[ubuntu-uk] Malware discussion from another list
aeclist at candt.waitrose.com
Sat Aug 4 20:24:05 BST 2007
The following originated as a newcomer request about AVG virus
checker, and I added comments suggesting that linux was infertile
ground for infection, and associated points. It was (is) a balanced
and interesting discussion, and has yielded the comments copied below,
which seem to be quite reasonable and well informed. I post a copy
here because this list is a little less public, and since I am out of
my depth with stuff at this level I also trust comments better here.
Also if distro specific security action is needed or available, I
would again, think this is a more constructive place at this stage.
In general I would like to know what action can prevent such malware
things as described below from happening?
Assuming the distro and its updates are clean, then presumably a
blanket 'do not install anything' would count. Is this too simplistic?
Is a conclusion that anti virus/malware apps (such as AVG, or any FOSS
equivalent) really are likely to improve security in (Ubuntu)?
One of the things I did not like about windows was that it was far too
hard to secure, and even then it was not possible (it seemed to me) to
be sure that it stayed secure with normal activity going on.
From: Bit Twister <BitTwister at mouse-potato.com>
Subject: Re: Stupid newbee question - AVG
Date: Fri, 03 Aug 2007 11:36:14 GMT
On Fri, 3 Aug 2007 11:42:35 +0100, Chris Game wrote:
> I can install software from my account,
If you mean:
o install into your account, yes,
o install into system directories, then you broke the security model.
> or modify my .bashrc file likewise, so anyone logged on as me, or
> some malware I inadvertently triggered (apparently the usual vector
> these days), could install a password sniffer to capture the
> necessary info the next time I used the root account or typed 'sudo
> xxx' ('sudo' could be redefined in the .bashrc file). Then the
> malware would be free to create chaos.
Yep. Two possible solutions,
1 chmod 644 .bashrc
chmod 644 .bash_profile
sudo chown root:root $HOME/.bashrc
sudo chown root:root $HOME/.bash_profile
2 any internet activity (brwoser, email, usenet,,,,) are done from
other accounts with a setup using option 1.
I run with solution 2.
More information about the ubuntu-uk