Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is GNU/Linux Malware a Real Threat?

Posted by timothy on from the send-you-this-file-in-order-to-have-your-advice dept.

New submitter m.alessandrini writes "I've been using Debian for a long time, and I'm not a novice at all; I install system updates almost daily, I avoid risky behaviors on Internet, and like all Linux users I always felt safe. Yesterday my webcam suddenly turned on, and turned off after several minutes. I'm pretty sure it was nothing serious, but I started thinking about malware. At work I use noscript and other tools, but at home I have a more relaxed browser to be used by other family members, too. Here I'm not talking about rootkits or privilege escalation (I trust Debian), I think more of normal user compromise. For example, these days much malware come from malicious scripts in sites, even in advertising banners inside trusted sites, and this is more 'cross-platform' than normal viruses. So, what about non-root user malware? How much could this be real? And how can you diagnose it?"

9 of 252 comments (clear)

  1. someone's spying on you by Anonymous Coward · · Score: 5, Insightful

    Your webcam turned on, then off, and you didn't ask it to? I think you need to figure out what happened first.

    1. Re:someone's spying on you by 0racle · · Score: 4, Insightful

      You know it was more likely a misbehaving application polling the webcam and not anything nefarious right? As another poster said, Flash is probably a leading culprit.

      --
      "I use a Mac because I'm just better than you are."
    2. Re:someone's spying on you by hairyfeet · · Score: 3, Insightful

      The simple fact is ALL OSes can get malware unless they are either so locked down on permissions that they are basically read only or are thin clients which are locked down at the server, but even the Linux community claims Android as Linux and its going to reach a million infections any day now so the argument over whether Linux malware is a threat? Pretty much over, that is what happens when somebody uses it for something popular, popular equals large target. Welcome to the club, the Mac guys that joined a couple of years back can show you the ropes, coffee and donuts are in the back.

      As for this specific case? As somebody who works on systems 6 days a week? Yeah...smells like he has an infection. Guys here can have a shitfit if they want but anybody who switches from an OS they know the ropes on to something completely new, I don't care if its Linux or Mac or Windows whatever? They are ALWAYS gonna be at higher risk than where they were simply because they don't know the new system and don't know what to watch out for. Hell he probably doesn't even know what should and shouldn't be running on his system or what to look for if there is a hijacked program or a backdoor installed.

      In this case, as much as I fricking hate to say it as I've found you have to wade through a LOT of shit and douchebags than run on pure smug and leetness in them places but in this particular case i don't see any choice, he is gonna have to go to the forums of his particular distro and tell them what is going on. They will have the most experience with that particular build, will know what is supposed to be running and what isn't on build blah blah whatever, and will be able to spot something that doesn't belong a hell of a lot faster than anybody here would.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Don't worry by Black+Parrot · · Score: 4, Insightful

    It was just Skynet checking out what you were up to. Or maybe the ATF. Or Russian Mafia. Or...

    As for security, ~5 years ago read someone's account of watching while someone on the internet installed a root kit on his Linux box in a matter of minutes.

    Presumably some platforms/applications are less likely to be compromised than others, but the safest assumption is that everything is compromised, or would be if the experts wanted it.

    --
    Sheesh, evil *and* a jerk. -- Jade
  3. Linux's Biggest Threat is Human Engineering by Anonymous Coward · · Score: 2, Insightful

    Do not copy and paste commands into your terminal that you do not understand.

    The vast majority of compromised Linux systems that I've dealt with have not been because of any malware or crazy hacking, they've been because people copied and pasted commands that gave attackers free access to their computer. I've seen fairly computer literate people open their systems right up because they had a bug, searched Google, and entered the first command they saw into their terminal.

    Don't do it. Don't let your parents, friends, or whoever relies on you for tech support think that this is okay behavior. It's just as bad as launching random exe's in Windows.

  4. Yes by Anonymous Coward · · Score: 5, Insightful

    As long as you have people on Ubuntu forums posting "sudo apt-get " as the solution to everything without explaining what they do, and as long as you have people willing to copy/paste the commands without understanding what they are doing, then malware is a threat.

    The same groupthink plagues the Arch Linux forums. Blindly copy/pasting commands that someone else put on a wiki does not make you elite, it makes you an idiot.

    The same issue exists in adding repositories from untrusted sources. What's the point of running an enterprise-class operating system if the first thing you do is add a third party repo from Russia and update the kernel with something ending -kmod?

    The critical mass of idiot users still reside in Windows, where things like UAC and walled gardens exist to protect them somewhat. At least there, you have to know the administrator password to do real damage. Ubuntu and all the new user-friendly distros are content to put every new account in /etc/sudoers and allow you to use your own password to gain root access. Any operating system is prone to malware so long as people are willing to bend security practices.

  5. Re:It's easier to exploit. by Nutria · · Score: 5, Insightful

    Linux is much easier to exploit than Windows. All of its internals are well understood, and there are more things one can do with shell access.

    2003 is calling. They want their FUD back.

    --
    "I don't know, therefore Aliens" Wafflebox1
  6. Re:It's easier to exploit. by mlts · · Score: 4, Insightful

    That is what SELinux and AppArmor are for. They might not be 100% (as there were some kernel exploits that could be used to bypass those), but with proper policies in place, something getting UID 0 would be pretty limited in what it can accomplish.

    OS X also has a similar mechanism in place.

    Linux also has a bunch of different distributions. A bug that causes SSL keys to be very weak in Ubuntu is not going to affect RedHat systems.

    This doesn't mean Linux is worry-free, but it is more secure than people think. To cite an anecdotal example, the proof is in the pudding -- look at all the amateurish Apache servers and LAMP stacks out there. If Linux had major issues in general, there would be major screaming on almost every forum how insecure the OS is.

  7. Re:Not as real a threat as on Microsoft Windows by Anonymous Coward · · Score: 2, Insightful

    1% of 10% is smaller than .7% of 90%.

    Yes, it is. But if you discuss infection risk for users and infectability of a platform, percentage of user base is the right measure.