Linux malware-free?

Discussion in 'other security issues & news' started by xunshirine, Nov 13, 2006.

Thread Status:
Not open for further replies.
  1. xunshirine

    xunshirine Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    5
    Hi. I intend to use xp sp2 as a vmware guest on Ubuntu for security issues. I
    wish to know , is Ubuntu (or Linux distros) malware-free ,in particular trojan-free? Thanks.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Yes, it is malware-free.
    You could download malware if you use a wrong source - therefore just stick with the official linux websites and check the md5 sum of isos and files.
    Mrk
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Not completely. There are rootkits that can exploit the system as well as people who can utilize out of date software to hack your system and do whatever they want with it. Also, fork bombs can be used to crash your computer and people could easiliy write an application to erase your entire drive that could run when you are under root. Also, there are definately some viruses, but they are old and none are currently ITW, but besides that, no malware :p

    Since you use ubuntu, just install downloads from their repositeries or the original software maker's website and ensure the md5 of sha-1 sum is correct. Also, always stay in your user account, never log in as root.

    Alphalutra1
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I think that if a person can stay safe with Windows, it becomes exponentially simpler with Linux. Rootkits needs to be downloaded and run as root, no different than executing a file in Windows. A firewall and no ssh (or a strong password), and you don't need to worry too much.
    Most Linux vulnerabilities are local.
    Mrk
     
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I agree with you here completely

    I don't even really think a firewall is completely necessary, if you don't run any uneeded services(same with windows, but to a greater degree with linux). IPtables really isn't that hard to configure to a working SPI firewall, but you just have to remember to open up ports and such for bittorrent and the like.

    SSH also is amazing security hole free, except for that one around five or six years ago (kudos to the OpenBSD development team). However, by disabling root logins, setting up public key authentication, having a large password, etc. brute force attacks will be rendered useless like you said.

    and you don't need to worry too much.
    Yes they are, which is a very good thing. However, as linux's popularity rises, it will be very interesting how thing's pan out in the future, if it starts to become more targeted. However, in order to attack a pc, one would have to execute a hack to gain root access, then do the damage which is pretty difficult.

    Cheers,

    Alphalutra1
     
  6. xunshirine

    xunshirine Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    5
    Thanks to both of. I have gotten the fundementals. Just wanna add that. You indicated the importance of downloading softwares from repositories of approved ones. I dont think this will happen ,but in the case of installing a software obtained from internet ( not from Linux repositories) how I can make sure that the software is not malware. I haven't searched yet any antimalware solution for Linux, but can I get result with any likelihood on demand antimalware? Is it logical to have an on demand (or maybe on access) antimalware on Linux? Thanks again.
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Since Linux sources are open, you can go through the code and seek out malware code. But that's assuming you trust your compiler.
    Just follow the official sites and consult with people here, and you'll prolly be damn fine.
    Mrk
     
  8. GS2

    GS2 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    42
    Got a box with Ubuntu on it, it is behind a router, and I have firestarter firewall - just a nice GUI :)
    Also have rkhunter, and anti-virus - so I don't spread infections to any Windows users ;)

    O and like has been said use known repositories - just like using Windows really - know your software sources and only use ones you trust :)
     
Loading...
Thread Status:
Not open for further replies.