Re:How safe is Linux web-browsing in general?
on
New Linux Rootkit Emerges
·
· Score: 3, Informative
There aren't any known, widespread Linux-based viruses or malware, and the few ones that do exist target server software, Java and/or Flash. And even if you found malware that still made its way in your computer via e.g. a vulnerability in the browser's Javascript - implementation that malware would still have to get root privileges in order to properly hide its existence -- there aren't any known, widespread security holes either in the Linux-kernel or the GNU userland, so if you keep your system up-to-date the chances are very, very slim the code would be able to get root privileges.
That is to say that if you e.g. used Firefox without Java and with the Flashblock add-on there'd be more-or-less no chances of you getting anything. Don't get scared by articles like this one because, well, this one doesn't spread via the web browser in the first place -- it was likely installed on the system by hand by someone who got access to it because of poor website implementation.
You clearly didn't read TFA. (The one with the black background.)
It doesn't contain any form of exploit at all. It is a program that has to be executed as root. If you are root, you already can do everything. (Like write to/dev/mem.) No need for exploits.
It isn't even a rootkit. Because "rootkit" implies getting root access from a non-root state.
You're assuming things. I did obviously read TFA. The thing is that the kernel module and its files could be a PART of a rootkit, not that the module itself contains any exploit code. That's why I used the wording "malware in question was injected," ie. the actual infection was done by another entity -- we just do not yet know whether or not it was done by a human person or computer code.
1) "It remains an open question regarding how the attackers have gained the root privileges to install the rootkit. However, considering the code quality, a custom privilege escalation exploit seems very unlikely." So it unlikely that they gained root with something new, but it was a web site that was hacked, so the likely vector is something related to what the site it was running. PHP, WordPress, DB Injection, and Apache exploits.
That's what I thought, too, but it should be researched more carefully. If the malware in question was injected in the first place via PHP, WordPress or something similar then that makes this much, much less of an important issue. However, if the malware did indeed use one or another exploit in the kernel or the default GNU userland, well, THAT would be truly news-worthy and should raise some serious flags.
How come neither of the links actually describe how this malware infects the machine in the first place? I'd say that's quite an important piece of information completely missing.
The same applies to me, too. I have a nice collection of something around 150 games on Steam and most of the games on that list do not work under Linux at all or work really buggily under Wine, and even then only after you've spent hours applying patches and doing recompiling of it.
Now, sure, I have a large collection of games that I seriously do not wish to just throw away, but how about all the other things? There's going to be plenty of games in the future, too, that I will want to play and, well, none of the ones I want have announced any plans for Linux-support. And how about gaming-related features, like properly-working 5.1 sound? Stereoscopic 3D?
I've said it plenty of times before, but Linux is absolutely effing great on a server, but there's just no good reason whatsoever for me to use it on the desktop.
Uh. How often do you re-install Windows 7? Once, maybe twice a year? Sure, installing all the updates and rebooting a handful of times is somewhat time-consuming, but it not THAT bad unless you keep re-installing the thing all the time -- and if you do there's something wrong with you.
What I cannot understand is that you can find lots of people saying "but I paid only $15/$39 to upgrade". Do people buy shit just because it's cheap?
Well, I bought it because it was cheap and because I know I'll sooner or later end up having to help friends/family with it. If it was more expensive I wouldn't have bought it, but then I would also have not been much of use to friends/family.
I have to agree with this. The simple fact is that DVDs are on their way out and you just can't hang on to them forever. The few people I know who still use DVDs like to collect them, not rent them, and the rest do not care at all. This sucks for OP's friend, but well, the same thing happened with VHS as well.
Why do people care what the OS of a Valve game console is if it's going to be locked down with DRM like any other console? (and given they are the current leader in PC game DRM, that's a given).
How do you define "leader in PC game DRM" here? I cannot find any statistics on what DRM-method is the most used one, so it can't be that, and besides, I'd say SecuRom is used much more often. Maybe you mean in user-friendliness? That I could agree with, what with Steam's own DRM-solutions being the most benign of them all.
Not sure if many people realize it, but almost every single networked BD player made in the last 5 years runs Linux. Same with almost all networked TVs and set-top boxes.
They actually run BSD. If they used Linux the manufacturers would be bound by the GPL, but with BSD there is no such a thing.
The real question for this hypothetical console is, why will major developers want to support it? It's going to have to have significant market share and lower licensing costs (and probably more gross revenue going to the developer) since in the end for a developer it's a business. And I just have a hard time believing Valve is going to be willing to put the literal *billions* of dollars into building and marketing a brand, distribution channels, developer outreach, training, etc that would be required to get that market share. There is good reason there are only 3 surviving consoles in the market...
