Arch Linux and anti malware?

Discussion in 'all things UNIX' started by zakazak, Aug 4, 2015.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,894
    Strange! That shouldn't happen - provided that you're using the same filter lists as in ABP. uBlock Origin fully supports them all (plus hosts files).
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,894
    You were asking for help here - but you're not even trying to learn.
    You admitted that your knowledge about Linux is very limited - but you still think that you know more than long-time Linux users and defame them as "fanboys".

    Wow - what an arrogant attitude ...
     
  3. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Yes I admit my knowledge of linux is poor. But I probably got more knowledge about malware and black hat market/products and there for know what kind of malware exists for linux.

    Why do I defame some as linux fanboys? Because they simply dont want to know/understand the truth. Just google " why is linux more secure" and all you will get are links/articles explaining that linux is not superior in terms of security.... Or simple non-tech articles saying linux is secure because in 10 years they havent had malware...wow what a proof :/

    Many aruments of why linux is more secure are either wrong or semi-true. Yes opensource is good. No opensource with such a huge and complex code can actually be very bad too. Etc etc..

    In this thread I asked for security products on linux. I didnt ask about "why linux is more secure" and answers such as "you dont need it on linux" arent what I asked for :)
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    First of all, you've got the wrong idea about modern versions of Windows being insecure in the first place. Yes obscurity matters, but when everything (not just mobile apps) are delivered via a trusted repository, that prevents pretty much all the low-hanging fruits from getting malware via shadier sites.

    If you want to talk advanced exploit stuff: try Firejail; harden the kernel with something like SELinux, Grsecurity, or AppArmor; compile the source code to your own preferences, etc.
     
  5. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Thanks, those linux tools are what I would want to try.

    I am not going away from windows because of security reasons but for privacy reasons.
     
  6. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    IMO this thread should be locked. There are 3 pages proving that it shouldn't go as further as it did, and allowing this nonesense to continue will benefit nobody.
     
  7. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Just an update before mods decide if this thread should be locked:

    I successfully uploaded my passwd file to sendspace, and this is literaly the second website I tried.
    Certainly there IS a way of uploading such file. Good thing this bug was fixed.

    Here's the download to my passwd file: https://www.sendspace.com/file/6xl0x4
     
  8. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    @zakazak, @amarildojr

    [Disclaimer: I'm a Linux admin, not a systems programmer. Don't assume I know what I'm talking about.]

    For practical purposes, desktop Linux is unlikely to be compromised during sane day-to-day use.

    I would not equate that with actually being secure, though. And you still want to employ the standard lines of defense - decent router, iptables software firewall, ad/script blocking, and of course software updates.

    The truth here IMO is more that
    a) Windows suffers from a legacy of serious design flaws, more so even than Linux (which is saying something).
    b) Being primarily a server OS, Linux typically faces a different set of threats than Windows.
    c) Antivirus engines are a very narrowly scoped defense, against a very limited subset of malicious software.

    That last is especially important. On Windows you have this whole huge threat arena composed of various automated malware. Equivalents of most of those do not exist on Linux, due not just to OS differences, but also differences in their histories. A desktop antivirus on Linux isn't pointless because Linux is "secure", it's pointless because it doesn't have anything to look for.

    Almost all the malware threats are targeted at Windows. The ones that are targeted at Linux are mostly for servers - and the more serious ones might well be undetectable by an AV once installed. The few that are targeted at desktop Linux can mostly be blocked by better means.

    Now, another disclaimer: as I've probably said before, I'm really not a fan of on-access AV engines. The AV industry has built this huge thing about thow they're a first line of defense. They are not. They are your fallback. Your first lines of defense are your OS and your applications. AVs are only needed IMO because OSes and applications are full of bugs, and only work because malware is also full of bugs.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
  10. wshrugged

    wshrugged Registered Member

    Joined:
    Jun 12, 2009
    Posts:
    255
    For what it's worth from a linux newb -- I've found this thread helpful. I don't even know what I don't know about linux at this point. I do know, from my reading at Wilders over the years, that many of the thread's posters are worth learning from. Nothing against those that are new to me. =)

    Thanks everyone.
     
  11. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Correct.

    Could you specify what design flaw Linux has in place? I would really appreciate, because I'm mounting a server to host a forum and I'm really newbie to the server-side of Linux.

