Linux - Questions from a newbie

Discussion in 'all things UNIX' started by moontan, Nov 18, 2011.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i thought i'd create an open thread for linux noobs like meself.

    first topic:

    i know linux is supposed to be safer because it's open source and it benefits from 'security by obscuration'.

    my question: is the linux OS/kernel itself more resistant to malware and exploits than a fully patched Windows 7 machine?
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi moontan,

    The question is relative, i.e. what is a fully patched Windows 7?, or trying to compare apples and oranges. The Linux Kernel is constantly evolving, but does have some vulnerabilities. The Linux Kernel has a worldwide contribution of many kernel experts which gets wide review prior to integration with the latest source code tree(s) - development, stable - while M$ does not have as many and is proprietary (closed source).

    Linux Kernel does not benefit from "security by obscuration". It benefits by wide review of transparent source code by the experts. Proprietary (closed) source code is hidden and does not receive the same wide review as Linux Kernel enjoys.

    Windows 7 malware and exploits are designed for Windows 7 and generally speaking do not affect Linux Kernel, and visa versa, i.e. Linux Kernel exploits do not affect Windows 7.

    On the other hand, there are some Linux Kernel vulnerabilities which are distinct to the Linux Kernel. See: search.cert.org and then search for "Linux CERT Advisory".

    Safer is relative - in other words. The safest research OS currently available in Beta form IMHO is Qubes from Invisible Things Lab. For it to be effective, the hardware you will need to have is VT-x and VT-d compatible both for the processor and motherboard such that you can run separate OSes in a virtualized environment with lots of memory.

    By comparison, M$ does have a research OS designed from the ground up with security aforethought, previously internal code named Singularity, but renamed within the last year to Midori? The sad thing is that there is no bridge to M$'s revenue generating applications code, but M$ is thought to be working on this by some, but is unconfirmed.

    -- Tom
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    lotus, why do you think qubes is safest? How does it protect you, from say, giving over you bank account to someone online? How does it protect you from losing your personal data?
    Mrk
     
  4. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Wow, moontan starts a newbie thread and you guy are already into Qubes :ninja:
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    I'm not into qubes ... on the contrary.
    Mrk
     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    by "security by obscurity" i meant that Linux is not targeted as much by malware creators as Windows.

    tnx for the inputs folks.
    i'll have more questions i'm sure.

    i just installed Bodhi to it's own partition and created an image with IFL right after.

    time to go play with my new toy! :)
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, linux does have security through obscurity - it is an obscure OS. Not to be confused with security through obfuscation, which means closed-source (you obfuscate the code.)

    Is the kernel more secure? Well... that's not an easy question to answer. There is no real benchmark for security and we don't really have a Windows kernel source code to compare it to.

    Linux does do a lot to secure the user. It's been supporting things like DEP and ASLR long before Windows got them and it's important to note that this is often the case with Linux.

    Linux is heavily vetted by the community -- people can look at it and say "Hey, this is a legitimate OS doing what it's supposed to and in a secure way."

    You also have lots of eyes on the problem - more users can view the code so more users can check for exploits.

    It also has a lot more policy than Windows. Windows has integrity checks, similar to Linux but Linux has a more complex policy group due to SELinux.

    There's a separation between root and user with multiple levels between. Exploits in Linux often are not able to move between those levels because of the multiple layers of separation.

    I think the general consensus is that Linux is in fact more secure whether from exploits or from malware.
     
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    While were chit chatting about security.....What do you think of Joli OS and whether its secure? Its a cloud OS with the base OS being ubuntu. I hate to sound paranoid but I'm somewhat concerned about doing my online banking on it. I guess all these years of hanging around a security forum and running windows OS has made me paranoid.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Linux is far from being obscure. It is less used on desktops, but it rules the server market. The obscurity has nothing to do with that. The biggest anti-malware feature in Linux is its diversity, which also prevents legitimate software from running. Take Ubuntu code 9.04 and try running it on CentOS 5.7 or openSUSE 12.1 and running it on Linux Mint 8. Good luck with that. Even CentOS 5.6 and 5.7 and you'll have trouble.
    Mrk
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Bodhi recognized all my hardware including the sound.
    i installed Firefox with Flash without a problem.
    i even learned how to turn on the firewall. :)

