Hi,

I've split this post off into its own topic, as it was not directly related to the topic in which it was posted.

Your contention is based upon flawed reasoning. That's understandable, because a lot of people follow the same flawed reasoning. They contend that Linux is 'safe' because malicious software can only effect the particular user's files and not the system root. That reasoning is unsound, as was explained quite a long time ago at linuxquestions.org
Here we go again :rolleyes: This very topic has been discussed to death and I'm sure you would find more than enough information to keep you reading for a long time, simply by using the forum search function.

Any way, the answer is that most operating systems are the same as far as security. The reason that Windows has a lot more viruses, worms, and malicious code in general is because it's a very popular OS run by a huge number of people as both a personal OS and on servers. This means that if you write a worm for Windows, it's very likely to infect a lot of hosts and get a lot of attention.

There are many times few Linux systems deployed than Windows systems, so right away it's a much less tempting target for malware writers, and add to that the fact that each Linux distro does things differently, some times very differently, and this makes it difficult to write malware that will affect most Linux-based OSs at once. Since the install base of Linux is split up very widely between at least dozens of major variants (out of the hundreds available), this makes it even more difficult to make a big splash with a Linux worm.

The last major difference is that with Linux OSs there isn't a single, dominant e-mail client like on Windows. Since there are so many different e-mail clients, and almost none of them have direct links to web browsers, and because there are so many different browsers used by Linux users, it's extremely difficult to write an e-mail virus/worm for Linux (because most e-mail malware counts on a specific vulnerability in an e-mail client that's tied to a specific browser). Part of this has also been pointed out, that so far Open Source e-mail clients down allow automatic execution of an attachment simply by clicking on it; however it should be noted that many of them display images by default, and with the recent BMP buffer-overflow vulnerability, this should be an eye-opener.

Any reasons other than the above are likely to be a red herring, in particular one argument that you often hear goes like this:
"On Linux user accounts aren't allowed to affect the entire system, so this prevents malware."

The fact that user accounts can't alter core OS files by default has nothing to do with malware on Linux. First of all, the most important "stuff" on a computer is the user data, and that can be altered if the user is comprimised by malware. Reinstalling the OS is easy (it's very possible to reinstall the OS while keeping user data intact), but user data is irreplacable. Second, you don't need root access to do the evil stuff that most malware does, i.e. participate in DDoS attacks, send spam, host scam websites, store illegal files, scan networks, repropagate itself, host an open proxy, be a "jump box" for crackers to attack other boxes, etc. Since malware can do everything it needs to with simple user permissions, this argument is almost completely false.

The only added benefit of root would be to alter firewall rules to allow inbound connections (for hosting scam sites and/or proxies), but everything else is either an outbound connection, or can be done with reverse tunnels. Also, assuming the identity of the user allows the attack to observe that user, such as hijack su or sudo and record the password the user types (which would give root access). Also, there are a large number of Linux kernel and other Open Source Software vulnerabilities which can only be exploited by local users, but once you've compromised a user account, the road is open for those exploits and a disturbing amount of them result in root access.

So in summary, Linux is currently relatively free of viruses and worms because it's not popular enough and not standardized enough to attack with automatically propagating malware. On the other hand, there are a very large number of "rootkits" that take automatically compromise a Linux system once the initial break-in has been made (using some vulnerability, or a guessed password, or some other method). There are a number of instances in the wild of automatic scans for known OSS vulnerabilities (such as with Apache, PHP, SSH, etc) and will automatically launch an exploit or alert an attacker who then manually conducts the exploit.

Yes, Linux is more 'secure' because it does not use Remote Procedure Calls in the fundamental way that Windows does, but this does not mean that it's inherently 'safe'. The predominant reason that few Linux systems get compromised by viruses and other malicious software is that Linux is not a standardised operating system that is in almost universal use. Should Linux ever become standardised and 'idiot proofed' to the extent that it becomes suitable for use as an everyday OS for 'Joe public' to use, then it WILL be compromised.

It is ridiculous to suggest that people should not use protective software on their PCs. It is even more ridiculous to suggest that Windows users should not use such software because you, as a Linux user, do not.