    And nobody should be surfing the web looking for programs to install on Linux anyway ;) An antivirus on Linux won't protect people from being naive and stupid. Good security meausres will.

    Because Linux is secure? :p Pardon me but I see a redundancy in your argument. If it doesn't have anything to look for, that logically means Linux is "secure" from such threats (in 99.99999999999999999% of cases).

    Exactly. Having an AV or Anti-malware product on Linux is pointless for the security of that system.

    One case where an admin might consider installing such product is to protect others, to avoid that his server passes out malware, such as when he admins a Mail server or etc.

    On Windows they might be, though. Most users know nothing about security so they rely on such products as their first line of defense. If the user REALLY knows how to secure their system then these "seucirty companies" (like Sophos, Kaspersky, Avast, Comodo, and all others) wouldn't have a business at all, even with all the design flaws of Windows.
     
  12. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    On the desktop, the most obvious is the entire X11 graphical server, which has quite a history of vulnerabilities (including design vulnerabilities in the X11 protocol, which are more or less unfixable AFAIK). Also until recently it had to run as root in order to set screen resolution. (That was the big deal with kernel modesetting graphics drivers, they ameliorate that issue.)

    Until you need software that isn't in the repos...

    Also I'd hesitate to blame compromises on user naivety and stupidity. The Windows ecosystem teaches people that programs are downloaded and installed from random unencrypted websites, why would they even think things were different on Linux?

    Difference between theoretical and practical security; i.e. "good engineering" vs. "nobody is interested in attacking my OS." Doesn't really matter, until people suddenly become interested in attacking your OS. (See also: OSX security.)

    IMO they're not "first line" even against social engineering, now that all major browsers come with domain blacklists.

    And knowledge won't protect you from everything...

    e.g.

    A typical attack path on Windows might be something like

    Flash plugin exploit => shellcode to download and execute payload => executable payload => kernel or service exploit to gain SYSTEM => write to MBR to get persistence

    The Flash exploit could easily be served up from a "trusted" site like Youtube. That's happened before.

    The shellcode might be detected by an AV filtering proxy. That requires MITM against HTTPS connections, with all the Superfish-like implications thereof if it's done wrong.

    The executable payload is where the AV would usually kick in. If you're unlucky, the main payload will run and install a rootkit.

    In this case, first line of defense is the Flash plugin, and any native OS features that can block the exploit. The AV is second. Or third, depending on where you count UAC.
     
  13. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    Windows has what, 15x the user base of linux? how many malware authors want to waste their time on 5% mktshare? plus the linux users are prob more knowledgeable about computers and security as well. kind of a lose lose to target them.
     
  14. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    My understanding is that malware targeting Linux servers is really targeting windows users that connect to those servers and that the heavy linux security artillery - Linux Security Modules (SELinux, AppArmor, Tomoyo), GRsec/Pax etc are for server security.

    That became my understanding after listening to a podcast on the 'Naked Security' blog which is related to Sophos.

    https://nakedsecurity.sophos.com/2015/07/28/malware-on-linux-when-penguins-attack/
     
  15. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    /etc/passwd should upload fine because the normal user has read permission to it. I was talking about the shadow file.
     
  16. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Which if you know where to look you won't need an AV anyway :) There are plenty of software that isn't on Arch's repos and yet I can just compile it from source or install it from the AUR (after reading the PKGBUILDS).

    What I meant with my other post is that people shouldn't be looking in the web "by default", because most Linux distros have a ton of software to chose from and they are safe to use.

    Because most don't know how to install stuff. They know Linux is "different" and they might google "how to install package foo in Debian" and get the response "apt install foo". Then they realize "what is apt? why am I doing this from a command line?". Then the response "you see, your system has repositories of software, bla bla bla". At least that happened to me with my first computer, back in 2005, when it came with a Linux distro.

    Obviously some people will fall for things like "just download this .deb package and run it as root" :p At least I would've fallen for that hehehehe. But it would be a good thing, it would teach me to do research and to learn more about my system, and I'm sure I'd be happy to know I don't need to surf the web for software, at least in almost all cases.

    But Linux itself *IS* target for attack. Why attack Joe's computer when you could attack Facebook's or Google's servers and make millions out of it?

    Which don't always work. Even Chrome's Sandbox can by bypassed.