But you're completely ignoring the fact that Valve already DOES have significant market share, a distribution channel of their own, marketing brand, developer outreach, training and all that. There's 40 MILLION accounts on Steam, of which over 5 million are all simultaneously active any given day -- that's a huge market, and there's a good reason for why so many publishers are extremely eager to push their content to Steam. With a Steam-console they'd only be given certain hardware-specs to target for and the devs could always count on having atleast the baseline-specs available, everything else already exists.
From everything Ive heard, Windows 8 IS better, they just slapped an inexplicably horrendous UI on it. I havent heard any complaints from a technical perspective.
I installed Windows 8 on my laptop. I have no complaints from a technical standpoint, really, but just as well I have no praises to give, either: since I only use it in desktop-mode and not a single Metro - application and I even installed Start8 so as to provide a Start-menu I just do not really see anything different other than a slightly altered theme and hot corners.
I installed Windows 8 simply to see if it really is faster at booting up than Windows 7 and because it supposedly consumes less battery. Sure, Windows 8 shaved about 2 seconds off the boot-up time, but...ehh, I find it difficult to get excited about 2 seconds. And there is no difference whatsoever with battery - usage. With these things in mind I don't get the animosity towards Windows 8, but I don't get the praises, either. It's just Windows 7 with different looks.
I don't generally like to comment in threads like this, but I have to hand it to you for translating the previous commentator's comments to what he actually means.
I don't know which Buffalo router you have but the one I have was terrible with DD-WRT. I had to TFTP it back to the Buffalo customized DD-WRT because the community stuff had unreliable WiFi, reboot issues, and other problems. Turns out that the WiFi on the router is terrible, stopped working after 6 months and I ended up getting a more expensive router just to use for WiFi. I used to love Buffalo, and now the only thing I like about them is the ability to get the power of DD-WRT without having to go thru TFTP hassles.
There is no Buffalo-customized DD-WRT for my router, and Buffalo has never released a single firmware-update for it at all. The firmware it ships with reboots every now and then without a reason, sometimes crashes completely, WIFI wouldn't agree to work at anything higher than 802.11g no matter what I did, and as said, the GUI only worked with IE! DD-WRT, on the other hand, has been totally stable, WIFI 802.11n works fine, no crashes or reboots at all, and it seems to even be slightly faster, too. The only problem with DD-WRT is that the web-server that handles the GUI crashes sometimes, but since it doesn't crash anything else it's not really a problem.
I just installed a few weeks ago DD-WRT on my Buffalo ADSL-modem/router. The web GUI is quite buggy, but otherwise it's great, totally worth the time and effort. Buffalo's own firmware was totally, completely broken and even the web GUI was developed to work only with Internet Explorer:S Now it chugs along happily without nary a hickup, and I've even got uMurmurd (voice chat server) running on it 24/7:)
That said, yeah, it would be nice if DD-WRT's development picked up again. I would like to see the remaining bugs ironed out.
Being kept alive in that condition (where you are conscious but are essentially trapped in your own body) is unimaginably cruel. I for one would rather die.
I totally agree with you there. I've actually said the thing multiple times to all my relatives and acquaintances; I do not ever wish to be confined to my own body, without ever being able to so much as move my arm. I'd much rather die and donate my organs to someone else who actually wishes to live.
Of course this being "news for nerds" nobody reading this has ever seen a real one since the day we were born. From the looks of things, Slashdotters born 50 years from now will go their whole lives never seeing one.
I would have seen one, but my stomach is in the way!
the pi has ethernet going over usb. its not baked in. ethernet is still an add-on.
How it's implemented with the RPi is irrelevant here because the Allwinner A10 DOES indeed have a built-in Ethernet controller, and the RPi does not use A10.
Well, if people are going to make strange, irrational decisions based on strange, irrational assumptions about a person they've never met and who has little if anything to do with what they're using, then they get what they deserve.
You kind of have to admit that Stallman is doing more harm than any good every time he sticks his beard out of his hole. I mean, just look at him or listen to him -- is it any wonder then that people make irrational assumptions about him?
If you're doing a PC only version windows xp is still 40% of the gamer market (steam hardware survey)
How old a survey are you looking at? The October 2012 survey places Windows XP at 11%, with Windows 7 32-bit at 14% and Windows 7 64-bit at 59%. Of those 11% of Windows XP users a large bunch is probably really Wine - users under Linux (the Windows XP - mode of Wine is still largely the most complete and compatible one)
Slashdot Mirror
There aren't any known, widespread Linux-based viruses or malware, and the few ones that do exist target server software, Java and/or Flash. And even if you found malware that still made its way in your computer via e.g. a vulnerability in the browser's Javascript - implementation that malware would still have to get root privileges in order to properly hide its existence -- there aren't any known, widespread security holes either in the Linux-kernel or the GNU userland, so if you keep your system up-to-date the chances are very, very slim the code would be able to get root privileges.
