Linux is far from being free of malware??!!

Sat Jan 4 15:37:26 UTC 2014

Linux is far from being "virus free". While Windows has been the *de
facto*target for malware developers (increased market share which
means better
return on investment), Linux is AS VULNERABLE as Windows.  When you compare
attack surface on a bare bone Ubuntu 12.04 (LTE) and bare bone Windows
Server 2008, there is not much you can do (as an attacker) with either
operating system. But then, if you install outdated, known to be vulnerable
MySQL on both and expose the server to the Internet, both will be
vulnerable to the same vulnerabilities.

I am doing digital forensic investigations and security assessments for
living; while majority of workstations/desktop/laptops we are investigating
are Microsoft Windows based with a few OSX here and there (as expected),
*NIX represents at least 50% of the servers we are investigating. The
reason, in my opinion, is that today the prominent attack vector is through
a web servers (exposed to the Internet) as opposed to a database or an
application servers (protected from the Internet using traditional
firewall), and Apache, which most often found on *NIX OS, has the major
market share (45% of the market according to
http://news.netcraft.com/archives/2013/10/02/october-2013-web-server-survey.html).
Then, when you add the fact that Microsoft has well oiled patching process
(i.e. the "Black" Tuesday) with freely available tools (i.e. WSUS), the
investigated Microsoft Windows OS are more likely to have recent patches
than not. More over, Windows System Administrators have long ago
acknowledged the fact that Microsoft Windows OS are vulnerable and
religiously follow patching processes as opposed to *NIX System
Administrators who believe that *NIX OS is the most stable, virus free
environment which motto "if it is not broken, don't touch it" who tend to
stick to the oldest still supported version often left AS IS since it was
originally installed, you get a server which is full of security holes.

In the end, it all comes down to education of the end user. Today, both
Ubuntu (as I am sure other *NIX based OS) as well as  Microsoft Windows OS
offer automated patching, and it is up to the end user to ensure that the
OS, applications, services, etc. are up to date and configured securely.
Otherwise, it is does not matter (to a certain degree) what is the
underlying OS as the malicious users often do not target the OS directly.

John

On Sat, Jan 4, 2014 at 9:07 AM, William <wjckc79 at gmail.com> wrote:

> One of the biggest problems with Linux and viruses has nothing to do with
> Linux itself getting infected. One of the more common Linux virus related
> scenarios involves someone running Linux receiving an infected email from
> someone running Windows. The computer running Linux does not get infected,
> but it does pass it on if the email is forwarded.
>
> Personally, in over a decade of running Linux I have never had a virus.
> You pretty much have to be socially engineered into it. As Manuel pointed
> out, know where you are installing your software from. I can see a
> potential scenario where a user searches for a PPA for something common,
> and then installs the first one they see looking at the PPA itself which
> may not be official and could contain the software they are looking for,
> recompiled with a vulnerability. That could be especially disastrous if you
> install a kernel with wget and don't pay attention to the URL.
>
>
> On Sat, Jan 4, 2014 at 7:49 AM, Manuel Cuadra <manuelcua at gmail.com> wrote:
>
> I just think that any OS can be potentially harmful, specially if you
> install whatever exists and believe in anything on the internet. The
> differences between Windows and Linux is that everyone can contribute to
> make it more secure to back doors and hacks so Linux is always more secure
> but not unbreakable, and Windows private code usually have a really big
> amount of security breaches that get´s resolved on a large amount of time
> and that makes the OS exposed to people knowing about those problems and
> exploits them as much as they want, and Windows charges you for that LOL,
> on the other hand, the Client has a lot of responsibilities that they
> should know about when installing an APP and from what source.
>
>
> 2014/1/4 Ali Linx (amjjawad) <amjjawad at gmail.com>
>
>>
>> On Sat, Jan 4, 2014 at 4:19 PM, Fred <elfred999 at gmail.com> wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi Ali. Hi All.
>>> Perfect my friend.
>>> Have a great Weekend.
>>> [Frédéric Lagneau]
>>>
>>>
>> Hi,
>>
>> But I was actually asking the list if they agree with me or with my
>> neighbor who think  "Linux is far from being free of malware??!!" :D
>>
>> That is why I started the thread on Ubuntu Forums. I want to be corrected
>> in case I am wrong :)
>>
>> Thank you!
>>
>>
>> --
>> Remember: "All of us are smarter than any one of us."
>> Best Regards,
>> amjjawad <https://wiki.ubuntu.com/amjjawad>
>> Areas of Involvement<https://wiki.ubuntu.com/amjjawad/AreasOfInvolvement>
>> My Projects <https://wiki.ubuntu.com/amjjawad/Projects>
>>
>> --
>> Ubuntu-GNOME mailing list
>> Ubuntu-GNOME at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-gnome
>>
>>
>
> --
> Ubuntu-GNOME mailing list
> Ubuntu-GNOME at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-gnome
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-gnome/attachments/20140104/f05cc90e/attachment-0001.html>