spyware/malware and linux?
This is a discussion on spyware/malware and linux? within the Linux Security forums, part of the System Security and Security Related category; How vulnerable is Linux to spyware, malware, trojans, etc. compared to MS-Windows? I am a novice linux user, I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-01-2005
|
|||
|
|||
spyware/malware and linux?
How vulnerable is Linux to spyware, malware, trojans, etc. compared to
MS-Windows? I am a novice linux user, I guess my main concern, not knowing too much about linux security or vulnerability, is can trojan/malware get into my system when I download rpm or tarball open source applications, and if so how to prevent that? I got quite a wake-up call recently when someone used my credit card, obviously such info stolen from some online transaction, because they had the 3 digit security code, my phone number, name, etc. I have since turned off cookies, etc. But I want to learn more, harden my system, get wise regarding computer insecurity, lack of privacy while browsing, etc. 
|
|
07-01-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
Protagoras <protagoras@miworld.net> writes:
>How vulnerable is Linux to spyware, malware, trojans, etc. compared to >MS-Windows? I am a novice linux user, I guess my main concern, not knowing Much less, not least because it is Windows that most target. >too much about linux security or vulnerability, is can trojan/malware get >into my system when I download rpm or tarball open source applications, and >if so how to prevent that? Get them from reliable sources. Far greater danger is not keeping up to date on the security updates. at least once a week make sure you install the security updates published by your distribution. >I got quite a wake-up call recently when someone used my credit card, >obviously such info stolen from some online transaction, because they had >the 3 digit security code, my phone number, name, etc. I have since turned >off cookies, etc. But I want to learn more, harden my system, get wise >regarding computer insecurity, lack of privacy while browsing, etc.
|
|
07-01-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
On Fri, 01 Jul 2005 11:15:51 -0500, Protagoras wrote:
> How vulnerable is Linux to spyware, malware, trojans, etc. compared to > MS-Windows? Like a drag racer is vulnerable to be beaten by a bicycle. Less than 900 total malware programs created for linux/unix boxes and over 7,000 new malware programs created for M$ for 2005, _so far_ . http://www.zdnet.com.au/news/securit...9200021,00.htm > I am a novice linux user, I guess my main concern, not knowing too > much about linux security or vulnerability, is can trojan/malware > get into my system when I download rpm or tarball open source > applications, and if so how to prevent that? Only download from the vendor and trusted sites. Does not hurt to check everyday for any updates. > I got quite a wake-up call recently when someone used my credit card, > obviously such info stolen from some online transaction, because they had > the 3 digit security code, my phone number, name, etc. 3 digit code?? Sounds like you received email asking you to verify your account. That is a phishing attack and no OS can protect you from yourself. > I have since turned > off cookies, etc. But I want to learn more, harden my system, get wise > regarding computer insecurity, lack of privacy while browsing, etc. My solutions: Created seperate login accounts for credit card/bank, surfing, email, usenet and my user account. ..bash_logout deletes the browser subdirectory contents and reinstalls a pristine browser setup. All browser accounts have bogas email addresses. Created seperate eamil accounts for bank, family, friends and ebusiness. No browsing from email accounts; cut/paste into browser if given a url. That allows me to disable java/javascript. Just enable firewall during linux install and block all inbound access.
|
|
07-01-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
Bit Twister wrote:
.... > > 3 digit code?? Sounds like you received email asking you to verify your > account. That is a phishing attack and no OS can protect you from > yourself... It is pretty common for online merchants to ask/require the 3 or 4 digit secuirty code (CID?) that is on the back of a credit card for completing transactions. But now I am very hesitant-- I might just have to opt for payment some other method, like PayPal, or a check, or money order. Not really sure what to do; depressing how insecure credit card payment is-- odds are it is a dishonest criminal employee at online merchants, or pehaps just an online cracker, getting access to credit card info to use for criminal activity with credit card info.
|
|
07-01-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
On Fri, 01 Jul 2005 15:02:44 -0500, Protagoras wrote:
> Not > really sure what to do; depressing how insecure credit card payment is-- > odds are it is a dishonest criminal employee at online merchants, or pehaps > just an online cracker, getting access to credit card info to use for > criminal activity with credit card info. I hear that, one credit card company has a feature where you login and create a new one time card number with just the amount you want to pay. Cannot remember who has it. My backup is I cannot get a credit card because I always paid with cash and my job went off shore.