That is to say that if you e.g. used Firefox without Java and with the Flashblock add-on there'd be more-or-less no chances of you getting anything. Don't get scared by articles like this one because, well, this one doesn't spread via the web browser in the first place -- it was likely installed on the system by hand by someone who got access to it because of poor website implementation.
You clearly didn't read TFA. (The one with the black background.)
It doesn't contain any form of exploit at all. It is a program that has to be executed as root. If you are root, you already can do everything. (Like write to /dev/mem.) No need for exploits.
It isn't even a rootkit. Because "rootkit" implies getting root access from a non-root state.
You're assuming things. I did obviously read TFA. The thing is that the kernel module and its files could be a PART of a rootkit, not that the module itself contains any exploit code. That's why I used the wording "malware in question was injected," ie. the actual infection was done by another entity -- we just do not yet know whether or not it was done by a human person or computer code.
1) "It remains an open question regarding how the attackers have gained the root privileges to install the rootkit. However, considering the code quality, a custom privilege escalation exploit seems very unlikely." So it unlikely that they gained root with something new, but it was a web site that was hacked, so the likely vector is something related to what the site it was running. PHP, WordPress, DB Injection, and Apache exploits.
That's what I thought, too, but it should be researched more carefully. If the malware in question was injected in the first place via PHP, WordPress or something similar then that makes this much, much less of an important issue. However, if the malware did indeed use one or another exploit in the kernel or the default GNU userland, well, THAT would be truly news-worthy and should raise some serious flags.
That does not explain how it gets installed.
Yada-yada-blabber-blabber.
nobody really uses this OS except hobbyists and niche markets
Yeah, what with Microsoft, Amazon, Google, Valve and so on. Oh, pssh, they're irrelevant; they count as nobodies, right?
How come neither of the links actually describe how this malware infects the machine in the first place? I'd say that's quite an important piece of information completely missing.
The same applies to me, too. I have a nice collection of something around 150 games on Steam and most of the games on that list do not work under Linux at all or work really buggily under Wine, and even then only after you've spent hours applying patches and doing recompiling of it.
Now, sure, I have a large collection of games that I seriously do not wish to just throw away, but how about all the other things? There's going to be plenty of games in the future, too, that I will want to play and, well, none of the ones I want have announced any plans for Linux-support. And how about gaming-related features, like properly-working 5.1 sound? Stereoscopic 3D?
I've said it plenty of times before, but Linux is absolutely effing great on a server, but there's just no good reason whatsoever for me to use it on the desktop.
Uh. How often do you re-install Windows 7? Once, maybe twice a year? Sure, installing all the updates and rebooting a handful of times is somewhat time-consuming, but it not THAT bad unless you keep re-installing the thing all the time -- and if you do there's something wrong with you.
What I cannot understand is that you can find lots of people saying "but I paid only $15/$39 to upgrade". Do people buy shit just because it's cheap?
Well, I bought it because it was cheap and because I know I'll sooner or later end up having to help friends/family with it. If it was more expensive I wouldn't have bought it, but then I would also have not been much of use to friends/family.
I have to agree with this. The simple fact is that DVDs are on their way out and you just can't hang on to them forever. The few people I know who still use DVDs like to collect them, not rent them, and the rest do not care at all. This sucks for OP's friend, but well, the same thing happened with VHS as well.
Why do people care what the OS of a Valve game console is if it's going to be locked down with DRM like any other console? (and given they are the current leader in PC game DRM, that's a given).
How do you define "leader in PC game DRM" here? I cannot find any statistics on what DRM-method is the most used one, so it can't be that, and besides, I'd say SecuRom is used much more often. Maybe you mean in user-friendliness? That I could agree with, what with Steam's own DRM-solutions being the most benign of them all.
Not sure if many people realize it, but almost every single networked BD player made in the last 5 years runs Linux. Same with almost all networked TVs and set-top boxes.
They actually run BSD. If they used Linux the manufacturers would be bound by the GPL, but with BSD there is no such a thing.
The real question for this hypothetical console is, why will major developers want to support it? It's going to have to have significant market share and lower licensing costs (and probably more gross revenue going to the developer) since in the end for a developer it's a business. And I just have a hard time believing Valve is going to be willing to put the literal *billions* of dollars into building and marketing a brand, distribution channels, developer outreach, training, etc that would be required to get that market share. There is good reason there are only 3 surviving consoles in the market...
But you're completely ignoring the fact that Valve already DOES have significant market share, a distribution channel of their own, marketing brand, developer outreach, training and all that. There's 40 MILLION accounts on Steam, of which over 5 million are all simultaneously active any given day -- that's a huge market, and there's a good reason for why so many publishers are extremely eager to push their content to Steam. With a Steam-console they'd only be given certain hardware-specs to target for and the devs could always count on having atleast the baseline-specs available, everything else already exists.
