[ubuntu-uk] Malware discussion from another list

alan c aeclist at candt.waitrose.com
Sat Aug 4 20:24:05 BST 2007 

The following originated as a newcomer request about AVG virus 
checker, and I added comments suggesting that linux was infertile 
ground for infection, and associated points. It was (is) a balanced 
and interesting discussion, and has yielded the comments copied below, 
which seem to be quite reasonable and well informed. I post a copy 
here because this list is a little less public, and since I am out of 
my depth with stuff at this level I also trust comments better here. 
Also if distro specific security action is needed or available, I 
would again, think this is a more constructive place at this stage.

In general I would like to know what action can prevent such malware 
things as described below from happening?

Assuming the distro and its updates are clean, then presumably a 
blanket 'do not install anything' would count. Is this too simplistic? 
Is a conclusion that anti virus/malware apps (such as AVG, or any FOSS 
equivalent) really are likely to improve security in (Ubuntu)?

One of the things I did not like about windows was that it was far too 
hard to secure, and even then it was not possible (it seemed to me) to 
be sure that it stayed secure with normal activity going on.

================================================
Newsgroups: alt.os.linux.ubuntu
From: Bit Twister <BitTwister at mouse-potato.com>
Subject: Re: Stupid newbee question - AVG
Date: Fri, 03 Aug 2007 11:36:14 GMT

On Fri, 3 Aug 2007 11:42:35 +0100, Chris Game wrote:

 > I can install software from my account,

If you mean:
o   install into your account, yes,
o   install into system directories, then you broke the security model.

 > or modify my .bashrc file likewise, so anyone logged on as me, or
 > some malware I inadvertently triggered (apparently the usual vector
 > these days), could install a password sniffer to capture the
 > necessary info the next time I used the root account or typed 'sudo
 > xxx' ('sudo' could be redefined in the .bashrc file). Then the
 > malware would be free to create chaos.

Yep. Two possible solutions,
1  chmod 644 .bashrc
    chmod 644 .bash_profile
    sudo chown root:root $HOME/.bashrc
    sudo chown root:root $HOME/.bash_profile

2 any internet activity (brwoser, email, usenet,,,,) are done from
   other accounts with a setup using option 1.

I run with solution 2.
================================================


-- 
alan cocks
Kubuntu user#10391

More information about the ubuntu-uk mailing list