Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i am a secuity engineer for the govt. and trust me the security demands are higher that almost any other but it is easy to satisfy them with clamAV or other open source applications. Plus if you company is already running norton or symantect the both have enterprise AV clients that come with your enterprise license you just have to download it off there site. And it is part of the enterprise license. The linux consultant should be able to assure them that they can take care of the issue. You should not have to fall back on a vendor when there are so many open-source programs. If if they do need a vendor to fall back to then they should not a linux consultant in the first place. companies switch to linux to save money and i dont think they want someone going well switch to linux but you still have to use the same antivirus for 50K a year. if a company had even a slight thought about switching to linux that means that they have done some research on linux and found that AV is good to have on linux but not really as important on linux as it is on windows.
Hi AceofSpades19. I just read this article you linked, and it does raise some good points. Unfortunately, IMHO, it seems to be almost entirely based on the notion that as long as you don't do stuff as root almost nothing bad can happen to you. As I've stated before, you don't need to be root to install malware. Just as you can install software in your home folder, so can you install malware in it. Articles like this seem to make more sense in the server world, where perhaps the admin doesn't really care what happens inside some user's accounts - the integrity of the system (and hence the entire pool of users) is the priority. But when you are the desktop user, having stuff happen at user-level in your home folder can potentially be much more catastrophic than a root-level compromise, for reasons related to the security of the user himself, and his real-world activities (business, personal life, etc). So basically, IMHO, these articles are a double-edged sword when it comes to educating end-users about information security. Once again, using the root account only for admin purposes is great advice, but it is NOT an excuse to be overconfident or feel invulnerable.
win32sux, That is why you always have a backup, or don't store confidential stuff in your home directory, common sense, which if you don't have when you use linux, you are going to break your system many other ways before you get a virus
Last edited by AceofSpades19; 09-24-2007 at 06:26 PM.
BTW, the article's author admits that terrible things can happen if you aren't root.
From the article:
Quote:
To activate these, you must literally decide to run a binary infected with them, e.g., someone mails you a binary file and says "Please run this not-especially-trustworthy binary executable." Doing so would of course be really dumb; the consequence of being dumb in that particular fashion is that some number of Linux executable binaries set to be writable by the user's account would get modified to include a copy of the virus ("infected"). Note that the user is thereby enabled only to shoot at his/her own foot: No regular installed applications could be affected, because those are not writable by regular users: Only binary executables in that specific user's /home/username/bin/ and such could be affected (and seldom do users have any).
The "shoot your own foot" analogy is typical of these type of articles. What I find disturbing is how the author manages to brush this aside so easily, as if the only implication of user-level malware is the infection of binaries. Seriously, the possibilities of what malware can do to you at this point is only limited by the developer's creativity and skill.
Hi all,
For microsoft computers, there are lots of good antivirus and antispyware, trojan, rootkit programs. There are even some good free programs. See link for windows boxes: http://www.techsupportalert.com/best..._utilities.htm
However, for Linux, I have no clue.
What are some good av, malware, spyware, rootkit, trojan programs for Linux?
No need for av, antispyware apps. rkhunter and chkrootkit both work well. You might want to take a look at a couple of the sticky threads in the security forum.
Currently, just for good measure, I have chkrootkit and rkhunter both run by cron atleast once daily on my Linux desktop machine, even though the likelihood that either will ever find anything are minute..
back in the Windows days, my favourite anti-virus, and IMHO among the *best* antivirus makers was Kaspersky Labs. I made use of both their Antivirus Suite, as well as their Anti-Hacker port blocker, and to date can only say very good things about their software. It is in a word, "impressive".
Where's this leading? Well, I one day came across a linux daemon of some sort, somewhere, for download. I don't know it's purpose, but common sense tells me it was/is some sort of 'protection' mechanism that Kaspersky implemented for Linux machines.
I'd be curious to know whether Kaspersky currently offers Linux AV/Anti-hacker software, and what it does, and how well it does it, and without even having seen it or used it, I would recommend it to someone seeking such software, solely based on my lengthy experience with their Windows software. If you happen to look into this, do tell
"Whatcha doing?"
"Keeping the elephants away."
"What the heck are you talking about? There aren't any elephants within 1000 miles of here!"
"I'm doing a pretty good job, dontcha think?"
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.