux viruses -- everything you need to know!

                  I been reading through the article and was reminded many times of the "ROOT" User. I just recently installed Kubuntu and it gave me the option to create a user. On that screen is that the ROOT user that everyone is speaking of? If so then the safest precaution is to create a second user if i'm understanding correctly? Don't want to sound like a complete noob but the truth is I AM.

                  Comment


                    #24
                    Re: Linux viruses -- everything you need to know!

                    No the root user is "root" - you would have to physically login as root to run as root. User "eric" does not, without more, have root-like privileges. The sudo concept grants you temporary higher level privileges for example to install software. so when you launch synaptic you need to enter your password and you can then use it properly. When you close it off, you have a short time during (a few minutes I think) which you can launch it again otherwise you need to re-enter the password.

                    So don't worry about that - user "eric" only has root privileges when you choose to grant them. The downside is that you could also use that power to run applications like firefox as root user. That would require the password (and a death wish )

                    HTH

                    Ian

                    Comment


                      #25
                      Re: Linux viruses -- everything you need to know!

                      Eric - first of all welcome to KDE and the forum. I think you may be the most active new user ever!

                      This topic has been thrown about a lot but it's well worth repeating:

                      Linux is virtually virus free, secure, recoverable and more due to in no small measure the control of permissions. This is something almost unheard of in the Windows world. You will be hearing a lot about permissions and running into a few walls along the way - this is a good thing. This will help you keep your system running.

                      Here's some basic rules and info:

                      1. Never log into a GUI as "root" - this is disabled by default in Kubuntu and I won't tell you how to do it!
                      2. The function "sudo" means "do as root" - su = super user (aka root) and should only be used in a terminal, never for a GUI program.
                      3. Never launch a GUI program as "root" - this means don't open a terminal and type "sudo someGUIprogram"
                      4. When the time comes that you need to do something as "root" and you want to use a GUI program, the correct (safe) way to do this in KDE is to use "kdesudo someGUIprogram". This launches a GUI shell that correctly directs root access away from your /home and toward /root.

                      In summary: If you read a post that says "edit file whatever.conf as root", open a terminal and type "kdesudo kate whatever.conf". You will get a pop-up asking for root password and then it will open the file in kate (or use kwrite) and allow you to edit and save it. Do not use "sudo kate whatever.conf"

                      Permissions exist in several ways and levels. You can start learning about file/directory permissions here

                      http://www.comptechdoc.org/os/linux/..._ugfilesp.html

                      Please Read Me

                      Comment


                        #26
                        Re: Linux viruses -- everything you need to know!

                        Thanks for the information, I was thinking (Because of windows) that when you first create a user, that becomes the admin account. Lucky for me Linux has "Common Sense" permissions in place so that novice users like myself don't accidentally execute a virus. Nice work and thanks again.

                        Comment


                          #27
                          Re: Linux viruses -- everything you need to know!

                          Just remember that the next user you create for your Linux OS won't be a user with sudo privileges... unless you allow that user to get them...
                          Multibooting: Kubuntu Focal Fossa 20.04
                          Before: Precise 12.04 Xenial 16.04 and Bionic 18.04
                          Win 10 sadly
                          Using Linux since June, 2008

                          Comment


                            #28
                            Re: Linux viruses -- everything you need to know!

                            Originally posted by oshunluvr

                            In summary: If you read a post that says "edit file whatever.conf as root", open a terminal and type "kdesudo kate whatever.conf". You will get a pop-up asking for root password and then it will open the file in kate (or use kwrite) and allow you to edit and save it. Do not use "sudo kate whatever.conf"
                            OShunluvr - Thanks for the info, I didn't know about the KDEsudo command. For months now I've been merrily doing exactly what you say one shouldn't do!

                            Now for strictly nonGUI stuff (like apt-get) it's ok to just use sudo?

                            Comment


                              #29
                              Re: Linux viruses -- everything you need to know!

                              Originally posted by ScottyK
                              Now for strictly nonGUI stuff (like apt-get) it's ok to just use sudo?
                              Yes. When a non-gui app/command that requires root to run, then from the CLI (Command Line - Console), sudo app/command is what you use.
                              Using Kubuntu Linux since March 23, 2007
                              "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                              Comment


                                #30
                                Re: Linux viruses -- everything you need to know!

                                Explained another way:

                                KDE is the GUI that works on top of linux.

                                "sudo" is the linux command that allows root aka SuperUser status.

                                "kdesudo" is the GUI command on top of linux's "sudo" command that allows root aka SuperUser status.

                                If you're using KDE (the GUI), use "kdeusdo".

                                If you're using only the command line (aka CLI), use "sudo"

                                Please Read Me

                                Comment

                                Working...
                                X