Firewall and/or anti-virus

Antonio Augusto (Mancha) mkhaos7 at gmail.com
Mon Apr 6 19:40:32 UTC 2009


On Mon, Apr 6, 2009 at 14:21, GreyGeek <GreyGeek at earthlink.net> wrote:
> Antonio Augusto (Mancha) wrote:
>> ....
>>

Hello GG,

You have mode some very good points in your argumentation, all of them
very interesting.
Let me point out somethings I think are interesting...

> A program defect is *NOT* necessarily an remotely exploitable defect,
> so an update to fix a gui button which doesn't work to design specs
> isn't the same as fixing a switch parameter of a utility, or a gui
> textbox, which allows a buffer overflow.    Defects and bugs do *not*
> equate on either platform.  I would wager that the *VAST majority* of
> updates on Jaunty are to fix performance issues not security holes
> ("bugs").

I think its not fair to use Jaunty updates to check for security
updates. Jaunty is in beta right now and, because of this, we are
going to see lots of changes not related to security.

If you look at the USN (http://www.ubuntu.com/usn) you will see the
number of security bugs found in Ubuntu packages. A simple example is
Firefox: the latest version (3.0.8) fixed two security issues, one of
them could be exploited on Linux (nbot sure about the other).
And I think its fair to bring buffer overflow to the table and even
XSS, since these are most common method of attack these days.

But, as you said "To a thousand eyes, all bugs are shallow", so yeah,
the open source method of doing things usually yeld in a better
response time than the closed source way of doing things.


>> simply because Linux is not as
>> popular as Windows.
>
>> When Linux becomes a mainstream OS with everyone using it you bet crackers you start trying to find ways to write virus
>> to it.
>> \
>>
> I've heard that argument repeated many times but I don't believe it.

Can't really discuss this. Thinking of it you are right.
The Linux security model is a lot tighter then Windows, and even when
Linux shares reaches 100% the security will be top of the line.
On the other hand, we will see more incidents involving Linux, because
more "mainstream" users will start using it and will leave their
computers open to attackers (like the psybot incident).

 >> BUUT... as said, in the even of a Virus your personal files (that, in
>> the end, as a personal user, is what matter) would be at danger. So
>> yeah, if you get a Linux virus you are as screwed as on Windows.
>>
> Actually, since most hackers are not script kiddies, but professional
> thieves (and this may seem strange at first) you could be *better*
> protected by being hijacked by a hacker!  Why?  Because while hackers
> can spam a single viral email and gather in several *thousand* Windows
> PCs as zombies into their bot farm, they prefer to use Linux as the bot
> farm controller *because* it is secure from normal viral routes of
> infection and from less skilled manual hackers.  But, they have to
> manually hack into the Linux box to compromise it and that is not easy
> and it is very dangerous - i.e. is is easier to get caught.  Once in,
> they will block the routes they took to get in and other routes that
> might be exposed, thus making the Linux box *more* secure than it was
> before.  Now, from the relative safety of their IRC channel, they send a
> quick *single* msg to their Linux controller with a command that tells
> the Linux box to relay the contained targeting information to the
> thousands of IP addresses of the Windows zombies.   In the stream of IRC
> channel chatter one would hardly notice that one line.  The Linux user
> might notice a flurry of Internet activity on their Internet connection,
> and things may slow down for a few minutes as 50,000 Windows boxes are
> contacted and attack information is relayed to them, but it will return
> to "normal" until the next command from the hacker.  After the hacker is
> finished using the box he may plunder it for personal  or CC
> information.  That is what you mean when you say the Linux user is as
> screwed as the Windows users, and if that happens you are correct.  But,
> relative to its market share, *very few* Linux boxes are being hijacked
> because very few are needed.

C'mon, now you are pushing the line :)
I'd prefer not being hacked by anyone, than having a cracker fortifying my box.
But yeah, i get your point.

>> ...
>>
>> Hope this helps you a bit. At the end it does not hurts to be carefull
>> with what you do around the net :)
>>
>>
>>
> Exactly!  Being careful includes *not* installing foreign applications,
> i.e., ones *not* in the repository.
>
> The best way to get infected running Linux is to install a foreign
> binary app *or* one you compiled from a tar file downloaded from an
> unvetted source.  Those two routes are the *sure* way to get infected.
>

This is the dummiest way to get infected :)
And, with all do respect to people that do it, they deserve to be infected.
The security is as tight as the user makes it. If the user doesn't
cares or doesn't know about security then, NOTHING that the OS does
will help them.


Cheers,
KM




More information about the kubuntu-users mailing list