Linux Security

The machines we love to hate

Moderator: Wiz Feinberg

Post Reply
User avatar
Sonny Jenkins
Posts: 4376
Joined: 19 Sep 2000 12:01 am
Location: Texas Masonic Retirement Center,,,Arlington Tx

Linux Security

Post by Sonny Jenkins »

I am "test driving" a very user friendly version of Linux. Being VERY technologically challenged,,,and having always heard that Linux is MUCH less susceptible to viruses, threats and malware, I wondering what the reason for this is. Is it because fewer people use Linux, therefore the hackers don't target it as much??,,,,OR????
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Post by Wiz Feinberg »

Don't be fooled into believing that Linux is less exploitable. It isn't. But, it isn't the usual target until you move into the area of Linux servers. They are constantly targeted.

To safely operate a Linux computer you must not log in as "Root" to do daily stuff (browsing, email, artwork). Rather, log in as a less privileged "User." You should be prompted to create a "User" account after setting the "Root" password. Any time you run software updates or install a new program you must type in the Root password to continue.

The User account is all that separates you from external threats. Many of these threats come over the wires, so to speak, exploiting open ports and unprotected services. Others are embedded in compromised software updates or new programs.

You should install an anti-virus program for added safety. One should appear in the list of supported software for you to install.

Also, make sure there is a router between the modem and the computer. Close all unnecessary ports. Disable UPnP and remote access.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Chuck Miller
Posts: 86
Joined: 2 Sep 2004 12:01 am
Location: Newton, Iowa, USA

Post by Chuck Miller »

Here is a link that discusses Linux and virus'. There a few reasons why Linux is less suseptible to virus' then say Windows.

https://www.linux.com/learn/myth-bustin ... ne-viruses

1. Almost all Linux distributions set up a limited user. Windows, by default sets you up as an administrator. Wiz has repeatedly encouraged people to create a limited user account and use it for everyday use.

2. Even though there are hundreds of Linux distributions out there. They are not all set up the same way. If you wrote a virus for one distribution it may not work on another distribution. The same programs may run on different distros, but often have to be re-compiled to the specific version.

3. Many more people use Windows than either Mac or Linux, so percentage wise Linux is a smaller target.

That is not to say Linux or Unix are invulnerable, just harder to pin down. In the early days of the Internet, there was a worm that was written and aimed at a popular OS mainly used by universities to run there computers. It infected the hosts and tried to send itself to other computers. The problem was it would multiply on the infected machine until it consumed all the processing power, thus call attention to itself rather quickly. Even so, it would only run on very specific software. Therefore it was found quickly, and the vunerbility was patched.

Windows can be Secured as well with the proper mindset. Limited user, proper firewall (Hardware and software), Virus and mal-ware detection.

Chuck

edited to add link and fix spelling.
Last edited by Chuck Miller on 28 Jun 2017 10:46 am, edited 1 time in total.
Dave Potter
Posts: 1564
Joined: 15 Apr 2003 12:01 am
Location: Texas

Post by Dave Potter »

Wiz Feinberg wrote:Also, make sure there is a router between the modem and the computer. Close all unnecessary ports. Disable UPnP and remote access.
As usual, Wiz's advice is golden. We're fortunate to have such a well-informed expert in our midst.

The subject of vulnerable ports on connected PCs is not often a topic discussed at cocktail parties. IMO, most users just ignore it, hoping it will just "take care of itself". Unfortunately, open ports are targets of opportunity for hacker and malware purveyors - they're virtual "bird's nests on the ground". It therefore makes sense to become aware of one's own status regarding the ports on one's PC.

This web site is one I've used for years to scan the ports on my PCs, and to follow the wealth of advice provided to secure ports I don't need open.

The site provides a lot of useful info regarding ports, their common uses, and ways to prevent port vulnerability. For example, after clicking the "Proceed" button, the "All Service Ports" option in the center of the next page initiates a probe of the first 1056 ports on one's system to check for vulnerabilities. The rationale for only the first 1056 ports is explained, and suggested remedial action is offered after the probe completes for any ports found open.

I ran this scan on my own system just now, and got a perfect score, meaning not a single port was vulnerable to exploitation:

Image

It's reassuring to know that one's PC is "invisible" in the web, and that it's secure from exploitation, at least as much as it can be.
User avatar
Sonny Jenkins
Posts: 4376
Joined: 19 Sep 2000 12:01 am
Location: Texas Masonic Retirement Center,,,Arlington Tx

Post by Sonny Jenkins »

Appreciate "Wiz Wisdom" !!!!!

