One More Stupid Linux Malware Question

[boothruwindow]

I'm aware now that there is more than a consensus that Linux machines are mostly immune to unauthorized remote access, and that there are too many Linux flavors within such a niche community as Linux that it would ever be a desirable target for malware writers. What I've seen so far speaks for itself, except a few nagging questions of how - such as how does my browser process the cookies required for login sites, and still not do what the tracking cookies tell it to?

How, again (sorry, there's two stupid questions), are the Linux flavors really more different in ways which are important enough to discourage malware writers? When I started trying to learn this OS, I first went looking for a comprehensive distro tutorial - since most don't seem to have this, and would refer you to the general tutorial, thereby they give the impression that the differences aren't so wide or complex.

As for the question on elevation of security priveleges, which some have asked, I guess you would have to be logged in already to do that.

I'm trying not to be testy about this - I am confident that you guys who say Linux is safe (which has been just about all of you who really seem to know this system) know why I don't have to worry about the above, but it would help my peace of mind (and help me in talking to others about it) if I understood it all better.

Thanks.

[GNU-Fan]

Hi,

this question is neither trivial nor dumb (if there even is such a question).

Why exactly GNU/Linux doesn't suffer from all that malware, worms etc. as much as the "mainstream" OSes is subject to dispute.

Some say it is due to the more tech-sawy user base, who spends more time with grooming their system than the average Windows guy. Some say it is due to the "niche" effect and some even assert Unicies are more secure by design.
Maybe it is a combination of such factors that accounts for the undeniable fact that we desktop users don't have to lose sleep over things like ConFicker or SkyNet.

Which factor is the most important can't be proofed easily. I think the theory about the "niche" effect has a certain justification because the sector where GNU/Linux is the dominant platform, namely the server market, hacked systems are alot more common. So I strongly challenge the statement that they are "immune to unauthorized remote access". Such an attitude can easily backfire.

But in the desktop case it is largely unheard of security breaches.

[L4Linux]

There are a few differences in design that make Linux more secure than Windows.
1.Windows does not discourage you to run the system as administrator (and a passwordless administrator that is). So if you stumble upon a virus, the virus has full system rights on your system, in simple words the virus can party!
2. In Linux you install 95% of your programs from trusted repositories, using Public keys. This means that those programs are malware-free, unless the repository server gets hacked. In Windows you download programs from all over the web, from suspicious sites that offer malware disguised as useful programs.
3. Linux encourages you to LEARN. A lot of Linux users don't stay newbies for ever, compared to Windows where the majority of users don't want to learn anything at all.
4. 70% of Windows users uses IE. IE is notorious for its security issues. Linux users mostly use Firefox or Opera, which are much more secure.

Add to these reasons that Linux has 2-3% market share, so it is a less attractive target for malware and you get the picture of desktop security. But even when the market share doubles or reaches 10%, Linux design will still remain inherently more secure.

[Jonathan183]

Linux is not immune to unauthorised remote access, if you have remote access features enabled remote access is possible. If you enable these features without setting them up properly then they will represent a weakness.

Access control on a file by file basis including control of whether individual files can be executed is a good security feature, this protects most users from trashing a system - unless they login as root ...

By default having a single system administrator and setting up other users by default so they only have control over their home area - is the way most distros work. Compare this with Windows where by default all users are system administrators .

For Windows you have a single desktop environment, and some key applications like explorer which are shipped as part of the OS and are heavily integrated with the OS.
For Linux there are several desktop environments, and many window managers - different distros use different desktop/window managers. Add to this several applications available for most tasks, and are usually not as heavily integrated as explorer is in Windows. This diversity means that targeting a single application is unlikely to affect all systems. Many servers will run without a GUI at all ... so GUI exploits will have no impact at all on them.

[boothruwindow]

Linux is not immune to unauthorised remote access, if you have remote access features enabled remote access is possible. If you enable these features without setting them up properly then they will represent a weakness.

Access control on a file by file basis including control of whether individual files can be executed is a good security feature, this protects most users from trashing a system - unless they login as root ...

By default having a single system administrator and setting up other users by default so they only have control over their home area - is the way most distros work. Compare this with Windows where by default all users are system administrators .

For Windows you have a single desktop environment, and some key applications like explorer which are shipped as part of the OS and are heavily integrated with the OS.
For Linux there are several desktop environments, and many window managers - different distros use different desktop/window managers. Add to this several applications available for most tasks, and are usually not as heavily integrated as explorer is in Windows. This diversity means that targeting a single application is unlikely to affect all systems. Many servers will run without a GUI at all ... so GUI exploits will have no impact at all on them.

