[操作疑難] Will Linux Be Infected By Malware Or Not?

本帖最後由 samiux 於 2015-9-17 17:44 編輯

When I came to know Linux, almost all advanced Linux users told me that Linux is impossible to be infected by virus and malware due to its excellent design. Except root or sudoer, nobody has the privilege to do harm on the system including malware. In case your Linux is infected, only you (the user) is affected. Therefore, you are not required to install any anti-virus or anti-malware application on Linux system. Meanwhile, Linux will not infected Windows based malware. Moreover, Linux developers tried to harden the Linux kernel in many ways, such as ASLR, XD/NX, SELinux, Apparmor, and Gentoo's harden-kernel, etc.

After being an Information Security Enthusiast, I recognized that it is totally not true. In my opinion, Linux just like any other operating systems that can be infected by malware and the interference is not limited to your system only. There are many such news recently.

Read more ....

Samiux

Update reason : fix typo

本帖最後由 ykmran 於 2015-9-17 18:31 編輯

Want to get your Linux server infected?
1. Allow root login in SSH and allow password login
2. Set root password to 123456
3. Expose your SSH server to public, leave port number as default (22)
4. Wait for few minutes, and enjoy

Want to get your Linux desktop infected?
http://chinaossafe.360.cn/


Between, if you are really unlucky enough, just like your web browser (firefox etc) is being exploited by a 0day and you don't have apparmor/selinux installed, you can say goodbye to your ~/.ssh/id_rsa

TOP

Besides, satire and ridicule as well as arrogant behavior of most HKEPC users, the other common behavior is that they often not read the whole article or follow the link that someone else posted then express their point of view.

Disappointed!

Samiux

TOP

Besides, satire and ridicule as well as arrogant behavior of most HKEPC users, the other common beha ...
samiux 發表於 2015-9-17 19:31


唔係個個人都有興趣睇article架,好多人都係tldr
我上面個reply都純粹point out左中毒主要係user問題,os同軟件本身唔太relevant


你冇理解過其他人發言既context就disappoint人地,你都唔會好得去邊

TOP

本帖最後由 ykmran 於 2015-9-17 21:50 編輯

不如我再off topic講d你最唔鐘意既政治野,令你個post沉下底都好

好耐以前popvote單野,你就話popvote好多人用,所以hashing一定要快,所以一定係md5+salt。md5本身唔安全,所以popvote一定唔安全,所以popvote被sql inject + leak db係冇錯。

點解你會有d咁既assumption既?

愛國愛黨先不論,zion出晒名係雙氧水教,以前仲帶埋成班人上山避殞石。點解你可以唔睇人地既reputation亂咁share d唔好既野出黎呢?

我依家咁對人不對事,係咪覺得我仲arrogant左,仲對我disappoint左呢?唔緊要,你可以話我冇資格同你講野,都可以話對所有epc會員好失望,however nobody cares

我都係諗住用開玩笑角度講下中毒係user問題,既然你自尊心低到覺得人地講下野都係諷刺緊你,仲要辣慶火頭,咁我真係唔介意再講多幾講

TOP

本帖最後由 samiux 於 2015-9-18 09:54 編輯

I really do not care about the click rate of this post or if there is any reply, which is including all my previous or future posts.  My audience are all over the world and is not limited in HKEPC or Hong Kong.  I am a blogger in Linux and Infosec since 2009 and my click rate is over 2,290,000.  If there is any doubt, you can google my nick.  For those who do not want to visit to my blog but want to confirm my version, you can visit the third party page that showing my blog's global ranking (by Alexa) at FeedDigest Web.

I always share interesting and valuable as well as educable articles.  I always believed that quality is superior to quantity.  I am here to discuss Linux and technology.  It is no way for anybody to hurt anyone in any form.  Recently, I notice that almost all forums in Hong Kong are in this atmosphere, that is to personal attack, satire, ridicule, arrogant, hatred as well as nonsense.  Those are mis-using the open platforms and resources.  It is unhealthy to the communities and society.

By the way, a little bit off topic, but I need to emphasize that no matter what you eat; what you think; what you learn; what you speak and what's your living is, your race is never be changed which is also extended to your descendant forever.  It is by born.  I know that you are very upset to know that.  I am regret to let you know.  No matter how you dislike it, it is the truth that you are a Chinese.  I will not discuss this matter any more here as this area is for Linux and technology.

