Board logo

標題: [操作疑難] Will Linux Be Infected By Malware Or Not? [打印本頁]

作者: samiux    時間: 2015-9-17 16:45     標題: Will Linux Be Infected By Malware Or Not?

本帖最後由 samiux 於 2015-9-17 17:44 編輯

When I came to know Linux, almost all advanced Linux users told me that Linux is impossible to be infected by virus and malware due to its excellent design. Except root or sudoer, nobody has the privilege to do harm on the system including malware. In case your Linux is infected, only you (the user) is affected. Therefore, you are not required to install any anti-virus or anti-malware application on Linux system. Meanwhile, Linux will not infected Windows based malware. Moreover, Linux developers tried to harden the Linux kernel in many ways, such as ASLR, XD/NX, SELinux, Apparmor, and Gentoo's harden-kernel, etc.

After being an Information Security Enthusiast, I recognized that it is totally not true. In my opinion, Linux just like any other operating systems that can be infected by malware and the interference is not limited to your system only. There are many such news recently.

Read more ....

Samiux

Update reason : fix typo
作者: ykmran    時間: 2015-9-17 18:27

本帖最後由 ykmran 於 2015-9-17 18:31 編輯

Want to get your Linux server infected?
1. Allow root login in SSH and allow password login
2. Set root password to 123456
3. Expose your SSH server to public, leave port number as default (22)
4. Wait for few minutes, and enjoy

Want to get your Linux desktop infected?
http://chinaossafe.360.cn/


Between, if you are really unlucky enough, just like your web browser (firefox etc) is being exploited by a 0day and you don't have apparmor/selinux installed, you can say goodbye to your ~/.ssh/id_rsa
作者: samiux    時間: 2015-9-17 19:31

Besides, satire and ridicule as well as arrogant behavior of most HKEPC users, the other common behavior is that they often not read the whole article or follow the link that someone else posted then express their point of view.

Disappointed!

Samiux
作者: ykmran    時間: 2015-9-17 21:23

Besides, satire and ridicule as well as arrogant behavior of most HKEPC users, the other common beha ...
samiux 發表於 2015-9-17 19:31


唔係個個人都有興趣睇article架,好多人都係tldr
我上面個reply都純粹point out左中毒主要係user問題,os同軟件本身唔太relevant


你冇理解過其他人發言既context就disappoint人地,你都唔會好得去邊
作者: ykmran    時間: 2015-9-17 21:33

本帖最後由 ykmran 於 2015-9-17 21:50 編輯

不如我再off topic講d你最唔鐘意既政治野,令你個post沉下底都好

好耐以前popvote單野,你就話popvote好多人用,所以hashing一定要快,所以一定係md5+salt。md5本身唔安全,所以popvote一定唔安全,所以popvote被sql inject + leak db係冇錯。

點解你會有d咁既assumption既?

愛國愛黨先不論,zion出晒名係雙氧水教,以前仲帶埋成班人上山避殞石。點解你可以唔睇人地既reputation亂咁share d唔好既野出黎呢?

我依家咁對人不對事,係咪覺得我仲arrogant左,仲對我disappoint左呢?唔緊要,你可以話我冇資格同你講野,都可以話對所有epc會員好失望,however nobody cares

我都係諗住用開玩笑角度講下中毒係user問題,既然你自尊心低到覺得人地講下野都係諷刺緊你,仲要辣慶火頭,咁我真係唔介意再講多幾講
作者: samiux    時間: 2015-9-18 06:48

本帖最後由 samiux 於 2015-9-18 09:54 編輯

I really do not care about the click rate of this post or if there is any reply, which is including all my previous or future posts.  My audience are all over the world and is not limited in HKEPC or Hong Kong.  I am a blogger in Linux and Infosec since 2009 and my click rate is over 2,290,000.  If there is any doubt, you can google my nick.  For those who do not want to visit to my blog but want to confirm my version, you can visit the third party page that showing my blog's global ranking (by Alexa) at FeedDigest Web.

