[ubuntu-za] Ubuntu Linux virus?

David Robert Lewis ethnopunk at telkomsa.net
Sat Aug 8 12:34:29 BST 2009 


Ivo Vegter wrote:
> Reenen Laurie wrote:
>   
>> But virus writers would all like to say that they wrote the first or
>> some of the first virus for linux. Also google is now writing a
>> linux... And i aan think of at least one mega corp who'd like the
>> argument that linux is not as safe as people think. Though i usually
>> think it's more likely something else.
>>     
>
> There are a few reasons in principle why Linux is safer than Windows.
> Most importantly, root access needs password permission by default, and
> in Ubuntu, the root account doesn't even have a password, by default.
> This doesn't prevent user-space access, however, nor does it mean it
> won't install what the user says to install (which is often a lot, these
> days).
>
> There's the motivation argument, sure. Linux is a smaller target, more
> difficult to compromise, and usually has smarter users, so the return on
> investment is significantly lower than you'd get by targeting Windows.
> But that is an argument for why Linux viruses wouldn't exist, not for
> why they couldn't exist.
>
> All this is cause for a false sense of security, which I think is
> dangerous. Some day, it's going to bite the Linux community hard.
>
> I'm as alert using Linux as I would be using Windows. I run a firewall
> and virus checker. I update my software whenever fixes are available. I
> don't let Flash or scripts execute in Firefox without permission. I
> don't let HTML display in Thunderbird without permission. I use long,
> high-quality passwords. And even then, I'm aware that my permission (and
> even root access to install apps) could easily be engineered, so I
> occasionally scan htop so that I'm familiar with what processes
> typically run on my machine.
>
> As much as we all like to gloat about compromised Windows users, the
> notion that Linux (or MacOSX) is immune from malware is false.
>
>   
Ivo,

I guess one could turn your post into some kind of a check list.

However, it could be worse than a virus. I probably ran into some bad 
company on the net, and attracted the attention of some bad-ass hackers 
who could just be fooling around with me, (thinking that I have an 
enormous time on my hands to spend figuring out what their infantile 
obsessions are with security and how to plug the gaps.)

Yes I do know Capn. Crunch and used to phreak phones but that was back 
in the bad old days. I no longer hero worship Fibr Optic or anybody 
silly enough to want to break into a Unix installation. It's real 
paranoid headspace.

Besides, I don't have a computer science degree. I like writing about 
technology and playing with tech. My skills are extremely modest and 
limited to bash.

A pro-Mono junkie could also be taking his frustration out on me by 
exposing how vulnerable my humble machine is to outside infiltration. I 
would really prefer if we just left our front-doors open and practiced 
ubuntu!!!

As RMS suggests - just leave a space as your password. It's faster and 
no worse than pretending that you have some form of security when we all 
know, how quickly passwords can be compromised.

I don't think Ubuntu has the kind of encryption necessary to avoid a 
sustained hack-attack by a professional, and would love to see some 
Buntu-hack-fests, which is probably what should be happening so we can 
figure out security.

Problem, is things often get busted by using force, and I could have 
lost data.

But I'm a bad boy. I let thundebird execute HTML, I did everything one 
does in a transparent environment, running flash the whole caboodle.

Therefore I probably got my password scammed somehow, I've now changed 
it, and things are a lot less hectic than they were before it got 
cracked again, and I had to reset it to something stronger.

Then again, there's also dealing with practical reality, which is the 
fact that my mouse was probably dying and sending bad data to the dbus 
which then lead to complications.

I've killed the mouse and amd using a backup and should be writing a 
post to the effect -- Last night an evil hacker broke into my machine 
and killed my mouse!


So laugh if you all want, but its no joke, no point in unfriending 
Crunch is there?


Regards


DRL


-- 
888          8 8                    
 8  8d8b. .d88 8 .d8b. Yb  dP 8   8 
 8  8P Y8 8  8 8 8' .8  YbdP  8b d8 
888 8   8 `Y88 8 `Y8P'   YP   `Y8P8 
http://indlovu.bundublog.com

More information about the ubuntu-za mailing list