jump to navigation

Linux Security Concerns December 10, 2006

Posted by Nigel Ajay Kumar (NAyK) in Article Watch, Discussions-Conclusions-Hopes, Linux.

I read this post that hinted that Linux security is not progressive (Like Microsofts) and thus could stagnate… plus that Linux is not the centre of Virus attacks, thus there are no attacks at present.  In the comments of this post, I found a link to this site, which asserted Linux security. The pro-Linux security site is a little technical, but what I could glean from it was basically to assert that Linux is internally more secure, from its core, more than Windows. This is partly because of it’s “modular structure” and asking the pertinent question: “Do the attacks so often succeed on Windows because the attacks are so numerous, or because there are inherent design flaws and poor design decisions in Windows?”

Anyway this is just an added discussion site, I’m not technical knowledgeable to argue one way or the other, but I do prefer the Linux-is-more-secure story. Especially since currently I’m experimenting with Anti-Virus software on Windows.

But I don’t want to be blind either. I know that viruses/trojans etc are not the only attacks through the internet… and instead, hackers/people controlling machines, getting data… are growing.

Therefore, perhaps, the earlier sites’ concerns are still valid, I hope (because I’m not the one doing it!) that the people behind linux are actively looking to strengthen security and informing users like me how to become more secure in the way we use/implement Linux.

Right now, I use Linux without a firewall in Ubuntu (I think). Nor do I think I have an anti-virus installed. Thus, I guess, I need to know how badly I need one… and when. Yesterday? or Tomorrow?



1. liquidat - December 10, 2006

Hm, about the article you’ve linked:
The analysis, especially part one about the need for windows to evolve, is missing one important information: Microsoft Windows is a de-facto-standard. Therefore there is no need at all to improve the security. No matter how bad the operating system is, how many viruses are attacking it, how bad the security design is – as long as it is a de-facto monopoly there is no pressure at all to change anything. That is a market rule.
So, NO, Windows WILL NOT become more secure.

And about the second reasons, that Linux is more secure because there are less people attacking it. This is a myth, a dream, or whatever, but nothing anyone was ever able to prove. Everyone says it, because it sounds reasonable, but as soon as you investigate a bit more the situation looks different. One thing which shows that this picture does not fit to real life experience is the Apache web server. It has a market share over 65 percent, but does not struggle big problems. But according to the theory mentioned above it should first have quite a lot of security problems all the time and should second have much more than the other web servers.
Also, another thing is that there are quite many Linux machines out there: the server area has enough machines to make Linux a very interesting and very valuable target. However, there never appeared a big Linux worm infecting half of all Linux machines out there.

And about firewalls: You probably need one if you have to control your network traffic – that means, if your machine is a gateway. Or you need one, if you have open ports. But in such cases you can just close these open ports, and that’s it.
If you want to prevent one of your applications to call home, you might want to consider to delete them – if an application really wants to talk home it will try to work around the firewall anyway (just search for security problems of Windows firewalls, you will be surprised).

Last but not least, virus scans: there are no real Linux viruses in the wild. This is partially due to the fact that you do not have root rights in Linux, making it hard to write a good working virus.
Also, you should keep in mind that a virus scanner is only working as long as the virus is not on the computer – modern viruses kill every virus scanner immediately, or replace it with a dummy application. So it is better when you keep an eye on the applications you start.

Btw., I use a virus scanner on my Linux machine: clamav is scanning e-mails – and it also detects fishing mails. It filters all fishing attempts out, making my life a bit easier :)

2. Ann Onimous - December 11, 2006

Several points:

– Many articles discuss the small market share of Linux, but never describe what the term means. Market share is the number of copies sold commercially. Since Linux is free, few people purchase Linux commercially (even business, even for servers), giving Linux a tiny markey share (about 3%). A better measure is “installed base”. Estimates of the Linux installed base put it at approximately 2x the Macintosh installed base (about 15%). So in reality, Linux is more than large enough to present an attractive target. Google alone is composed of approximately 500,000 Linux machines. Easily the single most attractive target on the Internet.

– From personal experience, my Linux machines have been under continuous hack attempts for the last 6 years. The attacks are happening, they are active and continuous – they are simply not effective.

– Linux has several security features that modern distributions like Fedore Core sport: ExecShield and SELinux. Unfortunately, Ubuntu does not include either as far as I know. These two facilities prevent “0-day” attacks – attacks on vulnerabilities before they can be corrected. In fact, ExecShield is so effective that Microsoft has essentially copied the functionality for Vista. This is a good thing; as Windows becomes more secure, the whole Internet benefits. Unfortunately, Microsoft hasn’t gone so far as to copy SELinux. This security system limits the damage that can occur, even if ExecShield is bypassed via a secondary bug.

The combination of a strong firewall (IPTABLES), ExecShield, SELinux, and the practices and procedures in open source development make Linux extremely secure.

I should mention that an anti-virus program is available (most people that need one use ClamAV), however, it’s not to protect Linux. When using Linux systems as an email and/or file server for Windows clients, the anti-virus removes Windows viruses, trojans and worms from email and files.

3. laosboyme - December 15, 2006

I think its because Virus programmers uses Linux as there O.S specially Hackers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: