Security Theory?

[RandomUsr]

Hello all,

I'm new to linux and have been visiting Linux Forums off and on for about 6 months. Something I notice in discussions between lintel and Wintel users is how secure their OS might be. Linux user seem to think that it has much to do with The way the code runs and where it is in memory or the particular file permissions on a System Process. Windows users state that their system is secure as long as they don't install any malware by accident.

I recently started reading MCSE series, and It appears that I can change the way processes run with some limitations, and I can Also permissions on those Processes, and even change who is able to access services. Isn't this also true on linux?


I guess what I am really asking is, "what makes a machine or it's software insecure in some way?"


I know that this is elementary, but I would like to know what the opinions of others are. Any professional or factual information is appreciated.

Thank you in advance for participating

[techieMoe]

Windows users state that their system is secure as long as they don't install any malware by accident.

I submit that it doesn't take much other than loading the wrong web page to get malware installed on a Windows PC. I also submit that Windows users are correct if you qualify their statement. "A Windows system is secure, as long as you keep it offline."

I recently started reading MCSE series, and It appears that I can change the way processes run with some limitations, and I can Also permissions on those Processes, and even change who is able to access services. Isn't this also true on linux?

Of course. Processes can run with various levels of privileges from root down to regular user and everything in between.

I guess what I am really asking is, "what makes a machine or it's software insecure in some way?"

What makes software insecure? Bad code. What makes a machine insecure? Probably a combination of bad code and uninformed users. Is "insecurity" something that's contained to one OS? Nope. Are uninformed users confined to one OS? *sigh* Sadly, that's a negative as well.

[kc8qni]

Its a tough decision whether the insecurities lie more with the programming or the user. I have run programs that would be designated as very insecure, but i haven't had any problems come from that. My friend, on the other hand, has a blogging fetish that turns into a phone call for help. I guess its more or less in the eye of the beholder.

[stubbe]

Hello all,

I'm new to linux and have been visiting Linux Forums off and on for about 6 months. Something I notice in discussions between lintel and Wintel users is how secure their OS might be. Linux user seem to think that it has much to do with The way the code runs and where it is in memory or the particular file permissions on a System Process. Windows users state that their system is secure as long as they don't install any malware by accident.

Here's what I did back then. Installed fresh install of windows, update and surf to trusted websites using IE (yahoo mail), the next thing I know my computer already gets infected.

On the other side I don't think linux beginner know even the basics of securing their Linux and alot of vulnerabilities are wide open on their Linux installation. Why are they still safe compared to beginner windows user?

I use slackware and have totally 0 knowledge about securing my linux network. But I surf alot still no problem so far.

IMHO, on one point windows is prone to virus, malware, etc attacks because all attacks are targeted to windows. Ever heard of Linux malware, spyware or adwares? Being paranoid to attacks even when you're using linux is the best thing you can do to keep secure.

[d38dm8nw81k1ng]

well, the uninformed users is a big one. linux emphasises running with limited privelages, while windows' default setting is to run as admin and most users don't know any better. so running with too many privelages is another thing.
finally, ~90% of computer users run windows, so while the search for security holes is pretty much even (probably a little more intense on the windows side), linux users aren't targeted by malware because there isn't the big target to hit. also, factor in that most users don't run as root, don't click on every link promising porn (i hope) and just follow good computing practice, it's a lot harder to exploit them (most malware is spread by social engineering).

[techieMoe]

linux users aren't targeted by malware because there isn't the big target to hit.

Another contributing factor to the "moving target" is that there is no one defined set of applications and libraries that are guaranteed to exist on all Linux installations, unlike MS Windows. About the only thing that's absolutely common to every Linux distro is the kernel, and even then there are different versions (2.4 versus 2.6) with different vulnerabilities and strengths.

[d38dm8nw81k1ng]

strangely that was on my mind at the beginning, but i forgot to include it. yes it's true. what may be a flaw in one version of an app may not exist in another (possibly even an older one). since people don't all run the same version of an app, this creates more "security through obscurity" (diversifying the small linux usage even more), since there's no point writing malware for an app that only effects <1% of computer users (e.g. gnome). and like you say, every distro is completely different and (in the case of gentoo) every install can be different.

[RandomUsr]

I appreciate all that is being hypothesized here. However, something that I feel is being left out, is the nature of Virii and how they exploit a particular problem or defective Service or appplication. I readhttp://www.linuxdevcenter.com/pub/a/...ecurities.html this evening about a Trojan on 5503 that effectively retrieves information from Fecthmail and PostGre SQL and some other apps and protocols. This port seems to provide hanshake features, as well as admin tools over the network.

On one hand a programmer could retrieve Info about the server (fetchmail) to understand how it works in order to start a full blown attack or to simply steal information.

On the other hand it's open to Buffer overflow attacks:msgchk; http://www.die.net/doc/linux/man/man1/msgchk.1.html That can be used to somehow knock a user, or their server offline.

Now, in some ways, aren't these similar to sasser http://www.symantec.com/security_res...050116-1831-99 which affect the Local Security Authority on Windows, in that the linux virii, affect a service and their known dependencies. Granted, we're talking about two different OS's, and different Service. Fundamentally they seem to share ideas about attacking the nature of a service.

Now, major Kudos to Linux systems, for their levels of security, journaled file system, and the number Meta Paramaters that can be set.

Stubbe, to say that Windows is prone to virii, doesn't say why it's prone to virii and assumes that Linux is almighty. (See Above)

I'm not trying to attack Linux or Windows, rather, looking for perspective as it pertains to the nature of potential threats.

My hope in this post is to maybe get you all talking more about the targets, and how to stay safe rather than become a Statistic. Joe User needs all the help he can get, but how about the Root of the problem. (No Pun Intended)

Finally, I Love linux, and the more I learn about the Features from one distro to the next, the more I want to stay away from Windows. and this is purely A right to chose.

[carlosponti]

Any system is vunerable no matter what if run poorly. if someone is willing to break in or write a virus there will always be a way. All you can do is try to secure your system the best way possible.

1. dont log in as root(administrator) for your normal user.
2. dont install everything you run across on hacker sites.(sites that offer keycode generaters etc.)
3. Dont open attachments on email where the sender is not someone you know.
if you do know who it is be sceptical.about the actual source. maybe even verify that the sender has sent you the attachment.
4. try staying away from websites with excessive pop-ups or block pop-ups alltogether.
5. run a firewall between you and open internet( not doing so is like swimming in shark infested waters without chainmail on)
6. update your computer. updates often include security updates.
7. dont run services you dont need. is there really any need to run apache, postgre sql and mail servers if you are not running them on purpose. same goes with windows. And when you do run them for a specific purpose know enough about those services to secure them properly.
8. make sure you know what processes are running on your PC at all times. i have seen processes people didnt have a clue what it was.

i think there are more but some are exclusive to windows and i thought i should stick to general concepts. typically windows will have more bugs and security holes. for starters on windows dont use IE. use firefox, mozilla, or opera. these browsers are generally updated more often. i know from my own experiences that windows will within a few months have virii random pop-ups and spyware if left unprotected or the surfing habits of the user are less than desired. my rules above are mainly common sense so they shouldnt be hard to understand. Think of it in health terms you wouldnt shake someones hand if you just watched them sneeze into it and wipe thier nose with it.

to answer your question about why windows is prone is due to the fact that there are unsecured undocumented API's, Open ports, Poor TCP/IP stack, etc. i could go on for days about all the issues with windows. the biggest being that hackers and virii hate MS and like to write code to exploit thier software. most virii i have seen for linux you have to be root to get them to run. really i havent seen one yet that you didnt have to be root for it to be damaging. Even the Mac had been advertised as virus free but now is getting virii. there was a study that showed an unpatched windows and an unpatched linux sitting on open interenet could be hacked and controlled remotely. however the windows system was hijacked in 2-3 minutes where it took acouple of days to hijack the unsecured linux. no big system is without problems but you can actively do things that help keep you safe. responsible computing will stop most problems people have.