[ubuntu-za] Ubuntu Linux virus?
David Robert Lewis
ethnopunk at telkomsa.net
Sat Aug 8 12:34:29 BST 2009
Ivo Vegter wrote:
> Reenen Laurie wrote:
>
>> But virus writers would all like to say that they wrote the first or
>> some of the first virus for linux. Also google is now writing a
>> linux... And i aan think of at least one mega corp who'd like the
>> argument that linux is not as safe as people think. Though i usually
>> think it's more likely something else.
>>
>
> There are a few reasons in principle why Linux is safer than Windows.
> Most importantly, root access needs password permission by default, and
> in Ubuntu, the root account doesn't even have a password, by default.
> This doesn't prevent user-space access, however, nor does it mean it
> won't install what the user says to install (which is often a lot, these
> days).
>
> There's the motivation argument, sure. Linux is a smaller target, more
> difficult to compromise, and usually has smarter users, so the return on
> investment is significantly lower than you'd get by targeting Windows.
> But that is an argument for why Linux viruses wouldn't exist, not for
> why they couldn't exist.
>
> All this is cause for a false sense of security, which I think is
> dangerous. Some day, it's going to bite the Linux community hard.
>
> I'm as alert using Linux as I would be using Windows. I run a firewall
> and virus checker. I update my software whenever fixes are available. I
> don't let Flash or scripts execute in Firefox without permission. I
> don't let HTML display in Thunderbird without permission. I use long,
> high-quality passwords. And even then, I'm aware that my permission (and
> even root access to install apps) could easily be engineered, so I
> occasionally scan htop so that I'm familiar with what processes
> typically run on my machine.
>
> As much as we all like to gloat about compromised Windows users, the
> notion that Linux (or MacOSX) is immune from malware is false.
>
>
Ivo,
I guess one could turn your post into some kind of a check list.
However, it could be worse than a virus. I probably ran into some bad
company on the net, and attracted the attention of some bad-ass hackers
who could just be fooling around with me, (thinking that I have an
enormous time on my hands to spend figuring out what their infantile
obsessions are with security and how to plug the gaps.)
Yes I do know Capn. Crunch and used to phreak phones but that was back
in the bad old days. I no longer hero worship Fibr Optic or anybody
silly enough to want to break into a Unix installation. It's real
paranoid headspace.
Besides, I don't have a computer science degree. I like writing about
technology and playing with tech. My skills are extremely modest and
limited to bash.
A pro-Mono junkie could also be taking his frustration out on me by
exposing how vulnerable my humble machine is to outside infiltration. I
would really prefer if we just left our front-doors open and practiced
ubuntu!!!
As RMS suggests - just leave a space as your password. It's faster and
no worse than pretending that you have some form of security when we all
know, how quickly passwords can be compromised.
I don't think Ubuntu has the kind of encryption necessary to avoid a
sustained hack-attack by a professional, and would love to see some
Buntu-hack-fests, which is probably what should be happening so we can
figure out security.
Problem, is things often get busted by using force, and I could have
lost data.
But I'm a bad boy. I let thundebird execute HTML, I did everything one
does in a transparent environment, running flash the whole caboodle.
Therefore I probably got my password scammed somehow, I've now changed
it, and things are a lot less hectic than they were before it got
cracked again, and I had to reset it to something stronger.
Then again, there's also dealing with practical reality, which is the
fact that my mouse was probably dying and sending bad data to the dbus
which then lead to complications.
I've killed the mouse and amd using a backup and should be writing a
post to the effect -- Last night an evil hacker broke into my machine
and killed my mouse!
So laugh if you all want, but its no joke, no point in unfriending
Crunch is there?
Regards
DRL
--
888 8 8
8 8d8b. .d88 8 .d8b. Yb dP 8 8
8 8P Y8 8 8 8 8' .8 YbdP 8b d8
888 8 8 `Y88 8 `Y8P' YP `Y8P8
http://indlovu.bundublog.com
More information about the ubuntu-za
mailing list