Linux = Windows anti-virus? Not!

Re: Linux = Windows anolti-virus? Not!

Depends on the distro. The most popular ones sure do, if you install it with their installer.
I've experimented with many distros on my virtual machines, but never really mastered any of them. CLI is still my weak point..

 

Re: Linux = Windows anolti-virus? Not!

All Linux distros to my knowledge run sudo. Thats the very basic nature of UNIX.

 

Re: Linux = Windows anolti-virus? Not!

Puppy Linux (not sure about Lucid Puppy) run as root by default. Same with Solaris (based on Unix).

 

Re: Linux = Windows anolti-virus? Not!

The majority of distros use su rather than sudo. But yeah, most Linux distros run limited by default. I was just wondering if there was any SRP-type whitelisting to go along with the LUA.

 

Re: Linux = Windows anolti-virus? Not!

Thought so, but wasn't sure how I got that in my head.

Also, I'm sure Absolute Linux 13.1.0 (based on Slackware) only installs with a root account as well as Solaris. You have to manually create limited accounts. Installed it because I want to try out something different, this time Slackware and IceWM.

 

Slackware itself does default to root account IIRC, but starts with the CLI only. Also some apps on it will insult you if you run them as root, as I discovered when I first used Slack.

 

Re: Linux = Windows anolti-virus? Not!

Well, not directly, no. But one thing *nix does do is it marks all non-archive files (i.e. all files that are not compressed) non-executable by default. This means the user has to manually mark them executable before he executes them. However, he still has the ability to execute them if he so chooses (unlike SRP/AppLocker where he doesn't). However, the same SRP effects can be achieved on Linux in a few ways:

1) Using chroot, which can sandbox a user or an app.

2) Use a MAC system like AppArmor or SELinux to sandbox the user.

SELinux is actually more powerful than AppLocker/SRP because it's so fine grained. SELinux can do something called MLS which is typically used by governments for the UNCLASSIFIED, SECRET, TOP SECRET paradigm (security clearances, basically). This allows the ability to control what some users can access and what others can't. Such a system could also be used to keep certain users from accessing certain software (which would be like SRP except much more difficult to circumvent).

 

Re: Linux = Windows anolti-virus? Not!

Let me see if I understand this correctly.

Linux typically defaults to a user account, in which you must elevate to root to do things an admin only can do, such as install programs drivers etc that are not contained within "userland".

Linux by default does not allow execution on a great many items in a great many places.

To be able to execute, you must modify item or location to allow execution.

And this is all without any prompts? So, in the case of M$, you get UAC to tell you "you want to run this? it requires admin, is that OK?", but in linux, perhaps somthing like "you can't do this".

I have been tinkering with some different flavors lately. I really like lubuntu for a simple boot CD to copy/replace files. Everything on it seems to work fine, of course all of the rights are completed in the distro already.

It sure sounds like, the more I glean from you who use it a lot, that the only reason linux is any more "secure" than M$ products (of course, depending on which one ) is that you are a user and can't really execute, out of the box, except what is already in the distro or what you happen to install by means of a repo or manually. Just downloading a file and attempting to execute it requires steps taken to do, whereas in M$, you are free to execute, even as a user, but might need elevation to use the started process.

If this is true, don't you ever tire of having to set the rights on objects/containers? Or do you just not really have the need that often to do such things? It sounds like, the way I use a computer, linux would be worse even than UAC in terms of having to go out of my way to just "do" something like execute an executable. Or am I completely missing it?

Sul.

 

Re: Linux = Windows anolti-virus? Not!

Imo, the reason linux is more secure than Windows is more a matter of the security solutions available to you than anything else. Sure, its small desktop marketshare helps remove incentive for malware authors, and open source software should, in theory, have less bugs and thus less vulnerabilities given the ability of anyone to review the code. Nevertheless, zero days are still an issue. However, Linux is advantageous, in particular over 64 bit windows, in the MAC implementations available. SELinux or AppArmor both provide protection from zero-day vulnerabilities in an elegant and very deep seated, and thus secure, way. Compare this with Windows, where you have AppLocker/SRP, UIPI and Integrity Levels, which must be crudely combined in order to offer any resemblance to the elegance of AppArmor and SELinux. AppLocker is strong; UIPI is, according to MIcrosoft, not an absolute security boundary. Integrity Levels are poorly implemented. Windows thus provides about 1/3 the necessary MAC, imo, although AppLocker, currently, seems to be a foolproof solution against in the wild malware.