Hi,

All I am going to say is this: the only secure computer out there is the one that is encased in cement with no power or network connections.

I would rather secure a Linux box than a Windoze box.

Christian

There is no amount of application security, NT or otherwise, that will prevent you from receiving viruses on a Windows machine. They come as an attachment some people actually inadvertently run, or even as a TEMPORARY INTERNET FILE off of a site you may visit, without you even knowing, and do not need for you to run them for them to do what they are going to do. Some just report back to the person's server information about you, like what sites you've visited from your history logs, and don't affect applications or application security at all. Some disrupt network communication - which can affect ANY computer, not just Windows PCs. To say that NT application security will protect you is definitely a giving in to a false hope, especially without a firewall that lets that nasty traffic right in. Have fun getting your trojans.

Misinformed? How about the fact I have seen things firsthand? Can you say that you are an administrator of a network that has seen such things as non-application oriented scripts that will run regardless of the permissions you lock down on your computer? How about UNIX scripts that are not bound by Windows permissions? I've seen it happen on both my home network and the one I work on at work where things are not bound by simple Windows NT permissions. Where do you get off at? What experience do you have? Are you actually a legitimate Systems Administrator, or are you just a hobbyist?

You can't lock down your Temporary Internet Files folder to have only read permissions to it or you'd never get internet pages (they are downloaded off the internet for you to view them, after all, requiring "write" permission somewhere). And little good restricting a user's account would do if they are already a standard user. And how can you restrict an admin account without reverting it to a standard user account? Far as I know, unless you know something I don't, at least with XP, it's only either/or, nothing in-between. I know there are those that would say never log in as an admin unless you're going to install stuff. Yes, that is why they were created like this in the first place. But that is inconvenient and inefficient, and will not stop scripts that don't use normal install channels from running unblocked if the person is logged in under a standard user account, anyway, so what good does it serve a person other than to inconvenience themselves for nothing?

And all of the sudden I know nothing because I bring up viruses you obviously know nothing about:

Originally Posted by me:
They come as an attachment some people actually inadvertently run, or even as a TEMPORARY INTERNET FILE off of a site you may visit, without you even knowing, and do not need for you to run them for them to do what they are going to do.
Your response:Wrong, your failure to read is affluently made clear. Restrict administrative accounts from running untrusted applications and isolate/restrict standard users in a manner that prevents the virus from being able to propagate.

The specific issues I was talking about at the end of my quote aren't "applications" per se that will be picked up as such to be blocked from running. They come in the form of trojan scripts. Scripts are text-files, not applications. This is why they are called scripts. A script can run regardless of user privileges, and can fake a signature of a dll that is trusted. And all a virus needs is network connectivity and to have part of their script ran in order to propagate. I had a virus once that propagated through files I used just by me double-clicking and opening them before I realized what it was doing. All I could see right away was that it changed the file-extension to all-caps. After I went back to a file I had opened before and couldn't open it again, only then did I know something was wrong. But this opening of files action can be done by a standard user or admin user. People like you that rely on account privileges to solve everything are not living in reality, so yes, I do know better. Kinda funny how if someone has seen something you obviously haven't that it seems to automatically make them a liar and not know what they are talking about with you. Arrogance is not your best friend when it comes to the security threats that are out there, my friend.

... You see what that says? Adequate security cannot be provided by applications... it must be accomplished at the OS level. What does this mean? Application security DOSE NOT MATTER!

Unless your application is PERFECT sooner or later it will be exploited, and all applications get exploited in the same way.

cheers

catch

Oh dear! Your argument seems to beBecause no security application is perfect, it naturally follows that no such application is worthy of implementation and use! Seems a rather irrational argument to me!

No doubt you have achieved learning and/or qualifications, dude, but the simple factor of commonsense seems to be somewhat lacking in there. Effectively, you've told people that, because Security software for use on a Windows machine isn't perfect, they shouldn't bother using any of it.

Now I'm not sure if that was your intention, but it most certainly is the effect of your comments to date. And it's downright silly. While you're busy waiting for Utopia to come along, we'll just keep right on advising people to use the protections which ARE available to them, thanks!

Are you looking for an argument of just slumming?

Most people know f@ck-all about security..........