Dave,,,all mine check VERY good on this win10 machine. Do you run the same program on your Linux system?
Dave Potter
Posts: 1564
Joined: 15 Apr 2003 12:01 am
Location: Texas

Post by Dave Potter »

Sonny Jenkins wrote:Do you run the same program on your Linux system?
No Linux here yet, Sonny. ;-)

You're way out ahead of me on that. Good on ya!
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Post by Wiz Feinberg »

Dave Potter wrote:
Wiz Feinberg wrote:Also, make sure there is a router between the modem and the computer. Close all unnecessary ports. Disable UPnP and remote access.
As usual, Wiz's advice is golden. We're fortunate to have such a well-informed expert in our midst.

The subject of vulnerable ports on connected PCs is not often a topic discussed at cocktail parties. IMO, most users just ignore it, hoping it will just "take care of itself". Unfortunately, open ports are targets of opportunity for hacker and malware purveyors - they're virtual "bird's nests on the ground". It therefore makes sense to become aware of one's own status regarding the ports on one's PC.

This web site is one I've used for years to scan the ports on my PCs, and to follow the wealth of advice provided to secure ports I don't need open.

The site provides a lot of useful info regarding ports, their common uses, and ways to prevent port vulnerability. For example, after clicking the "Proceed" button, the "All Service Ports" option in the center of the next page initiates a probe of the first 1056 ports on one's system to check for vulnerabilities. The rationale for only the first 1056 ports is explained, and suggested remedial action is offered after the probe completes for any ports found open.

I ran this scan on my own system just now, and got a perfect score, meaning not a single port was vulnerable to exploitation:

Image

It's reassuring to know that one's PC is "invisible" in the web, and that it's secure from exploitation, at least as much as it can be.
Everybody can benefit from running Steve Gibson's ShieldsUp port test. I have been using Steve's website to scan for open ports and exposed services since before the year 2K. I was introduced to him by Leo Laporte, on his cable TV show TechTV. They now co-produce a weekly podcast called Security Now, on TWIT TV.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Newly discovered serious vulnerability in most Linux distros

Post by Wiz Feinberg »

Just a day after my last reply to this topic I learned about a new vulnerability affecting most Linux distros. The bug has existed since 2015! Ubuntu has released a patch already, so please check for software updates asap.

This is an over-the-wires exploit that requires no user interaction. Successful exploitation could lead to a complete takeover.

Read the technical explanation if you wish on this Bleeping Computer article.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Chuck Miller
Posts: 86
Joined: 2 Sep 2004 12:01 am
Location: Newton, Iowa, USA

Post by Chuck Miller »

That exploit was in one of tentacles of the octopus called SystemD :twisted:, a started by a couple of Red Hat Linux developers that think the thing to do is make all linux distributions alike. Thus allowing software vendors to write just one version for all the linux systems and be done.The bad thing is they are making it impossible to not use their sowtware. If I wanted that, I would just stay with windows, which is why I am in the process of moving to FreeBSD. having been a loyal Debian Linux user for 15 years SystemD only works with linux, so I should be safe for a while, I hope :D.

Chuck
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Post by Wiz Feinberg »

Chuck Miller wrote:Snip...
If I wanted that, I would just stay with windows, which is why I am in the process of moving to FreeBSD. having been a loyal Debian Linux user for 15 years SystemD only works with linux, so I should be safe for a while, I hope :D.

Chuck
OpenBSD has just announced that an upcoming distro will contain a feature, code named KARL, that causes a new kernel arrangement to be compiled every time the computer is rebooted. Since this is over my head, you can read the details here.

I don't know what the connection is between OpenBSD and FreeBSD, or if this new feature will be incorporated into FreeBSD as well.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Chuck Miller
Posts: 86
Joined: 2 Sep 2004 12:01 am
Location: Newton, Iowa, USA

Post by Chuck Miller »

Looks interesting. Of the 3 major BSD versions Open BSD tries to focus on security. FreeBSD is very stable and handles heavy loads (like high bandwidth servers). There is also pcBSD that tries to be a little more desktop friendly.

It sounds like KARL is coming to FreeBSD on the next release 11.1

snip
KARL generates kernel binaries with random internal structures, so exploits cannot leak or attack internal kernel functions, pointers, or objects.

The Linux project has just added support for Kernel Address Space Layout Randomization (KASLR) in 4.12 kernel.

As for Windows, KARL is not supported, but Microsoft has used KASLR for many years.

The difference between the two is that KARL loads a different kernel binary in the same place, while KASLR loads the same binary in random locations. Same goal, different paths.

/snip
So it's all about hiding from the bad guys.

Chuck
Post Reply