Using Linux for the wrong reasons

Hi all,

Something refreshing, rebellious, radical, and rather unorthodox for today: an article explaining the wrong (and right) reasons for switching over to Linux from other operating systems, mainly Windows.

http://www.dedoimedo.com/computers/linux-wrong-reasons.html


Enjoy,
Mrk

 

Wrong. Ever heard of drive-by downloads?

 

the older computer in this house used to use an admin account for around 4 years using IE for most of that and no malware issues.
I have recently switched it to a standard user account but it does mean i have to adjust permissions for the folders of legacy games.
overall linux is a better platform. better OOTB hardware support. central updating of system+ programs but i can see your point of the article.
people should use an operating system based on there needs. if windows works fine and your happy with it there isnt any reason to switch.

there is no point in switching operating systems if you have to throw away an application you use alot.

if microsoft had made the standard account a standard user account in windows a standard user account then less people would of been infected. the fact that windows 7 standard account is admin proofs the point microsoft dont really care.

 

No. I use normal browsers. And since I've never seen one, ipso facto, they do not exist. Use Firefox or Opera and drive-bys are something you see in the movies.
Mrk

 

Fun article, thank you!

Running a limited user account is still a hassle in Windows, while so easy on *x systems.
I mount my home partition with noexec for increased security. Although you are right about malware, it has been ages since the last time I was 'infected'.
Cloud computing, with Gmail and Google Docs and even Quicken Online/Mint makes it really comfortable to switch between operating systems and setups.

 

Hi Mrk,

Is your definition of drive-by download the following:

and, if so, why deny their existence? Just because you have yet to experience one does not mean you are immune in the future.

-- Tom

 

1 isnt an example of a driveby download you are allowing a unknown activex or java some control of your computer. that comes under safe hex dont install anything you dont know is safe.

 

Super stuff & a great read

 

Has there been any in-the-wild instances of drive-by-downloads that work under Linux ?

 

You're taking this too seriously ...

Cheers,
Mrk

 

I've seen one... A mistyped URL brought me to a website that I assume was hacked, because it auto-executed a .bin file on me. The .bin file seemed to be some kind of GUI application; it opened in a separate window and immediately crashed, using most of my CPU power and requiring me to kill it. Checking over the system later revealed no harm done, not even anything unusual in my home dir.

I still have no idea what it was, but yeah, there's my experience. I doubt it was designed for Linux - probably a Windows .bin file that was auto-executed with Wine - but it was a drive-by download and it did work (sort of).

However, seeing as the Linux netbook market is growing, I wouldn't be surprised to start seeing drive-by downloads that work under Linux in the following few years - or alternative methods of h4xx0ring Linux machines, like Flash exploits.

 

What can these drive-by downloads do? That was my entire point. With Windows, since you are usually on an admin account, your entire box is pwned. With Linux, this drive-by can't really do anything.

 

Switching your operating system just to avoid drive-by downloads is nothing short of uninformed, paranoid overreaction.

Plenty of very simple ways to avoid it on Windows as well.

 

I did. That's a very good article, IMHO. Certainly worth reading to a lot of people.

There are so many good reasons to switch to Linux (such as, it's free, and you can do practically anything you want with it) that there's really no need to make up illogical, wrong reasons, like the "Windows is riddled with spyware" that you debunked in your article.

As for the whole drive-by download issue... just use a non-IE browser, like Firefox or Opera, keep the browser and its plugins patched, and preferably set the more exploited file types like PDF to "prompt to download" or something like this instead of "open in plugin." That'll do it.

Well, on Linux, the drive-by downloads can:
- delete every single file your user account has write permission to, such as your personal or work documents you may be working on
- instead of deleting, modify, infect, or upload copies of these files to a remote server to steal possibly important data
- use the computer as a spam bot or a DDoS bot to attack other computers, which around where I live can result in your ISP cutting off your connection
- need I go on?

Basically, drive-by downloads on Linux could not infect the entire system (the same is true with limited user accounts in Windows, of course) but could do all sorts of nastiness to the user's personal data (again, same is true for LUA in Windows). And yes, to most people this would be a big deal, especially the computer illiterate sort who aren't very good at making frequent backups.

Actually, it proves Microsoft believes their paying customers care more about backwards compatibility with older software designed to run always with admin rights than they care about security. Microsoft is right about that, by the way, as can be witnessed even in this forum when people (most of whom haven't even seriously tried standard user accounts) whine about how difficult it is to run without admin rights because some DOS-age program doesn't work right without them.