Others, however, now f@ck-all about contributing to hep forums. So far the sum total of your contributions has been entertainment value only, without a single piece if practical advice offered.

If all you have to say is "Security software is not needed, only I know how to set up a system and I'm not going to tell you how" then I'm afraid you're simply wasting space making comment!

If all you have to say is "Security software is not needed, only I know how to set up a system and I'm not going to tell you how" then I'm afraid you're simply wasting space making comment!

Couldn't have said it better myself.

I will agree that much, if not all, of what you said, catch, was stuff us as admins were not taught in our bachelor's or MCSA courses and would have to do graduate/specialized IT security training to learn (i.e. DBAC, RBAC, etc.), however - that does not make it foolproof as far as practicality to simply rely on OS security to avoid viruses or attacks, and I was speaking entirely of Windows, not any other OS you or your teams may have come across, created, or implemented, as Microsoft has 90% of the market today and what is really what people would want to worry about. Chances are, if you're speaking of any other OS, they have their own proprietary security or permissions or controls that probably DOES in some way allow you to do what you are trying to divulge, but are withholding. But I challenge you to do this with a typical corporate networked, multi-user Microsoft 2000 or XP Pro system.

In Windows, you can't always be logged on as a standard user - you will eventually have to install programs, and likely eventually have one you'll need to stay online, or at least networked to a computer that could be online, to complete. You can't lock down the Temporary Internet Files folder. There will always be some time, some where, at which you will be vulnerable if you stick with permissions and transitive trusts as your sole methods of keeping out the files and attackers that are bouncing around on the internet, unless you're willing to share your knowledge on how you guys have set things to where this really does become a non-issue on a Windows system. I don't see it happening, myself.

Just by going to this website on a Windows computer you'll have a number of files download to your computer to display it (icon_cool.gif, insertimage.gif, bold.gif, etc.) and any of those images could have a virus attached to them that, when the picture is displayed, could cause any picture you open on your computer after that to become corrupt. Do I have to send you this virus to prove that it exists and what it can do? It is W32/Klez@mm. I do know what I am talking about, and no security permissions in the world can prevent the spread, because you run the virus just by opening another picture (gif, bmp, jpg, tiff) or mp3 file. It doesn't install anything anywhere, so it doesn't need admin privileges to spread. The only thing that may save you is that it will likely be confined to just your current profile and not any other user on the machine as long as you don't open a file that could be open by any user as the user that downloaded the virus, and this is just a guess on my part.

I agree that running an AV software that won't have the definition file for the latest threat out there won't help you, but neither will Windows permissions, as this was what I thought we were originally discussing. Leave other OSs out and focus on what 90% of us know and have. It's useless to talk about a feature of Mac's Tiger or Linux' Enterprise 4 or Sun Solaris or any other proprietary OS when the rest of the world isn't using them. Especially if you aren't going to say specifically what you are doing to lock the systems down but leave them functional for an administrator to install programs, user to surf the 'net, etc.

this expert only spoke out all of his title and resume. nothing else.

So the moral of the story is that if you a guru at Windows you don't need AV or Firewall, but if you thick like me you do. What is the comparison between using an AV / Firewall or letting windows security to avoid malicious software, against usability.

I have to security lock down PCs in my job, and many of the things I test make the PC completely unusable, to the point you can't even load the operating system.

If you don't want to discuss other OSs fine, but 10% of the computer using public is still a large proportion, and it's good that this forum duly caters for them.

Catch-er got a rubber arm Catch-er got a rubber arm ,no sorry that pitcher got a rubber arm isn't it ,oh well .Have fun and spread like a worm!lol

I currently run roughly 10 linux machines at a datacneter.. 5 production... 5 offline..

ALl of them are equipped with what I like to call "nazi" a type firewall an virus protection.

The mail servers run spamassain and clamav.

It is simply a MUST. Just how you would put a lock on your door.

Hey guys...this person is a self aggrandizing wanabe autocrat with a tendecy toward pompous pontification. This person gets off on this crap...let's cut him loose.

huh?? what??

DCC: are you talking about me?

I was stating the facts.

No Way...I was refering to the author of the thread, what was it...catchup, catch22, or something like that?