I recall having to set the executable bit on .exes I download to run in WINE. Thats all, for me and its really not a big deal. Right click, properties, permissions, check the box, close. The variety of software available in repos is quite impressive.

 

As a windows user and Linux "Baby" I need to get back to the basics that were referred to but never really answered.

I just installed Ubuntu Lucid and despite claims that all software required is automatically included in the vast repositories, this is not the case.
I wanted to have my preferred browser (Opera) and had to get it from the original site. While in this case I don't have a problem trusting the vendor, this is obviously not always the case.
I then wanted to play a youtube video / tutorial about ubuntu and what is missing, Adobe flash. I have the option of either allowing the installation from youtube or via the repository . I can find Adobe Flash 10 and some other Adobe plug-ins. The main Adobe flash comes with a note that it is an external program and updates are not provided. Again, I need to trust the vendor and make an "informed " decision (in fact two as I could accept the download from youtube).

I am sure this type of experience will go on and while I will focus on getting "official software from the repositories" , once I have to go outside this safe haven, I feel less secure in me making the right decision than in Windows. There at least I can use virustotal and my hips to keep some control whereas now I need to rely more on what some site writes.

I read in the ubuntu manual about ppa that can be added - e.g. I installed KeepassX as it works with my Keepass (Windows) via repository. The site also allowed to add this ppa to my repository. I don't understand why it is not in there already given the fact that the program is in there.
However the following sentence really turns me off:

Unsupported and untrusted are not keywords I like to see.

 

The warning on PPA is self explanatory, unless you are sure that the source is the developer, just don't add the PPA, Ubuntu like Fedora follows FOSS guidelines in not including non free stuff like Opera and flash but you can add medibuntu repos and install flash, Opera is slated to be added later, tell me where in Windows can you find all that what you see in ubuntu software center listed? The warning that you see with the PPA should also come and apply for all 3rd party Windows programs as well.

If you can't dig yourself out of the HIPS and Anti Virus mentality, really Linux and Ubuntu is just not for you, you are better off with Windows. There are distros like MINT who don't have to follow strict FOSS rules and include everything in it.

 

Well, that's not really helpful, is it? I am trying to learn how things are being handled in Linux. In fact my point was that in some ways things are the same with respect to downloads not being safe either side of the divide. My point though is that in Windows I know where the traps are, in Linux I don't - that is why I am asking here.

 

there is no harm to add digitally singed repo and as well from source direct i prefer downloading it from source sometime from repo

like for example if fedora there is repo which add tool call autoten or easylife they do it every thing from flash to opera to skype.....etc

but i rather like to install it from source and love to use yumex instead which will do 98 % of my work 2% i enjoy the most ie trouble shooting something like skype why its not working

in mint linux i midi ubuntu defaut installed so why would a vendor install something which if not secure secondly they are digitally singed you get opera....etc from there so no problem

at end both are same its depend on user choice which way he wants to do it that what linux is all about freedom

 

You are not opening your mind here, first thing thats needed is change of mindset, your approach has the same paranoia of a typical Windows user. There is no know trap yet on Linux and none that has caused any havoc yet on Linux installations. The last time they did pwn2own, they took a older Ubuntu against Mac and Vista and in three days, Mac and Vista got hacked but Ubuntu remained solid, now what does that tell you. Of course in the end, its the user, now if you willingly add software from questionable sources, then you are playing with fire. However the damage done by that fire is far less than in case of Windows. You are adding ppa and yet you are questioning the practice. May I ask why the need to add ppa unless its from developer themselves, I add Pidgin, Ubuntu X, Transmission ppa to my install, I know for fact that they would never get infected or have malware so yes, sources are important here. You also indicated that there is not enough software in Ubuntu repository, have you seriously gone through the software center after enabling Medibuntu? In that case you wouldn't really make this statement.