 

Install a keylogger? Just execute a script that puts it somewhere in the home dir and adds it to .bashrc or something. It would be easy to find in for an experienced user, but a lot of netbook users probably aren't that experienced, and in any case by the time it was discovered it could be too late.

Alternatively, some local privilege elevation vulnerability (plenty of those out there) could be taken advantage of to gain root access and install a normal rootkit.

 

it also proves a few things. people still want to use programs that are very old and should be thrown away. it also shows that microsoft had to introduce UAC to force programmers to make programs that work with standard user accounts or have their users complain they get a uac prompt everytime they want to use their software.
programmers should of wrote programs that worked under limited user accounts in the first place.

if your gonna do a job do it well. programs on windows genrally dont uninstall cleanly and until vista most applications didnt work under standard user accounts.

 

I never said it was a reason to switch OS's, though I do think security is a big reason some people do switch to Linux.

How? It can't execute.

Again, the script cannot execute due to the default umask.

 

you're the man Mrk, I like your sense of balance

 

If it can't get code to execute without user interaction, then I don't really see how it's a drive-by download attack - or if one wants to play with the terminology, at least it's not a drive-by install attack. The entire one and only point of those attacks is to execute something nasty without user approval. If nothing is executed, it's not a drive-by download attack in the first place. It does little good to an attacker to be able to just force the victim to download something, if they can't force the victim to execute it. So, if it can't execute code, it's not a drive-by, it's something else. A drive-fail?

The default umask, however, concerns files. It does nothing to prevent exploit shellcode from running - that code will be in memory, it's not in a file that needs execute permission. And the drive-bys are exploits. They require a vulnerability that allows remote code execution in a software that's running on the system in order for the drive-by to be successful - either that, or massively stupid configuration of some software. If there is such a vulnerability that affects a Linux system, for example in Firefox or the Adobe Flash plugin used by Firefox, and the user for example browses a site that tries to exploit the vulnerability, the exploit shellcode will be run, and the default umask won't do anything at all to stop it. From this point on, what can be done depends on the nature of the exploited vulnerability - the bad guy's shellcode is already running.

Nothing's stopping the bad guy from being smart. Instead of using the shellcode for just downloading some file and then trying to blindly execute it (probably a Windows executable that wouldn't work anyway in the case of Linux) which would fail due to the lack of execute permission, the bad guy could use his head, assuming he knows about Linux and wants to target it. The shellcode could first download the nasty file the bad guy wants executed, then use a shell (guess why it's called shellcode...) to chmod ug+rwx that nasty file (which is owned by the non-privileged user running the exploited software, instead of root, so no root password is needed at all) execute permission, and only then execute it, in which case the nasty file would be able to execute, and the account would be infected and nasty things could be done. So, you see, it all depends on who you're trying to attack and what the default configuration on that platform is. Of course, if on your system, chmod always asks for password before allowing you to change the permissions of even files that are owned by you, or if you just simply cannot give any file you own execute permission no matter what you do, you're safe from this trick. But if not...

 

Yes. Drive-fail is a good way to describe it.

Correct. But again, even if a website exploits an unpatched Firefox vulnerability, it wont be able to "install" itself because it cannot access the system files.

The exploit code will only have permissions to access what Firefox can. Personally, I mitigate this threat on my box by running a MAC system (AppArmor) that keeps FF under tight control.

Or if you have /home mounted with the noexec option. I never do this because there are usually some personal scripts I have to run from /home.

There are a couple of ways to mitigate the threat of Firefox being exploited:

1) Noscript
2) A MAC system like AppArmor or SELinux
3) A memory hardening patch like PaX (as well as compiler options like -fstack-protector and FORTIFY_SOURCE).

 

So, in the end, it apparently still boils down to mitigation steps to be taken by the user even when one uses Linux.

 

Well I guess Ubuntu is reasonably secure, seeing as it uses AppArmor by default.

On the other hand, almost nobody uses PaX.

As for NoScript... I think we can all agree that the majority of users will have nothing to do with it, and for good reason. The solution to functionality that may be exploitable is not to break that functionality.

 

I've had Personal AntiVirus (one of the many recent rogue/scareware/fakealert variants) jump up on my system while surfing with Firefox.

 

Anti-viruses can scan web pages (web checker or whatever) and parse the code and look for possible exploits in the code. That does not mean that this code can do anything or potentially break out of the context of the browser sandbox.

Cheers,
Mrk

 

LOL: free range thread here provoked by Mrk !!
@Gullible Jones:

Wow: Care to elaborate there ??