Any discussion on information security is welcome.

Samiux

Update reason : add the 3rd party web page link

TOP

本帖最後由 vichui 於 2015-9-18 10:30 編輯

回覆 1# samiux

You have been totally miss-understanding what the Ching said in here. Most advanced Linux users tolds Linux is impossible to be infected WHEN you make sure your system is secured!!

What mean by system is secured?? That is all what you point out in your article..
1. Keeping your Linux system up-to-date. It is a must!!Why? When there a update is out, there only 2 reason: 1, function enhance or 2. fix a bug. So is if can called secured when there has a bug on system? If your Linux system up-to-date, why you have to afraid malware break in via vulnerability? For unknow vulnerability, Malware Detect or Anti-Virus doesn't have help too!!

2.  You said when user a weak password, so there will be inflected. So once again, does it mean your system is secured for using a weak password? Further, the most dangerous part if using a weak password is not inflected by malware. The most dangerous part is your system is too easy to break-in, such as  by a ssh password attack. When broken-in it gains the whole control of your system!! And again Malware Detect or Anti-Virus doesn't have help too!!   

So as concluded of your article, the suggestion for this kind of Linux user is not to install a anti-virus/malware detect software since it doesn't really help. The best suggestion to them should be CORRECT their own behaviour on using a system.


Final words for you:-
If a user follows, install the software list in your blog,  thinking it is safety and continue the attitude as your descried. What you think about this? My comment is it is MORE RISKY!!!!

TOP

回覆  samiux

You have been totally miss-understanding what the Ching said in here. Most advanced L ...
vichui 發表於 2015-9-18 10:15

就好似遇到heartbleed, shellshock甚至未知既openssh/nginx/apache 0day,靠ids係咪可以食過世呢?

TOP

本帖最後由 ykmran 於 2015-9-18 10:49 編輯

又或者咁樣,一個裝晒最新update,follow晒security best practice,web app冇bug,全部用strong password既server,有幾大機會get infected by virus/backdoor/trojan呢?

我都想睇下有冇咁既機會
即使有,ids幫到d咩呢?

呀samiux兄,如果呢到係高登,你拎定個屎忽出黎都得啦,我都唔會再咁比面你。

TOP

What is Malware?

According to Wiki, Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.  Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker). 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.

Assumption

We assume that Windows and Linux (as well as other operating systems, we take Windows and Linux as example) are up-to-date and all known vulnerabilities have been fixed.  Meanwhile, the credentials of all users, including root and admin accounts are in strong password.  In addition, all users do not visit any illegal sites, such as porn sites, gambling sites, pirate software/media sites and etc.

Hacking via Browser

Unfortunately, I cannot find any information about browser hacking in Wiki.  If you have read my first article, you will know that one of the most common attacks is "Browser attack".  Therefore, I will talk about browser here.  Browser is a very complicated software which renders the contents of the website to the users and vice versa.  There are many ways to attack the browser users.  I name some of them here :

- Browser flaw
- Website flaw
- Networking flaw
- Browser plugins flaw
- Human flaw
- Attacker intention

Once any of the captioned elements exists, you will be compromised by malware.  No matter your system is Linux or Windows.  As in my first article, I also mentioned "Privilege Escalation".  I will not go into it in details.  Modern Windows and Linux systems are not in admin rights by default.  However, there are many ways to do so in any operating system, including Windows and Linux.  

Conclusion

I will not go into all attacks in details too.  There are many ways to do so and I only mentioned the "Browser Attack" here.  Even your Linux system is up-to-date, with strong credentials and do not do any illegal or not ethical activities, you may have chance to be infected by malware.

Linux users are required to protect themselves from being compromised by malware and do not believe the myths.  Meanwhile, it is not easy for general users to identify if their system is infected or not, that why there is a technology namely "Linux Forensics".  I hereby to rise a signal to all that "LINUX CAN BE INFECTED BY MALWARE".

By the way, to response to @vichui, I did not say that it is totally safe to do what I recommended in my first article.  I mentioned that it is what I am currently using only.  Be keep in mind that there is no "bullet proof" system in the world at the moment.  That's why I always monitoring my Linux systems even I implmented a lot of precaution measurement.

Lastly, @vichui already supports my version as he mentioned at #7 that it is "MORE RISKY" to follow my first article to install the said software.  So, his comment is "Linux has a risk to be infected by malware".

Thank you.

Samiux

TOP