Slashdot Mirror
Ask Slashdot: Is GNU/Linux Malware a Real Threat?
New submitter m.alessandrini writes "I've been using Debian for a long time, and I'm not a novice at all; I install system updates almost daily, I avoid risky behaviors on Internet, and like all Linux users I always felt safe. Yesterday my webcam suddenly turned on, and turned off after several minutes. I'm pretty sure it was nothing serious, but I started thinking about malware. At work I use noscript and other tools, but at home I have a more relaxed browser to be used by other family members, too. Here I'm not talking about rootkits or privilege escalation (I trust Debian), I think more of normal user compromise. For example, these days much malware come from malicious scripts in sites, even in advertising banners inside trusted sites, and this is more 'cross-platform' than normal viruses. So, what about non-root user malware? How much could this be real? And how can you diagnose it?"
Your webcam turned on, then off, and you didn't ask it to? I think you need to figure out what happened first.
When I ran Linux on my laptop for work I always ran some form of AV. I really wasn't concerned about my own machine being compromised. The scenario that bothered me was the potential for a client to send me an infected file which could get forwarded to another customer. Do to the nature of our business, at the time, that would've been rather embarrassing.
Solving Unix problems since 1989...
http://xkcd.com/1200/
Yesterday my webcam suddenly turned on, and turned off after several minutes.
Hey, sorry about that. I was trying to get the girl next door that's leeching off your wifi. She's so cute! But when I turned on the webcam, I knew I had the wrong person. Also, dude, put some pants on. Nobody wants to see that.
Oh, and that stuff about Linux having malware? I'm sure you have nothing to worry about. The Year of the Linux Desktop hasn't come yet (though they say it'll be this summer for sure!), so you're safe. All the malware me and my friends at the Evil League of Evil make for Linux is designed to worm its way into web servers, ftp, etc., to spread malware to Windows boxes. We aren't interested in your personal life. You're a nerd, running Linux. We haven't found a single case of one of you having a life yet. Hell, you don't even have a decent car, man.
oh oh, gotta go, the webcam is up and... oooooh my....
#fuckbeta #iamslashdot #dicemustdie
As long as you have people on Ubuntu forums posting "sudo apt-get " as the solution to everything without explaining what they do, and as long as you have people willing to copy/paste the commands without understanding what they are doing, then malware is a threat.
The same groupthink plagues the Arch Linux forums. Blindly copy/pasting commands that someone else put on a wiki does not make you elite, it makes you an idiot.
The same issue exists in adding repositories from untrusted sources. What's the point of running an enterprise-class operating system if the first thing you do is add a third party repo from Russia and update the kernel with something ending -kmod?
The critical mass of idiot users still reside in Windows, where things like UAC and walled gardens exist to protect them somewhat. At least there, you have to know the administrator password to do real damage. Ubuntu and all the new user-friendly distros are content to put every new account in /etc/sudoers and allow you to use your own password to gain root access. Any operating system is prone to malware so long as people are willing to bend security practices.
Linux is much easier to exploit than Windows. All of its internals are well understood, and there are more things one can do with shell access.
2003 is calling. They want their FUD back.
"I don't know, therefore Aliens" Wafflebox1
Getting struck by lightning is real. Worrying about/preparing for it very much is silly. Draw your own conclusions about how this applies to malware on a Linux machine that's kept up-to-date and the user avoids risky behaviors.
For lightning, make a will, and you're covered. For Linux, make backups, and you're covered.
My home has a lightning rod. So do all the tall buildings downtown. I have UPS and surge protectors, and even surge arresting breakers in my home's electric service panel. It's not just worrying over lightning, it's also worrying over accidental electrocution (all circuits are GFCI protected in some form, which has saved my bacon more than once); The power spikes and drops in this city are pretty bad. Every time it rains or the wind blows a bit we get little power hiccups. My home has been struck by lightning 3 times in the past 20 years. My neighbors behind me have had a tall pine tree struck, and the neighbors across the street showed up at my doorstep at 3am one morning after a particularly loud thunder clap -- The large china-berry tree in their front yard was struck and it fell over on their house.
Just like with Malware and any OS, there is far more you can do to prevent against lightning or electrical damage. I've never lost a system to power issues, and I have many. In addition to backups I use VMs -- Oops, virused a VM image, restore from snapshot -- It's like a backup, but smarter.
luser$ sudo apt-get install rootkit
But I couldn't get the damn thing to compile!
Also, do not ever copy and paste commands directly in your terminal from an untrusted website, even if you do understand them:
http://thejh.net/misc/website-terminal-copy-paste