I don't see anything to thank you for. It's just a website with incoherent ramblings about how bad porn supposedly is.
From everything Ive heard, Windows 8 IS better, they just slapped an inexplicably horrendous UI on it. I havent heard any complaints from a technical perspective.
I installed Windows 8 on my laptop. I have no complaints from a technical standpoint, really, but just as well I have no praises to give, either: since I only use it in desktop-mode and not a single Metro - application and I even installed Start8 so as to provide a Start-menu I just do not really see anything different other than a slightly altered theme and hot corners.
I installed Windows 8 simply to see if it really is faster at booting up than Windows 7 and because it supposedly consumes less battery. Sure, Windows 8 shaved about 2 seconds off the boot-up time, but...ehh, I find it difficult to get excited about 2 seconds. And there is no difference whatsoever with battery - usage. With these things in mind I don't get the animosity towards Windows 8, but I don't get the praises, either. It's just Windows 7 with different looks.
Not really bringing gaming to Linux as it's more or less emulated, FGS fix Linux!
Emulated? You realize that the whole point with making a native Steam-client is exactly that the devs would start releasing native games?
I don't generally like to comment in threads like this, but I have to hand it to you for translating the previous commentator's comments to what he actually means.
I don't know which Buffalo router you have but the one I have was terrible with DD-WRT. I had to TFTP it back to the Buffalo customized DD-WRT because the community stuff had unreliable WiFi, reboot issues, and other problems. Turns out that the WiFi on the router is terrible, stopped working after 6 months and I ended up getting a more expensive router just to use for WiFi. I used to love Buffalo, and now the only thing I like about them is the ability to get the power of DD-WRT without having to go thru TFTP hassles.
There is no Buffalo-customized DD-WRT for my router, and Buffalo has never released a single firmware-update for it at all. The firmware it ships with reboots every now and then without a reason, sometimes crashes completely, WIFI wouldn't agree to work at anything higher than 802.11g no matter what I did, and as said, the GUI only worked with IE! DD-WRT, on the other hand, has been totally stable, WIFI 802.11n works fine, no crashes or reboots at all, and it seems to even be slightly faster, too. The only problem with DD-WRT is that the web-server that handles the GUI crashes sometimes, but since it doesn't crash anything else it's not really a problem.
In the future I'll avoid Buffalo.
My router isn't supported by OpenWRT.
I just installed a few weeks ago DD-WRT on my Buffalo ADSL-modem/router. The web GUI is quite buggy, but otherwise it's great, totally worth the time and effort. Buffalo's own firmware was totally, completely broken and even the web GUI was developed to work only with Internet Explorer :S Now it chugs along happily without nary a hickup, and I've even got uMurmurd (voice chat server) running on it 24/7 :)
That said, yeah, it would be nice if DD-WRT's development picked up again. I would like to see the remaining bugs ironed out.
So you rather die then spend time with yourself and with your imagination?
I already spend time with my imagination, but I don't want to be confined inside my own imagination. A huge difference.
Being kept alive in that condition (where you are conscious but are essentially trapped in your own body) is unimaginably cruel. I for one would rather die.
I totally agree with you there. I've actually said the thing multiple times to all my relatives and acquaintances; I do not ever wish to be confined to my own body, without ever being able to so much as move my arm. I'd much rather die and donate my organs to someone else who actually wishes to live.
Of course this being "news for nerds" nobody reading this has ever seen a real one since the day we were born. From the looks of things, Slashdotters born 50 years from now will go their whole lives never seeing one.
I would have seen one, but my stomach is in the way!
the pi has ethernet going over usb. its not baked in. ethernet is still an add-on.
How it's implemented with the RPi is irrelevant here because the Allwinner A10 DOES indeed have a built-in Ethernet controller, and the RPi does not use A10.
What's with your fascination about Ellison's genitals? Is this thing supposed to have the kind of sexual innuendo as it has?
Well, if people are going to make strange, irrational decisions based on strange, irrational assumptions about a person they've never met and who has little if anything to do with what they're using, then they get what they deserve.
You kind of have to admit that Stallman is doing more harm than any good every time he sticks his beard out of his hole. I mean, just look at him or listen to him -- is it any wonder then that people make irrational assumptions about him?
If you're doing a PC only version windows xp is still 40% of the gamer market (steam hardware survey)
How old a survey are you looking at? The October 2012 survey places Windows XP at 11%, with Windows 7 32-bit at 14% and Windows 7 64-bit at 59%. Of those 11% of Windows XP users a large bunch is probably really Wine - users under Linux (the Windows XP - mode of Wine is still largely the most complete and compatible one)