Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have received several messages saying i have spyware on my system and i am using linux RH9. These are not the same kinds of scare tactic messages you get to buy software while surfing the web. I thought there was no spyware for Linux??? I dont trust linux it being open source and I have already had my system hacked once and had to format and reinstall RH9. How do i get rid of spyware in linux???
How are you receiving these messages? Thru a browser or another app? I've never heard of spyware within Linux and to tell you the truth, opensource is your friend as it allows you to see the code being used. That makes it easier actually to find out if there is some kind of security threat, etc in the apps your using. It would be very hard for someone creating apps under the GPL to make backdoor's, spyware, etc.
hmm spyware in linux would only be able to spy on the user that had it installed, plus I do not think there is any, but if there were it would be on redhat
if you are hacked that much you need to work on security, and redhat default will not cut it
if you are hacked to where you need to reformat than you are eather using chmod 777 / -R (Stupid) or running everything as root (almost as stupid)
if you want security without effort (worthless) go with debian or slack.
open source may allow a hacker to find a vulnerability faster true, but it also alows for anyone to fix that vulnerability and very fast.
all in all if things are correct you would not have this problem. as for spyware popup sounds like it is eather in web browser (use mozilla and enable popup protection) or using root user for everything + other stupidity allowed a hacker to mess with you.
however do not get me wrong, I am not calling you stupid, I am calling the above actiosn you may or may not have done stupid, you have 786 posts (at time of reading) and that counts for a lot.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
When you post a question, please be specific. The above question is so open-ended and vague it's impossible to tell what the issue might be (or if there's even a legitimate issue). Please post a copy of the error/warning message you're receiving along with any supporting log entries. Make a clear-cut case for why you think there's spyware on your system and describe how/what it's effecting. Remember: Be specific.
Originally posted by exodist
hmm spyware in linux would only be able to spy on the user that had it installed, plus I do not think there is any, but if there were it would be on redhat
I doubt that redhat is anymore vulnerable to spyware than most distros. In fact, most of them are going to include the same versions of Mozilla and other applications.
Very few distros are going to be secure with a default setup and most of those will be security-centric hardened distros. Personally, I didn't find the default slackware setup to be much better. The key to security isn't really which distro you use, it's how much effort you're going to put into learning about it and applying it.
Originally posted by BajaNick I dont trust linux it being open source
care to explain that? i dont trust proprietary software because i dont have the source and i have no idea what the program is actually doing. i trust open source because the source is out in the public and if there is anything fishy i would have heard of it.
Capt_Caveman
my point is that redhat being lead linux distro do to undue popularity would make it the prime linux target, just as it is prime for companies supporting linxu and just as the popularity of windows makes it a target for viruses (though evn if people did target linux for viruses they would nto get very far) so if someone was goign to make spyware chances are they would do it for/on redhat. and as for default security I do think slacks os stronger than redhats, but not much stronger.
No i dont run as root all the time actually never, I always just su - and do what i need then end priveledges and no I dont chmod 777, I dont even know what that does. LOL.
True that closed source is secretive and noone knows whats going on but i feel open source is just an invitation to crackers as they can see everything thats going on and that gives them and advantage.
I received a a popup. It showed my IP address, my physical location (Los Angeles) and it also showed me my ISP name and the time and date of my current connection and it was not like any other popup i have received before, It didnt seem to want to sell me anything like the usual ones it was just there with no other information, it was kind of freaky.
that stuff is easy to get when you request data froma w eb site, if you have ever been on irc and seen what it shows as well as your ip, it is easy to then place it in a popup, you have no spyware it is harrasment to get you to buy something.
so if someone was goign to make spyware chances are they would do it for/on redhat.
Rise of spyware, in the original Windows sense of the word, was AFAIK caused by changes in how some companies thought they could increase revenue. I'm not saying it's impossible to *run* that type of spyware on Linux, but because of the difference in business models, companies that milk Linux cannot benefit from shipping spyware, and because of cultural differences, Linux users will nuke the company that tries it.
An OT remark for exodist
As for your opinionating "redhat being lead linux distro do to undue popularity would make it the prime linux target" and "slacks os stronger than redhats" I am asking you, as moderator, to please leave those out.
Favouring one distro over another should always be backed up with facts, the rest is useless and irritating. Flamewars and trolls belong in /General.
The Linux - Security forum needs facts, not opinions.
I am sorry, I did not intend it that way unSpawn, usually I make note of such things being my opionion or experiance, this time I was not paying attention, I will remember next time.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
So as expected, this was a particularly devious ad, not spyware. Almost by definition spyware will not announce it's presence (it's spying, after all!).
As for distro wars I don't really think of anyone one distro as "better" than another, but there are certainly some categories where some distros might be more focused than others. I do tend to agree that Red Hat will be a specific target for all the types of attacks we've seen on Windows (spyware, trojans, remote exploits, etc). This is due to the fact that people who go to the trouble of writing automated tools will want them to work against as many machines as possible. Red Hat is by far and away the most popular Linux distro used in corporate America, and many home users at least start with Red Hat because to a large degree the "branding" has worked and new users equate Linux == Red Hat (it's only later when they get involved in the community that they realize their options).
I started on Red Hat myself back with 5.2 because it was the only one I could find in stores and I had no idea that I could download and burn to CD (the sad thing was I had one of the fatest broadband connetions available at the time, and a CD burner). Now I buy Linux or BSD when I'm impressed with the work and want to support the developers.
Any way I'm getting off track. The point is that Windows is a massive target right now because in one flavor or another, it runs on about 95% of computers out there. Yes the security model is a lot different in Windows and it makes things easier, but really it's about the wealth of targets. There have been Linux worms already, it's just that they didn't make much progress because Linux wasn't being used nearly as widely.
Chort, I have seen the argument before, it is true that A reason linux has less worms and viruses is because the attackers want more targets, but linux really hasn't been tested aganst a majior virus flood like windows has, I personaly believe that the layout of a linux system would protect it and prevent the kind of mass-failure and mass-hysteria like a few eeeks ago n windows.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
You won't have as many mass-worms perpetuated by users (and I say "as many" because there are always undiscovered buffer overflows that can lead to privilage escalation), but think about how many Internet services run as root. Sendmail is infamous for this and it's certainly not the only one. I'll again cite the Morris Worm and remind everyone that it was the most successful worm of all times in terms of percentage of Internet-attached hosts that were infected. The Morris Worm affected UNIX and BSD systems via Sendmail and fingerd. In many implementations named runs as root, generally POP/IMAP daemons run as root, and a lot of times ntpd runs as root.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.