Damn Vulnerable Linux — Most Vulnerable Linux Ever

← Back to Stories (view on slashdot.org)

Damn Vulnerable Linux — Most Vulnerable Linux Ever

Posted by timothy on Saturday July 17, 2010 @11:11AM from the in-context-it's-barely-vulgar dept.

An anonymous reader writes "Usually, when installing a new operating system, the hope is that it's as up-to-date as possible. After installation there's bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different; it's shipped in as vulnerable a state as possible. As the DVL website explains: 'Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop – it's a learning tool for security students.'"

27 of 227 comments (clear)

Wait, so I shouldn't have used that at work? by Anonymous Coward · 2010-07-17 11:12 · Score: 5, Funny

Don't tell my boss.
1. Re:Wait, so I shouldn't have used that at work? by binarylarry · 2010-07-17 11:41 · Score: 5, Funny
  
  Don't worry, it's still safer than the Windows servers you run.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
2. Re:Wait, so I shouldn't have used that at work? by Darkness404 · 2010-07-17 14:44 · Score: 4, Funny
  
  I know! I've been wanting to get these free kitten screensavers and family guy cursors and they aren't working! And I can't get sexyladies4324aefe.exe to run either! Man, Linux doesn't run anything good...
  
  --
  Taxation is legalized theft, no more, no less.
3. Re:Wait, so I shouldn't have used that at work? by ae1294 · 2010-07-17 14:48 · Score: 4, Funny
  
  Such as?
  The ability to run the Malware he writes for fun and profit. Ok... mostly profit...
Or by Voulnet · 2010-07-17 11:13 · Score: 4, Funny

Or use a fresh install of XP.
1. Re:Or by Luckyo · 2010-07-17 12:07 · Score: 4, Funny
  
  Ebola or AIDS. Choices!
2. Re:Or by Co0Ps · 2010-07-17 12:07 · Score: 4, Interesting
  
  Seriously, I once attempted to see how long it would take to get a fresh install of XP hijacked on a virtual box. After about one hour of bad IE6 surfing on suspicious sites (would you like to download and run this? yes please) I had one or two pieces of malware installed that had taken over the computer completely, filling the screen with popups and disabling all kinds of system configuration tools.
3. Re:Or by maxwell+demon · 2010-07-17 12:21 · Score: 4, Insightful
  
  To be fair, if you download run random stuff from the web, your Linux computer isn't too secure either.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
4. Re:Or by tuxgeek · 2010-07-17 13:41 · Score: 4, Insightful
  
  To be fair..
  most malware available for download on the web is designed to be run on windows
  It doesn't do anything much less run in linux
  Windows is such an easy target for exploit and success, it's everywhere and run by every bone-head idiot on the planet
  Linux on the other hand is most used by advanced individuals and can be very difficult to exploit making it a waste of time for the black hats, it can be done, but rarely successful
  
  --
  "Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
5. Re:Or by Culture20 · 2010-07-17 14:30 · Score: 5, Informative
  
  That's nothing. During the Blaster days, I stood by and let someone attach their computer to the network for updates after a clean install. It was an object lesson: Before she could navigate to windows update, it started rebooting again. Always update security patches from a known-safe medium.
6. Re:Or by bigstrat2003 · 2010-07-17 14:53 · Score: 4, Insightful
  
  That's not the point. The point is that even if OS security were perfect, there would still be machines which were completely fucked. No amount of OS security will stop the user from wanting free kitten screen savers.
  This doesn't excuse vulnerabilities that do exist in operating systems, but since Co0Ps specifically mentioned that he/she was actively agreeing to download certain pieces of malware, it bears mentioning.
  
  --
  "16MB (fuck off, MiB fascists)" - The Mighty Buzzard
7. Re:Or by rsborg · 2010-07-17 18:35 · Score: 4, Insightful
  
  That's not the point. The point is that even if OS security were perfect, there would still be machines which were completely fucked. No amount of OS security will stop the user from wanting free kitten screen savers.
  You know, I'm going to get flamed to hell and back for this, but if you download (ie, buy a free app of) free kitten screensavers in iOS, you will likely have no security impact to your device... some (lots of) folks just can't be trusted outside walled gardens, and that's why Apple is doing so well.
  
  --
  Make sure everyone's vote counts: Verified Voting
Big deal by Anonymous Coward · 2010-07-17 11:13 · Score: 4, Funny

So it's like Fedora then.
1. Re:Big deal by magsol · 2010-07-17 11:30 · Score: 5, Insightful
  
  Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?
  
  --
  "I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
2. Re:Big deal by basscomm · 2010-07-17 11:39 · Score: 5, Funny
  
  Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?
  You must be new here.
  
  --
  http://crummysocks.com
3. Re:Big deal by keatonguy · 2010-07-17 12:21 · Score: 5, Insightful
  
  Don't be obtuse, he raises a good point. Linux is not infallible and shouldn't be treated as such even in light of it's advantages and the personal support we all have for it. Criticism breeds improvement. Keep that in mind, mods.
  