So, it's more than GUI graphics which make the difference between distros and their GUI styles, but the only commands which I've seen differences in are related to installation and a few other exiting features - (Ubiquity for Ubuntu, something else for the DreamLinux installer) - well, are there other differences which really would stop a virus from erasing any hard drive (they all use rm -r, right)?

[boothruwindow]

There are a few differences in design that make Linux more secure than Windows.
1.Windows does not discourage you to run the system as administrator (and a passwordless administrator that is). So if you stumble upon a virus, the virus has full system rights on your system, in simple words the virus can party!
2. In Linux you install 95% of your programs from trusted repositories, using Public keys. This means that those programs are malware-free, unless the repository server gets hacked. In Windows you download programs from all over the web, from suspicious sites that offer malware disguised as useful programs.
3. Linux encourages you to LEARN. A lot of Linux users don't stay newbies for ever, compared to Windows where the majority of users don't want to learn anything at all.
4. 70% of Windows users uses IE. IE is notorious for its security issues. Linux users mostly use Firefox or Opera, which are much more secure.

Add to these reasons that Linux has 2-3% market share, so it is a less attractive target for malware and you get the picture of desktop security. But even when the market share doubles or reaches 10%, Linux design will still remain inherently more secure.

Thanks for your informative reply.

There is the niche theory, the we-are-smarter-users creed, and then the repository sources do help us keep sure that we don't install malware ourselves. I've seen this already, and I guess my main concern is, given that some who really seem to speak from experience are saying not to worry, is the things not covered in the discussion. I have never been infected by a virus from something which I myself launched, but I scanned out malware frequently when running in Vista - everything from viruses to tracking cookies (if there's really a difference). Again, they did not come from programs I installed, but from web sites visited, and the occasional shared music file. This is where I remain concerned - do the no-worry professionals mean that I don't need to clean out my cookies (don't think they make Spybot for Linux)? Smart Vista users regularly run anti-malware programs, under good firewalls, and frequently cull the garbage from their browser files - so, with Linux pros saying I don't need to do at least some of that, I'm trying to understand how to be a smart Linux user (while I'm working my way through command manual pages which may eat two or three Libraries of Congress). Would anything Linux prevent browser cookies from phoning home?

Someday, when I've read the whole manual, I'm sure I'll understand it all, and by gosh, someday I will - if not by the time I'm 79, then maybe when I'm 179!

[GNU-Fan]

Would anything Linux prevent browser cookies from phoning home?

This is why I oppose statements like "Linux is secure/insecure."
What would such a statement mean?

- That the kernel (which version of it?) is free of security related bugs? Experience shows it is not.
- That the base system GNU/Linux (which distribution, what version?) is by itself invincible? Don't think so.

So I think the answer to the above question is: No, Linux does nothing to prevent browsers from sending sensible data to anywhere. Quite the contrary, it even supports them by offering network services in the first place

It boils down to your individual choice of applications. And to your surfing habits, of course. There are closed-source applications whose protocol is even kept secret. If you install and run them, you lose all advantages of a Free operating system. A malicious program behaves as badly on Linux as it does on Windows.

[Jonathan183]

well, are there other differences which really would stop a virus from erasing any hard drive (they all use rm -r, right)?

None root login & user restricted access prevents wipe of entire system by a normal user ... but it could result in wipe of user home area.

Differences in distros and applications help (no one killer app to target), but other features of the OS in my previous post are more important than specific distro differences.

Inorder for the virus to work a user needs to download the file, make it executable and then execute it ... equivalent in Windows - download & execute - no playing around with attributes.

It's easier to target the browser ... running the application as a user gives the application the same rights as the user ... limited in Linux (except when login as root). The same application in Windows usually gives admin access ...

[MikeTbob]

Differences in distros and applications help (no one killer app to target), but other features of the OS in my previous post are more important than specific distro differences.

I agree with you Jonathan except I see Firefox as the one killer app that would be targeted. Thank goodness Firefox is on our side and they catch this kind of stuff rather quickly.

[Jonathan183]

I agree with you Jonathan except I see Firefox as the one killer app that would be targeted. Thank goodness Firefox is on our side and they catch this kind of stuff rather quickly.

Firefox is a cross platform application as well ... it could do with more secure defaults - don't save password or form info and install noscript would be a good start

At least with Linux provided you do general net surfing and more sensitive stuff with different user accounts you have a good chance - and there are other browser options