I always share interesting and valuable as well as educable articles.  I always believed that quality is superior to quantity.  I am here to discuss Linux and technology.  It is no way for anybody to hurt anyone in any form.  Recently, I notice that almost all forums in Hong Kong are in this atmosphere, that is to personal attack, satire, ridicule, arrogant, hatred as well as nonsense.  Those are mis-using the open platforms and resources.  It is unhealthy to the communities and society.

By the way, a little bit off topic, but I need to emphasize that no matter what you eat; what you think; what you learn; what you speak and what's your living is, your race is never be changed which is also extended to your descendant forever.  It is by born.  I know that you are very upset to know that.  I am regret to let you know.  No matter how you dislike it, it is the truth that you are a Chinese.  I will not discuss this matter any more here as this area is for Linux and technology.

Any discussion on information security is welcome.

Samiux

Update reason : add the 3rd party web page link
作者: vichui    時間: 2015-9-18 10:15

本帖最後由 vichui 於 2015-9-18 10:30 編輯

回覆 1# samiux

You have been totally miss-understanding what the Ching said in here. Most advanced Linux users tolds Linux is impossible to be infected WHEN you make sure your system is secured!!

What mean by system is secured?? That is all what you point out in your article..
1. Keeping your Linux system up-to-date. It is a must!!Why? When there a update is out, there only 2 reason: 1, function enhance or 2. fix a bug. So is if can called secured when there has a bug on system? If your Linux system up-to-date, why you have to afraid malware break in via vulnerability? For unknow vulnerability, Malware Detect or Anti-Virus doesn't have help too!!

2.  You said when user a weak password, so there will be inflected. So once again, does it mean your system is secured for using a weak password? Further, the most dangerous part if using a weak password is not inflected by malware. The most dangerous part is your system is too easy to break-in, such as  by a ssh password attack. When broken-in it gains the whole control of your system!! And again Malware Detect or Anti-Virus doesn't have help too!!   

So as concluded of your article, the suggestion for this kind of Linux user is not to install a anti-virus/malware detect software since it doesn't really help. The best suggestion to them should be CORRECT their own behaviour on using a system.


Final words for you:-
If a user follows, install the software list in your blog,  thinking it is safety and continue the attitude as your descried. What you think about this? My comment is it is MORE RISKY!!!!
作者: ykmran    時間: 2015-9-18 10:42

回覆  samiux

You have been totally miss-understanding what the Ching said in here. Most advanced L ...
vichui 發表於 2015-9-18 10:15

就好似遇到heartbleed, shellshock甚至未知既openssh/nginx/apache 0day,靠ids係咪可以食過世呢?
作者: ykmran    時間: 2015-9-18 10:47

本帖最後由 ykmran 於 2015-9-18 10:49 編輯

又或者咁樣,一個裝晒最新update,follow晒security best practice,web app冇bug,全部用strong password既server,有幾大機會get infected by virus/backdoor/trojan呢?

我都想睇下有冇咁既機會
即使有,ids幫到d咩呢?

呀samiux兄,如果呢到係高登,你拎定個屎忽出黎都得啦,我都唔會再咁比面你。
作者: samiux    時間: 2015-9-18 11:34

What is Malware?

According to Wiki, Malware is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.  Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage (e.g., Stuxnet), or to extort payment (CryptoLocker). 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.

Assumption

We assume that Windows and Linux (as well as other operating systems, we take Windows and Linux as example) are up-to-date and all known vulnerabilities have been fixed.  Meanwhile, the credentials of all users, including root and admin accounts are in strong password.  In addition, all users do not visit any illegal sites, such as porn sites, gambling sites, pirate software/media sites and etc.

Hacking via Browser

Unfortunately, I cannot find any information about browser hacking in Wiki.  If you have read my first article, you will know that one of the most common attacks is "Browser attack".  Therefore, I will talk about browser here.  Browser is a very complicated software which renders the contents of the website to the users and vice versa.  There are many ways to attack the browser users.  I name some of them here :

- Browser flaw
- Website flaw
- Networking flaw
- Browser plugins flaw
- Human flaw
- Attacker intention

Once any of the captioned elements exists, you will be compromised by malware.  No matter your system is Linux or Windows.  As in my first article, I also mentioned "Privilege Escalation".  I will not go into it in details.  Modern Windows and Linux systems are not in admin rights by default.  However, there are many ways to do so in any operating system, including Windows and Linux.  