  --
  If you aren't angry, you aren't paying attention.
4. Re:Big deal by LynnwoodRooster · 2010-07-17 13:55 · Score: 4, Funny
  
  Exactly. Everyone knows the only OS that gets to claim invulnerability is OSX...
  
  --
  Browsing at +1 - no ACs, I ignore their posts. So refreshing!
5. Re:Big deal by causality · 2010-07-17 14:39 · Score: 4, Insightful
  
  Don't be obtuse, he raises a good point. Linux is not infallible and shouldn't be treated as such even
  Did it occur to you that the more experienced/advanced/technical users who tend to gravitate towards Linux are very much aware of this, that they administer their systems accordingly, and that this is in fact a big reason why successful malware "in the wild" is all but unheard-of on this platform? Compare to "buy the next version of Windows, it's easier and more secure than ever!" that carries the strong implication of "oh, security is someone else's problem". Not noticing or appreciating that difference would also be obtuse.
  
  What I am getting at is that there are both technical and cultural differences between the two platforms.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
6. Re:Big deal by CAIMLAS · 2010-07-17 17:15 · Score: 4, Insightful
  
  Criticism, even if inaccurate?
  You can still run a multiple-year-old and barely-updated Linux distro on a public network and not fear being exploited. Sure, it can happen, but I'll be honest in saying the only times I've seen a Linux machine exploited was when it was horribly out of date (2.0 kernel in the early 2.6 kernel days) and was running samba... on a public network. That said, the exploit employed was over 6 months old at the time when the machine got exploited.
  Unless you're running a PHP based CMS or the like, it's pretty uncommon for a Linux machine to get exploited. PHP = bad.
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
7. Re:Big deal by Tablizer · 2010-07-17 18:56 · Score: 5, Funny
  
  Exactly. Everyone knows the only OS that gets to claim invulnerability is OSX...
  Only if you hold it right.
  
  --
  Table-ized A.I.
Great Learning Tool by bytethese · 2010-07-17 11:22 · Score: 4, Informative

We used it in my Forensic Computing masters program in some classes, definitely useful in our Network Security and Architecture of Secure Operating Systems classes to show what can happen with buffer overflows, gaining root access, etc.
Security study DVL by GNUALMAFUERTE · 2010-07-17 11:25 · Score: 5, Funny

A notable team of security researches are suggesting windows users migrate to a platform known as DVL. "DVL is a mess. It is vulnerable to a variety of attacks, but it is still more secure than the average windows install". Another researched pointed "Windows users must migrate to DVL immediately, in order to protect their computers".
While several independent research groups are considering DVL as a valuable alternative to windows, Microsoft didn't stay behind, and promised to use DVL as the base of Windows 8, the upcoming version of windows. A spokesperson for Microsoft notified that microsoft decided to use DVL after thoroughly analyzing it, "It provides a great building block for the next release of our greatest product, DVL certainly fits like a glove within our strict security and QA policies".
Windows 8: DVL Edition, the most secure windows version ever released, is scheduled to hit the shelves next summer.

--
WTF am I doing replying to an AC at 5 A.M on a Friday night?
How long ? by Pelekophori · 2010-07-17 11:28 · Score: 5, Funny

till Microsoft uses it in get the facts comparisons?

--
The best ideas are common property
what about a weird-arch linux? by keeboo · 2010-07-17 11:38 · Score: 4, Interesting

Something philosophically similar which could be created is some sort of "weird arch" Linux for code debugging purpuses.
Like something with 16bit chars and ints, non-0 NULLs... Perhaps running under an emulated invented weird architecture with strange byte order (non-LSB/MSB) and weird alignment issues.
I wonder how many software would break.
1. Re:what about a weird-arch linux? by sconeu · 2010-07-17 11:50 · Score: 4, Interesting
  
  architecture with strange byte order (non-LSB/MSB)
  You mean like the PDP-11?
  0x11223344 was stored in memory as 0x33 0x44 0x11 0x22
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Honey Pot Module coming up next week. by ls671 · 2010-07-17 11:58 · Score: 5, Informative

We are working on a honey pot module for Damn Vulnerable Linux, it should be coming out soon ;-)
Basically log all activity to a network server while hiding the fact that we are doing it. Just refresh from a fresh image once in a while. Once an intruder is noticed, we can give him as many rights as we want in real time, especially with regards to network connectivity, which is done at the firewall level. It is a nice way to get a good grip of what is running in the wilderness of the internet. If you are lucky enough, you can even learn about unpublished exploits although I would use a up to date distro to specifically discover these.

--
Everything I write is lies, read between the lines.
Semi-dupe by Improv · 2010-07-17 15:11 · Score: 5, Insightful

This was in the list of "most interesting linux distros" posted here maybe two weeks ago. Sigh.

--
For every problem, there is at least one solution that is simple, neat, and wrong.