    i'm gonna try this for a few days but i'm thinking already of removing Windows 7.
    it is that good, methinks! :thumb:

    only thing i need is learning to uninstall programs and learn how to navigate directories and disks.
    and learn a few basic commands for the Terminal.
    ------------------------
    which leads me to this:
    how good is Linux at cleaning up after itself when uninstalling programs?
    does it leave stuff in the registry like Windows sometimes does?
     
    Last edited: Nov 19, 2011
  11. Judge Dee

    Judge Dee Guest

    moontan,
    Linux doesn't have a registry like Windows. Settings for programs have their own configuration file, usually within the /etc directory.
    As far as I know, the OS doesn't manage program settings like Windows does through the registry.
    So if junk is left over after removing a program, it's no big deal.
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx for all the help and infos! :thumb:
     
  13. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    like mrk said linux is more into server market and supercomputer OS and they are made for security but now its growing on desktop as well :D

    this is intersting read old one but good

    http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/

    one more advantage linux had which windows does not of having opensource too many geeks brains work on linux its get more exposure advices quick and fast paches............... that windows dont have



    which indeed windows copy in its new release of windows 8 which it publicy open for alpha testing

    http://www.zdnet.com/blog/open-source/windows-8-distribution-takes-a-page-from-linux/9540

     
  14. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi Ivan,

    Checkout all of the Invisible Things Labs whitepapers here and the posts on Qubes at Playing with Qubes Networking for Fun and Profit and Qubes Beta 2 Released! and the Qubes Wiki which highlights Security Critical Code.

    IMHO (to answer your question above) it is a matter of the isolation between various domains and networks that distinquishes Qubes from other approaches that may be similar but not quite there as Qubes appears to be.

    You might not currently be a fan of Qubes, but you certainly have the resources to install it and play with it while I have not yet upgraded my system with a new motherboard and processor with VT-x and VT-d capabiliities to do that which I hope to accomplish early next year sometime.

    -- Tom
     
    Last edited: Nov 19, 2011
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Ivan? As in Ivan the Terrible?
    Mrk
     
  17. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
  18. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Okay :thumb:
    And here JH recommends a tip on apt-get:
    http://jeffhoogland.blogspot.com/2011/11/howto-use-apt-without-bloat.html
    so moontan should be happy!
    Anyone uses that? Feedback?
    (I'm finding the pics in the link real hard to read :( )
     
    Last edited: Nov 19, 2011
  19. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I clicked on the the first pic and a slideshow started with enlarged pics. Then you can scroll between the four pics.
     
  20. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    This is what happens when I surf with javascript disabled and various other things locked down!
     
  21. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I guess that would help if you had JS enabled, lol. At least I know that java works with some sites here.

    Basically it is showing the amount of space saved by using the no-installs-recommends switch. In AbiWord's example, using the switch used only 37.7Mb where a normal install uses 74.5MB worth of space. A good method if you want to keep your install lean.
     
  22. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Following your tip, I went there with js enabled and could see the "big picture" :thumb:
     
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i totally removed Windows 7 and using Bodhi full time.
    i'll give it a few more days but i doubt i will go back to W7.

    it's just phreaking awesome! :thumb:
     
  24. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    I like the way the mouse pointer moves to where it may be needed. I think there's a term that describes that feature.

    (Focus follows mouse doesn't seem to fit.)
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    IT is very obscure for anything that matters - users. What attacks hit users and what attacks hit servers are very different. User OS's will typically have to worry about their applications having exploits and those applications are going to be things like flash, java, their browser OR they worry about social engineering. Servers have to worry about proprietary software exploits, enterprise software exploits, or server OS exploits.

    Ubuntu or any other OS absolutely has obscurity. I don't know why you think diversity and obscurity are different.
     
Loading...
Thread Status:
Not open for further replies.