Conclusion

I will not go into all attacks in details too.  There are many ways to do so and I only mentioned the "Browser Attack" here.  Even your Linux system is up-to-date, with strong credentials and do not do any illegal or not ethical activities, you may have chance to be infected by malware.

Linux users are required to protect themselves from being compromised by malware and do not believe the myths.  Meanwhile, it is not easy for general users to identify if their system is infected or not, that why there is a technology namely "Linux Forensics".  I hereby to rise a signal to all that "LINUX CAN BE INFECTED BY MALWARE".

By the way, to response to @vichui, I did not say that it is totally safe to do what I recommended in my first article.  I mentioned that it is what I am currently using only.  Be keep in mind that there is no "bullet proof" system in the world at the moment.  That's why I always monitoring my Linux systems even I implmented a lot of precaution measurement.

Lastly, @vichui already supports my version as he mentioned at #7 that it is "MORE RISKY" to follow my first article to install the said software.  So, his comment is "Linux has a risk to be infected by malware".

Thank you.

Samiux
作者: vichui    時間: 2015-9-18 12:35

本帖最後由 vichui 於 2015-9-18 12:40 編輯

回覆 10# samiux

That's why I have to said you have miss-understand in deeply.
What a adv Linux user will tell other is "SECURE YOUR SYSTEM" , anti-virus and malware detect software is "NO USE". That doesn't mean Linux is impossible to be infected by virus and malware!!

Linux has possibility to be infected by virus and malware!! But to protected your Linux, software listed in your has no use and your articles LEAD a newbie to think they are safety after using software you listed. Actually there is no different after using software you listed. -- That is what I mean "MORE RISKY"!! RISKY is the mind but not the system.

Moreover , most of the Linux inflected can be prevented if you have secured your system, including  "Browser attack".

Of coz using Linux has a learning cure. This is a MUST and no shortcut.
Yes , there has no "bullet proof" system!! What you can have is a nearly "bullet proof" system, and that need your continuously maintain and any naive will kill it.

"As of 2011 the majority of active malware threats were worms or trojans rather than viruses." --> do you know why? The increasing doesn't mean anything. The increasing just
mean the user behaviours is being go worst!!

Why adv user said Linux can live without any anti-virus and malware detect software??
The key point is on the user, a Windows user are trained to install software to prevent inflected while a REAL Linux user are trained and have to secured their system over the time. That is different about Intrusion detection system and Intrusion prevention system.
In Linux world, we emphasized in prevention over the detection.

So when you hear people said Linux no need anti-virus and malware detect software next time, the main message is "Could you please learn how to use Linux in a correct way?".
作者: samiux    時間: 2015-9-18 13:38

@vichui,

In my opinion, the trend of worms and trojans are increased due to the fact that viruses cannot remote control the victim systems and gain benefit from them.  While worms or trojans can do almost anything on victim systems.  In the mean time, the applications are becoming more complicated and user-friendly than before.  Security and user-friendly are in oppose directions.

It is true that there is a small portion of users (including Windows and Linux) are not using their systems in a proper way or in a secure way.  There are a large of portion of users are using there systems in a proper way but they do not have security in mind.  Almost all users (even advanced users) do not fully understand what the information security about and what the vulnerabilities about as well as how the hackers did.

For example, the recently famous telephone deception in Hong Kong, almost all victims are using their telephone sets in a very correct way (I think so).  However, they are being deceived.  

Moreover, do you think almost all citizens are using locks and metal gates in a correct way?  Not just lock them up?  Why their flats have been burgled?

So, what is a secured system and secured behavior are?  Just up-to-date and has a strong password in the system?  Users not to do illegal and not ethical activities?  Is that enough?

When someone else told you that locks and metal gates are useless, you are not required to install them.  You just learn how to use your flat (may be your wooden door) in a correct way.  Is that true?  Or I misunderstood your message again?

Windows users install anti-virus as they learnt that it is necessary.  Yes, they are trained to be.  It is because of virus the years ago.  At that time, virus only doing harm to the system and operation but the hackers have no profit gains.  However, hackers can gain profit from their victims with malware today.

Nowadays, Windows users still install anti-virus as they do know that worms and trojans are more scareness.  Even they installed anti-virus, they may also have chance to be infected.

In general speaking, Windows and Linux are very similar systems in term of security today.  Why Windows users can armoured themselves but Linux users need to be naked?  I think that it is nonsense.  Even you, no matter a Windows or Linux user, have chance to be infected by malware when you are using your systems in a correct/proper/secure way with or without anti-virus/malware programs.  That is why you need precaution measurement, that is what you said "Prevention".

By the way, I am really curious to know that how you prevent from being attacked by "Browser Attack" by not installing any additional software but just use your system in a correct way?  

May I say a story?  Once upon a time, when a scientist said that the earth is round and it is not flat, he would be burnt to death.

Thank you.

Samiux
作者: ricoba    時間: 2015-9-18 13:54

Why not? Of course Linux is vulnerable to malware too.  Malware codes do not need to be running as root, running as non-privilege user can also cause damage, e.g. leaking that non-privilege user's data.   Malware run as non-privilege user can also participate in network attack.  So your statement is true.
作者: vichui    時間: 2015-9-18 15:31

回覆 12# samiux

Don't you know lock have different security level ?
A weak gate and lock, you need more add-on to protect, to monitor.
a strong  gate and lock,  you need less add-on to protect, to monitor.

"In general speaking, Windows and Linux are very similar systems in term of security today", Is it true? absolutely not!! It is well know that Linux is secure than Windows , Why? It is  all about their kernel design. Even same browser - Firefox or Chromium, did they the same?

How? many answer, chroot, iptables rule, apprmon and so on so on..
But again, keep your system update-to-date. That's what result I using your so called naked Linux for 10 year without any inflected.
作者: samiux    時間: 2015-9-18 17:23

本帖最後由 samiux 於 2015-9-18 17:26 編輯

@vichui,

I do doubt that any lock that locksmith (may be lockpickers) cannot open?

Windows and Linux are very similar operating systems in term of security.  They all have the similar protection schemes, such as ASLR, DEP, XD/NX and etc as well as users profiles.

I am curious that Chromium is more secure than Firefox?  Linux is more secure than Windows?  I am doubt too.

For Chromium, the recent vulnerability is GLSA 201507-18.  You really believe that Chromium is more secure than Firefox?  

For Linux, the CVE database of Linux kernel is here.  You really believe that Linux is more secure than Windows?

"apprmon"?  May be you are talking about Apparmor.  Apparmor is not available or cannot be easily installed on some Linux systems.

You are talking about using chroot, iptables and apparmor and etc to secure your browser?  If so, I think I do not know how you can secure your browser with iptables rules.

Okay, I think we need to know the following terms (Chroot, Apparmor and SELinux) before going further.

What is chroot?

According to Wiki, a chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a "chroot jail".

Chroot is included in the user namespaces since Linux kernel 3.8.

There are some limitations according to the Wiki.  They are :

The chroot mechanism is not intended to defend against intentional tampering by privileged (root) users. On most systems, chroot contexts do not stack properly and chrooted programs with sufficient privileges may perform a second chroot to break out. To mitigate the risk of this security weakness, chrooted programs should relinquish root privileges as soon as practical after chrooting, or other mechanisms – such as FreeBSD Jails – should be used instead. Note that some systems, such as FreeBSD, take precautions to prevent the second chroot attack.[7]

On systems that support device nodes on ordinary filesystems, a chrooted root user can still create device nodes and mount the file systems on them; thus, the chroot mechanism is not intended by itself to be used to block low-level access to system devices by privileged users. It is not intended to restrict the use of resources like I/O, bandwidth, disk space or CPU time. Most Unixes are not completely file system-oriented and leave potentially disruptive functionality like networking and process control available through the system call interface to a chrooted program.

At startup, programs expect to find scratch space, configuration files, device nodes and shared libraries at certain preset locations. For a chrooted program to successfully start, the chroot directory must be populated with a minimum set of these files. This can make chroot difficult to use as a general sandboxing mechanism.

Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially crafted chroot jail (for example, with a fake /etc/passwd and /etc/shadow file) that would fool it into a privilege escalation.

Some Unixes offer extensions of the chroot mechanism to address at least some of these limitations (see Implementations of operating system-level virtualization technology).

What is Apparmor?

According to Wiki, AppArmor ("Application Armor") is a Linux kernel security module released under the GNU General Public License that allows the system administrator to associate a security profile with each program, which restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included as of the 2.6.36 version of the mainline Linux kernel. Since 2009, Canonical Ltd. contributes to the ongoing AppArmor development.[vague]

In addition to manually specifying profiles, AppArmor includes a learning mode, in which violations of the profile are logged, but not prevented. This log can then be turned into a profile, based on the program's typical behavior.

AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.

AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain.  Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. They also claim that AppArmor requires fewer modifications to work with existing systems:[citation needed] for example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.

What is SELinux?

According to Wiki, Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including United States Department of Defense–style mandatory access controls (MAC).

SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).

After knowing what is Chroot, Apparmor and SELinux, you may know that you need some effort to make them work on your systems.  They may not be implemented on your Linux system by default.  If they are implemented by default, they may have limited services (or says programs/processes) to be protected.  

Personally, I prefer Apparmor to Chroot and SELinux.  It is because it is more user-friendly and easier for trouble-shooting.  As far as I know, even Ubuntu do not enable (I mean enforce mode) Apparmor for Chromium and Firefox by default.

For general users, it is too hard for them to implement Chroot, Apparmor or SELinux even they are following tutorials or guides.  Basically, Apparmour on Ubuntu is more easiler to implement when they are following tutorials or guides if they have a good one.

Fair to say, even some Windows users can run their Windows systems without any anti-virus over 10 years without getting any infection.  Or, may be they do not know that they are already infected just like you.

In conclusion, Linux users are required at least some degree of protection, such as Apparmor and/or anti-malware.

Thank you.

Samiux

Update reason : fix typo
作者: samiux    時間: 2015-9-18 18:16

Do I hypersensitive in Linux requires anti-malware or other protection?

I am sure that I am not.  About 3 hours earlier, security researchers posted to their blog/site that a lot of WordPress websites have been compromised and the number of compromised is increased significantly in the past 48 hours.

The malware final goal is to use as many compromised websites as possible to redirect all their visitors to a Nuclear Exploit Kit landing page. These landing pages will try a wide variety of available browser exploits to infect the computers of unsuspecting visitors.

If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can. What’s the easiest way to reach out to endpoints?  Websites, of course.

Most WordPress sites are building on Linux systems.  The infection media are websites and browsers.  Those browsers may be on Windows or Linux or even Mac OSX and etc.

Hope you are alerted that what I said before.

Thank you.

Samiux
作者: hollyhui99a    時間: 2015-9-18 18:41

提示: 作者被禁止或刪除 內容自動屏蔽
作者: samiux    時間: 2015-9-18 18:50

@hollyhui99a,

Sorry about that.  It is very hard for me to type a piece of article in Chinese.  Please use Google Translate when necessary.

Thank you.

Samiux
作者: vichui    時間: 2015-9-18 19:07

haha,  the point is why the wordpress can be inflected?  

have you think about?  

I also running more then 4 wordpress site,  but none of them are inflected..

It is all about setting problem and bug.  
yes you will know if you have install midware detect,  but that mean you were inflected.  

for how to prevent?  user like you will not fully understand.  becoz you dont think it is possible..
作者: samiux    時間: 2015-9-18 20:46

本帖最後由 samiux 於 2015-9-18 21:17 編輯

@vichui,

I do not fully understand how to prevent and think it is impossible?  You may be right or may be wrong.

I think it is a high time for me to introduce myself in order to let you know my basic background.  Although it is not indicated something, but it will tell you what I am.

I am an Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional (OSWP).  Make it simple, I can attack and exploit development as well as defense.  Basically, I fullfill the job requirements of UK Government Ministry of Defense.

I am also managing a small network with Linux web server, Linux servers, Linux desktops and Windows desktops as well as two Intrusion Prevention System sensors.  I also know how to programming, such as bash, PHP, Python, Node.js, and C.  I also have some successful open source projects.  When I have spare time, I will do Infosec researches.