    And even if they did, one can't really know if the boss' e-Mail with tomorrow's paperwork contains a virus. And since many don't know about virtualization they either completely trust their bosses or get fired :p (just an example, of course).

    But my point is that on Windows such products are usually the 1st line of defense because of user ignorance.

    I think you're missing a whole bunch of considerations.

    Most people don't care/know about Flash's security wholes, they just care about their favorite sites working and will mostly get mad when you even start talking with them about these kinds of stuff.

    When talking about "regular user" we MUST consider them comprised 99.999% of grandpa, auntie, etc, not "us" kind of user. From the dozens of hundreds of people I helped until now I know that they (regular people) don't know and don't care about Flash, or UAC. They find updating "boring and time consuming", they get really pissed of about Windows updates or any other type of update. Most just want their stuff done, not caring about their privacy or security, and would rather not have any UAC warning at all, even if that posed a security risk to their systems.

    And I disagree with you saying that knowledge doesn't protect you from everything. Even if the end-user doesn't know, he/she might have someone with great knowledge that is managing their system.... or even if they know the basic if something REALLY goes bad: just unplug your PC off the wall and throw your smart devices under salty water :p Done. Protected from any kind of virus, by the power of knowledge! hehehehe
     
  17. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Oops, made a mistake again. Damn it!

    Well, the good news is that I couldn't upload the file :p
     
  18. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    :thumb:

    Adding a bit to to the discussion here, I would consider installing a closed-source anti-virus a security risk, not to mention the more serious privacy risks.:isay:
     
  19. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    Yup. Anything closed-source should not be trusted at all. History tells us that.
     
  20. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Well said

    I cant argue on that because of my little Linux knowledge. But from what I read Linux seems to have massive design flaws e.g. due to 7800000 People trying to code one thing without being organized ? Windows has even more flaws? Maybe yes.. I don't know :)

    Simply AV, yes.. but AV was in 1991.. now we have BB (Behaviour blockers), HIPS, Auto-Sandbox, etc etc.

    And that exactly is my point, there maybe isn't much malware for Linux, but there is. And one day someone might decide to create some powerfull malware (hai government?). But we won't be protected, we won't be able to dedect it on Linux, because no security firm or product is available for us. Unlike Windows which has great security products, making it harder to even get malware through and after that it gets dedected very fast.

    Correct, but the previous 1-2 years have shown that most first-line-defenses are broken and exploits are able to pass them. The second-line-defense would be hips,bb and fw (being the most bulletproof security atm)... and then you have AV as third-line-defense (which isn't the most effective one).
     
  21. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    @zakazak - Have you actually installed Arch yet or is this whole thread based on a hypothetical?
     
  22. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    @zakazak: I like how you assume Linux is all chaotic and disorganized. Makes me wonder if you're trolling, honestly.

    Re first line defenses being broken: not so much as you think. Coding practices have changed a lot, there's a reason most exploits now are in plugins rather than browsers themselves for instance.

    Re HIPS, this is also known as mandatory access control. The UNIX world has had it since the 1980s or so. The most common Linux implementation would be AppArmor. Most distros make very limited use of it by default, but I've seen it used in production server environments.

    BTW, if you're wondering "How do I detect a local compromise?" the answer is... you don't. AVs can only do that (again) by dint of malware being badly engineered, mass market rubbish. Once an OS is compromised, you can't trust it to tell you so; you need a separate OS session on a separate machine to tell you.

    On the server side, there's a whole infrastructure of stuff just to detect intrusions - IDS software, proxy servers, log servers, log analysis software and dedicated machines or VMs therefore, etc.

    In a home environment, you want to at least make sure your router is logging stuff.
     
  23. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,101
    Location:
    Brasil
    He probably didn't even install it yet. He doesn't have a small clue about how Linux works yet he makes ridiculous claims he can NEVER backup, not to mention a lot of wrong assumptions.

    I could go on and on and on and refute every single "argument" he throws, but history taught me that this kind of effort is useless with him on the game.
     
  24. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    idk where you guys go on the internet that you getting all this malware. shouldn't you just use live CD or something?
    sound like you're preparing for the wild west
     
  25. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,043
    Why ask a question, then refuse answers given to you? I feel very secure on my Windows machine, let alone a Linux system. It mostly boils down to
    I agree. I have yet come across a site where a drive by infected my computer. I know there are occasional in the wild exploits, but I've yet to find one.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.