|
|
07-02-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
On Fri, 01 Jul 2005 15:13:46 -0500, Bit Twister wrote:
> I hear that, one credit card company has a feature where you login and > create a new one time card number with just the amount you want to pay. > Cannot remember who has it. MBNA is one of the larger card service providers, providing card services to many local & regional banks. Their on-line site is at www.ibsnetaccess.com or www.mbnanetaccess.com They have the service described, called "Shop Safe". Bank of America just announced acquisition of MBNA, so maybe they will also offer it soon. (FWIW - I haven't tried it.)
|
|
07-07-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
Unruh wrote:
> Protagoras <protagoras@miworld.net> writes: > >>How vulnerable is Linux to spyware, malware, trojans, etc. compared to >>MS-Windows? I am a novice linux user, I guess my main concern, not knowing > > Much less, not least because it is Windows that most target. Why do you think Linux is less vulnerable to malware, etc.? It's quite easy to own a box, once you've persuaded someone to execute your previously-prepared binary. It's quite different, when it comes to internet browsing with IE, compared to e.g. Firefox (which btw has its own problems). >>too much about linux security or vulnerability, is can trojan/malware get >>into my system when I download rpm or tarball open source applications, >>and if so how to prevent that? > > Get them from reliable sources. And check the signatures. -- Paweł Stróżniak
|
|
07-07-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
=?UTF-8?B?UGF3ZcWCIFN0csOzxbxuaWFr?= <pawel_strozniak@yahoo.co.uk> writes:
>Unruh wrote: >> Protagoras <protagoras@miworld.net> writes: >> >>>How vulnerable is Linux to spyware, malware, trojans, etc. compared to >>>MS-Windows? I am a novice linux user, I guess my main concern, not knowing >> >> Much less, not least because it is Windows that most target. >Why do you think Linux is less vulnerable to malware, etc.? Because it is. If nothing else then practical experience. 15 computers running Linux, on 24/7 for 15 years. Two breakins before I was running ssh because users logged on from Korea and had their passwords sniffed. >It's quite easy to own a box, once you've persuaded someone to execute your >previously-prepared binary. It's quite different, when it comes to internet >browsing with IE, compared to e.g. Firefox (which btw has its own >problems). Yes, I guess my users are smarter than yours are. Why would my users execute a previously prepared binary? And why would the writer write for Linux?
|
|
07-07-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
Unruh wrote:
>>Why do you think Linux is less vulnerable to malware, etc.? > > Because it is. If nothing else then practical experience. 15 computers > running Linux, on 24/7 for 15 years. 15 years? Linux...? > Two breakins before I was running ssh > because users logged on from Korea and had their passwords sniffed. Does this mean that your OS'es are less vulnerable to malware? >>It's quite easy to own a box, once you've persuaded someone to execute >>your previously-prepared binary. It's quite different, when it comes to >>internet browsing with IE, compared to e.g. Firefox (which btw has its own >>problems). > > Yes, I guess my users are smarter than yours are. Good for you. > Why would my users > execute a previously prepared binary? And why would the writer write for > Linux? That's a tricky question. Maybe to gain control over one of your machines? -- Pawe³ Stró¿niak
|
|
07-07-2005
|
|||
|
|||
|
Re: spyware/malware and linux?
Protagoras wrote:
> How vulnerable is Linux to spyware, malware, trojans, etc. compared to > MS-Windows? I am a novice linux user, I guess my main concern, not knowing > too much about linux security or vulnerability, is can trojan/malware get > into my system when I download rpm or tarball open source applications, and > if so how to prevent that? > > I got quite a wake-up call recently when someone used my credit card, > obviously such info stolen from some online transaction, because they had > the 3 digit security code, my phone number, name, etc. I have since turned > off cookies, etc. But I want to learn more, harden my system, get wise > regarding computer insecurity, lack of privacy while browsing, etc. > No OS is secure today! Some are more often used and of course vulnerabilities of these OS's will be abused more often. The question is, how do you practice security? If you work as root or administrator and don't care about patches, don't use the internet. Otherwies (in my opinion) Unix/Linux provides very good mechanisms to avoid this kind of crap, if one knows how to use them. Eric
|
Linear Mode