You can say that I am an attacker, developer and sysadmin.  I build things and also break things.  I have the attacker point of view when handling Information Technology and Information Security matters.  I do know what hackers do.  I almost also know what and how they think.

I am a long term Linux user since 1995.  I switch to Ubuntu in 2006.  I am also a blogger since 2007.

My slogans are "Think like a criminal and act as a professional" and "While you do not know attack, how can you know about defense?".

Okay, let's go back to the news.  You focus on WordPress sites compromise while I focus on WordPress sites compromise and browsers exploit.  The user's browsers are being exploited when they are visiting the malicious sites (compromised sites).

By the way, your self-introduction is welcome.

Thank you.

Samiux

Update reason : fix typo
作者: vichui    時間: 2015-9-18 23:47

本帖最後由 vichui 於 2015-9-18 23:59 編輯

回覆 20# samiux

Wooo.. I just nothing more than a small potato in the world but playing computer for a 3 decades. I am Lazy and Seldom to get any paper cert although being a Linux user since kernel 1.0 is out. May be around 1993 to 1995.

I really don't know what language I can program with!! What you have said I also know how to programming and in addition to Java, C++, C#, Basic, VB , Perl and etc etc etc.
Knowing a language doesn't mean anything to me, for me there just 2 types of language: procedural and OOP plus Data Structure and Algorithm.

Oh yes! You can say that I am just player, system maintainer, coder or whatever. Who knows??

What I believe is "Don't limit yourself, rules is for breaking".
作者: samiux    時間: 2015-9-19 00:55

@vichui,

I like the word "rule is for breaking".

Let me explain my current prevention system :

(1) limit the hackers from knowing your system too much;
(2) when they want to attack your system, they are blindly to do so;
(3) they are wasting their time to try here and there;
(4) once they bingo, my system will terminate their exploits when the exploits are executed;
(5) hackers do not know the reason why their attacks failed;
(6) they will then spend more time for trouble shooting;
(7) as there is no chance for their success, your system is safe from these attacks;
(8) these hackers will never come again to your system after the fail;
(9) hackers lose and you win!

The captioned is not theory, I am running it right now.  However, I will not disclose its details to the public at the moment.

Thank you.

Samiux
作者: samiux    時間: 2015-9-30 19:17

Another news about Linux malware :

Akamai announced on Tuesday that its Security Intelligence Response Team has discovered a massive Linux-based botnet that's reportedly capable of downing websites under a torrent of DDoS traffic exceeding 150 Gbps. The botnet spreads via a Trojan variant dubbed XOR DDoS. This malware infects Linux systems via embedded devices like network routers then brute forces SSH access. Once the malware has Secure Shell credentials, it secretly downloads and installs the necessary botnet software, then connects the newly-infected computer to the rest of the hive.

Read more ....
作者: ykmran    時間: 2015-10-1 17:49

...like network routers then brute forces SSH access. ...



作者: samiux    時間: 2015-10-2 02:36

本帖最後由 samiux 於 2015-10-2 02:39 編輯

I would not explain how a system would be attacked and how it would be affected.  I would like to point out that Linux could be infected  by Malware by any kind.

More about XOR.DDoS Linux Malware ....

Update reason : fix typo
作者: lazyfai    時間: 2015-10-3 23:48

Interesting...
How about you disclose all your information and let people try to hack with all information public?
作者: samiux    時間: 2015-10-4 00:43

Interesting...
How about you disclose all your information and let people try to hack with all infor ...
lazyfai 發表於 2015-10-3 23:48



What do you mean?  I didn't catch you.

Samiux
作者: samiux    時間: 2015-10-4 01:15

I think the following article is too technical for many visitors here.  However, I need to emphasis that not only me to suggest Linux users to install anti-malware software but also this malware researcher.  The following article is dated September 25, 2015 while my article is dated September 17, 2015.

I quote here for your quick reference :

Prevention
.
.
.

- Consider installing an antivirus as second opinion or at least as an additional layer. This is not a necessity but may come in handy. I recommend ClamAV.
.
.
.


Read more ....

