Unix/Linux Security Myth ~ - Security & Cryptography

Users browsing this thread: 1 Guest(s)
Long time nixers
Yes now you guys have heard it all before about 'linux/unix' being safe from trojans/worms/hacking attacks etc, but im just curious to, if any of you fella's on here actually run some type of Anti-virus/Firewall on ya Linux/unix machines?

I recently installed ubuntu for a friend on his old system and he kept saying does it come with firewall/anti virus i said to him ya wouldn't need to worry.

But i ask you guys this

- Does Linux/Unix Really need an anti virus or firewall protection out there? well to put it blunt i know any system needs some sort of firewall but what like openbsd has freebsd and so on, (i cant imagine a fortune 500 company running redhat enterprise on there servers with out some type of security now ? right? //lol

But why does ubuntu/fedora and so on have the option to install an 'Anti-Virus' Application ?

Example lets just say i run openbsd fully update and i went on holiday for a entire 'year' and came back what are the chances of my openbsd server/desktop be crashed or be riddled with virus ?

- Your thoughts

* iptables
Nope, I don't think that if you're a good *nix user that you'll need to user a so called 'anti-virus' software.
One of the aim of using a *nix system is to have control over your machine.
Long time nixers
Yea i understand that, but what im saying is, we all know the famous windows platform and its never ending problems on virus but what is the current state on virus attacks on linux/unix?

is it none ? or ?
Long time nixers
(24-12-2012, 03:07 PM)Lith Wrote: Yea i understand that, but what im saying is, we all know the famous windows platform and its never ending problems on virus but what is the current state on virus attacks on linux/unix?

is it none ? or ?

There are very few, I know Joomla or Beastie created one and I think Shix was testing it on his machine and it worked.
Long time nixers
You are suppose to be the anti virus.
Long time nixers
Well just for safe measure i always put a rubber on my Ethernet cable (safe surfing goes a long way) lol....
Long time nixers
I should try that!

Perhaps it will protect my computer if an EMP is fired as well.
"Willful ignorance is a crime"
EMP happens even when a normal bomb that is fired.
:) be prepared!
Also put your cosmic suit to be protected against gamma!
Long time nixers
Honestly, *nix is 100x more secure than Windows and arguably OSX, but comparing your security to Windows is kind of like comparing Beethoven to flinging a rubber band for sound as equals. Nothing is secure.
Long time nixers
EMP only affects online systems in close proximity to the pulse.

Systems which are not powered will be unaffected by EMP.
Someone doesn't appreciate my php generated image!
I use ClamTK as AntiVirus, it updates everyday as a daemon and I scan twice a month.
As for Firewall, I used to use Firestarter but it has a bug in most of the latest debain distributions which doesn't output a real-time connection list.
And because Firestarter has stopped production and support, I doubt it will ever be fixed unless a patch is released.

I sometimes use UFW, but I don't need to use the GUI because it runs on startup anyway, if I need to port forward, I'll do it in the terminal.

IPTables.. I don't have enough knowledge yet :P
I don't use an anti-virus but I heard something about a Java 7 exploit that could have caused a lot of problems, but then again, I'm not sure if my sources were correct.
"WE" are not going to argue `ABOUT JAVA` here.
Long time nixers
(23-01-2013, 05:19 AM)venam Wrote: "WE" are not going to argue `ABOUT JAVA` here.

lol why not ?
Long time nixers
Java is evil!
Just say no!
Long time nixers
I never install anti-virus on any of my computers, but that is because I do not have anything worth anyone taking on my computers.

But instead what I do, is look at applications that have huge security risks and I don't install them. That is still not as secure as an anti-virus software because it does no protect me from internet threats. But I have nothing of value, so why waste resources?

I have a lot of friends that would highly recommend clamav tho.
The world is quaking from our Linux Thoughts!
You can, of course, write viruses for *nix but seeing as the majority of crackers want to infect the largest majority: what OS are they going to put their time into? Windows, who has something like a 90% market share. Or Linux? The small OS mostly used by people who know what they're doing and are less likely to install the virus anyway.
first things first, sorry to resurrect old thread.

lets suppose you have downloaded an unknown application that's precompiled.
that program waches and sends keystrokes to remote server... for that it needs root access. it should ask for access... why that program needs root... you wont allow it problem solved.

crw-r----- 1 root root 13, 64 Jul 15 19:00 event0
crw-r----- 1 root root 13, 65 Jul 15 19:00 event1
crw-r----- 1 root root 13, 74 Jul 15 19:00 event10
crw-r----- 1 root root 13, 75 Jul 15 19:00 event11
crw-r----- 1 root root 13, 76 Jul 15 19:00 event12
crw-r----- 1 root root 13, 77 Jul 15 22:10 event13
crw-r----- 1 root root 13, 66 Jul 15 19:00 event2
crw-r----- 1 root root 13, 67 Jul 15 19:00 event3
crw-r----- 1 root root 13, 68 Jul 15 19:00 event4
crw-r----- 1 root root 13, 69 Jul 15 19:00 event5
crw-r----- 1 root root 13, 70 Jul 15 19:00 event6
crw-r----- 1 root root 13, 71 Jul 15 19:00 event7
crw-r----- 1 root root 13, 72 Jul 15 19:00 event8
crw-r----- 1 root root 13, 73 Jul 15 19:00 event9
crw-r----- 1 root root 13, 63 Jul 15 19:00 mice
crw-r----- 1 root root 13, 32 Jul 15 19:00 mouse0
crw-r----- 1 root root 13, 33 Jul 15 19:00 mouse1
crw-r----- 1 root root 13, 34 Jul 15 22:10 mouse2
graph #1

lets suppose hacker find a way to watch keystrokes w/o needing root privilages. (thats not gonna happen look at graph #1)
then you noticed an unwanted 'movement' when looking iftop / htop / top whatever you want, then you 'killed' that process... with SIGKILL
what will that process do (unlike windows, it is KILLED)

again lets think about that process somehow gained root access and copied itself over $SHELL's location i will use /bin/sh, and moved that shell to /bin/.sh so process runs itself before that shell and forks original one to make itself 'invisible' to user.
you have noticed opening new xterm or logging in requires 'suspiciously longer' time and when digging recursive order you found /bin/.sh file, you checked 'x'sum of (md5,sha256 whatever) that .sh and sh files you found out sh is a 'fake' and .sh is original...
basically moving .sh to sh will OVERWRITES it but you should close all another shell sessions before doing it... use the script like that:


mv /bin/.sh /bin/sh
killall -9 sh
exit 0

well, if that not worked shutdown your computer fire up with some 'live' distro... go to desired folder do your job and exit. you can test it by with chroot environment...

so where is your virus now :)
Slax 7.0.8 (32-bits + PAE)
Version: 3.1
GE/CS/CM/S d+@ s-:- a--- C++++(++) UL+++ P+ L+++ E?() W+++(++) N? o? K- w+
O M-- V- PS+ PE Y? PGP- t+ 5? X++++(+++) R- !tv b+ DI? D- G e- h+ r-- z--
Long time nixers
i run clam-av and rootkit hunter.

i know "kidz" who write cross-platform malware as well as nix specific ones. so they do exist.