Samiux
作者: siumingo3o    時間: 2015-10-6 06:11

easy question
will be
作者: hollyhui99a    時間: 2015-10-6 21:56

提示: 作者被禁止或刪除 內容自動屏蔽
作者: samiux    時間: 2015-10-6 23:06

c hing 呢度d 人教育程度咁低,

你用咁多英文搵 誰看?

thx
hollyhui99a 發表於 2015-10-6 21:56


I am not good at Chinese Input Method.  Please use Google Translate when necessary.  Meanwhile, all my quote are from English websites too.  Sorry about that.

Samiux
作者: hollyhui99a    時間: 2015-10-7 00:21

提示: 作者被禁止或刪除 內容自動屏蔽
作者: ~虎~    時間: 2015-10-7 01:39

回覆 32# hollyhui99a
為何要自暴其短?
其實呢度大把人睇得明英文
IT世界唔識英文 = 8成Document/Reference都唔洗睇
剩返2成係大陸... 自己諗
作者: q_p    時間: 2015-10-7 02:55

本帖最後由 q_p 於 2015-10-8 19:24 編輯

摘自一份Linux防毒軟件評測報告:
Linux operating systems are often considered to be immune to malware attacks, which would mean that antivirus software for Linux would be redundant. In reality, the situation is not so simple. Linux malware does exist, even if the number of programs is small

Linux Security Review 2015 - AV-Comparatives

利申: Windows用家八下Linux野
作者: q_p    時間: 2015-10-10 02:25

I recommend ClamAV



[attach]1832752[/attach]
source: AV-TEST
作者: polarhei    時間: 2015-10-10 16:12

回覆 1# samiux

No System is safe.

The main question is, how fast can be fixed when found?

Generally, if more insterested, the more dangerous it is.
作者: samiux    時間: 2015-10-10 17:42

回覆  samiux

No System is safe.

The main question is, how fast can be fixed when found?

Genera ...
polarhei 發表於 2015-10-10 16:12


We are talking about malware not vulnerability.  Some malware do not use of any vulnerability.

Samiux
作者: dsscss    時間: 2015-10-10 20:50

本帖最後由 dsscss 於 2015-10-10 20:53 編輯

想個系統MEET到SECURITY REQUIREMENT主要都係從TECHNOLOGY, PROCESS同PEOPLE著手,缺一不可.
樓主講既STATEMENT完全正確,我覺得無乜野可以CHALLENGE.

若果讀者誤會篇文既意思,咁都無計.
例子就好似ISO STANDARD 一樣, 點都會有人MISLEADING / 誤會當中既意思,
咁唔代表內容係錯, 只可以話可以寫得DETAIL D.
況且以一篇BLOG 既質量 0黎 睇, 其實已經很好啦...
作者: polarhei    時間: 2015-10-11 19:39

回覆 37# samiux

malwares? It depends on targets and people. I personally think, Linux is likely not to be affected by Malware due to serious managements.
作者: polarhei    時間: 2015-10-11 19:40

回覆 38# dsscss

不管用甚麼也好, 人是大問題.
作者: samiux    時間: 2015-10-12 00:31

回覆  samiux

malwares? It depends on targets and people. I personally think, Linux is likely not t ...
polarhei 發表於 2015-10-11 19:39


It is what the difference between us on understanding of Linux environment (or operating system).

I am not going to explain why I have this kind point of view.  However, I would like to tell you that what is a hacker.  According to Wiki, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network.

As an Information Security Enthusiast, you can call it as hacker, I only target on seeking of and interesting in exploit the weaknesses in a computer system or computer network.  No matter the computer system or computer network is running Windows, OSX, Linux or etc, they are very similar in term of security.  You may not agree with me.  It is doesn't matter, I will not argue with you.   

However, I would like to show you this site about what websites have been defacing recently.  You will notice that websites that running on Linux system that have been defacing are in a large of number compare with other operating system.  It is just an example and information only for your reference.  Please do not argue with me on this matter.

Finally, I would like to show you what is computer security.

Samiux





歡迎光臨 電腦領域 HKEPC Hardware (https://h0.hkepc.com/forum/) Powered by Discuz! 7.2