Linked by Amjith Ramanujam on Sat 19th Jul 2008 19:01 UTC, submitted by cypress
Linux Linux and UNIX-like operating systems in general are regarded as being more secure for the common user, in contrast with operating systems that have "Windows" as part of their name. Why is that? When entering a dispute on the subject with a Windows user, the most common argument he tries to feed me is that Windows is more widespread, and therefore, more vulnerable. Apart from amusing myths like "Linux is only for servers" or "does it have a word processor?", the issue of Linux desktop security is still seriously misunderstood.
Thread beginning with comment 323725
To read all comments associated with this story, please click here.
Wrong assumptions...
by luzr on Sun 20th Jul 2008 06:38 UTC
luzr
Member since:
2005-11-20

I am really curious when people get real and abandon security misconception shared by the author of article:

- first, the most serious misconception is that "root" account is somewhat more important for desktop OS than user account and that virus needs to access this root account. That is total nonsense. Reinstalling OS on the desktop is simple. Recovering deleted user data usually impossible. And virus does not need root to spread, all it needs is some form of internet connection. As long as user can display pages and sent emails, virus can spread.

- second, the idea that malware cannot hide in sources is flawed as well. All it needs is to put its scripts somewhere in ~/.gtk/desktop/myapps. Moreover, these scripts are platform independent - they will run on any unix and any CPU. And then can be written in dozen of languages linux distro usually supports. Moreover, mutating sources to make them hard to detect by antivirus software might be even easier than mutating binary.

I think that the only reason why malware is not so wide-spread in linux is really because malware writters still do not care. If linux ever gets more than 10% of market-share, it will get viruses too.

Reply Score: 1

RE: Wrong assumptions...
by alexandru_lz on Sun 20th Jul 2008 12:57 in reply to "Wrong assumptions..."
alexandru_lz Member since:
2007-02-11

I think the one with the wrong assumptions is you. Have you used a Unix system recently?

- first, the most serious misconception is that "root" account is somewhat more important for desktop OS than user account and that virus needs to access this root account. That is total nonsense. Reinstalling OS on the desktop is simple. Recovering deleted user data usually impossible. And virus does not need root to spread, all it needs is some form of internet connection. As long as user can display pages and sent emails, virus can spread.

That is totally wrong. In a properly configured system, an infected program running with user's priviledges will not be able to modify any other binary outside the user's home directory -- in any case, none that resides in /bin, /usr/bin, /usr/local/bin or any of the such (sure, those in /tmp may end up screwed, but then again). Hell, it's hard enough to even infect a binary in the first place. Run everything as root and you're screwed -- it gets write access to just about everywhere.

- second, the idea that malware cannot hide in sources is flawed as well. All it needs is to put its scripts somewhere in ~/.gtk/desktop/myapps. Moreover, these scripts are platform independent - they will run on any unix and any CPU. And then can be written in dozen of languages linux distro usually supports. Moreover, mutating sources to make them hard to detect by antivirus software might be even easier than mutating binary.

...and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.

I think that the only reason why malware is not so wide-spread in linux is really because malware writters still do not care. If linux ever gets more than 10% of market-share, it will get viruses too.

Oh please...

Edit: afaik, some programs that could circumvent permissions by exploiting various security weaknesses do exist -- but they are quite complex, and quite possibly too complex to be accessible to your avera script kiddie.

Edited 2008-07-20 12:59 UTC

Reply Parent Score: 1

RE[2]: Wrong assumptions...
by casuto on Sun 20th Jul 2008 13:07 in reply to "RE: Wrong assumptions..."
casuto Member since:
2007-02-27

In a properly configured system, an infected program running with user's priviledges will not be able to modify any other binary outside the user's home directory


Like in Windows Vista by default


...and, ran as regular users, they will be totally harmless to the system :-).


Like in Windows Vista by default

Edited 2008-07-20 13:10 UTC

Reply Parent Score: 2

RE[2]: Wrong assumptions...
by -oblio- on Sun 20th Jul 2008 14:16 in reply to "RE: Wrong assumptions..."
-oblio- Member since:
2008-05-27

"..and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups. "

Sorry, but this is: LOL!

Regulars users do backups, right? (WRONG!) The average user is more afraid of "user land" viruses, than of "root land" viruses. The deadlies virus could be sent via social engineering, and look as harmless as this:
#!/bin/sh
rm -rf /home/`whoami`
You'd only have to fool the user into making it executable (which isn't necessarily hard to do).

Edited 2008-07-20 14:18 UTC

Reply Parent Score: 2

RE[2]: Wrong assumptions...
by luzr on Sun 20th Jul 2008 14:55 in reply to "RE: Wrong assumptions..."
luzr Member since:
2005-11-20

That is totally wrong. In a properly configured system, an infected program running with user's priviledges will not be able to modify any other binary outside the user's home directory -- in any case, none that resides in /bin, /usr/bin, /usr/local/bin or any of the such (sure, those in /tmp may end up screwed, but then again). Hell, it's hard enough to even infect a binary in the first place. Run everything as root and you're screwed -- it gets write access to just about everywhere.


You still do not see the misconception:

Malware does NOT NEED to access /bin, /usr/bin or any other "root only" directory. It does not need to infect binaries either. Access to home directory is enough for malware to spread and to have the full access to the most important files on the computer.


...and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.


But that is exactly the misconception. Who cares about system. What is important is exactly that "nasty stuff in user's home directory".

And yes, backups always solve the problem, but note that home-dir based malware will easily get into backup too..

Reply Parent Score: 3

RE[2]: Wrong assumptions...
by MollyC on Mon 21st Jul 2008 01:42 in reply to "RE: Wrong assumptions..."
MollyC Member since:
2006-07-04

...and, ran as regular users, they will be totally harmless to the system :-). All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.


I don't buy this. I do weekly backups, but mainly as a safeguard from harddrive failure, not as a safeguard against malware, because malware can be so subtle as to alter files without your knowing it, so you'd never consider restoring the files from the backup.

Sure, if malware trashes your whole home directory (or, at least trashed it enough so you'd notice), then you'd restore the files from the backup, but what if the malware just altered a few files? (For example, even just changing one value in a spreadsheet used by a small business to calculate payroll could lead to havoc that might not be noticed for weeks.) You'd not know it so you wouldn't bother to restore the files, and eventually you'd backup the altered files themselves, resulting in a backup that lacked integrity.

Reply Parent Score: 3

RE[2]: Wrong assumptions...
by rtfa on Mon 21st Jul 2008 08:34 in reply to "RE: Wrong assumptions..."
rtfa Member since:
2006-02-27

And they have to try and set the execute bit on that script before it can run unlike windows which will run anything as long as its got the correct file extension.

Reply Parent Score: 1

RE[2]: Wrong assumptions...
by Soulbender on Mon 21st Jul 2008 08:58 in reply to "RE: Wrong assumptions..."
Soulbender Member since:
2005-08-18

That is totally wrong. In a properly configured system, an infected program running with user's priviledges will not be able to modify any other binary outside the user's home directory


So what? Who cares? Nor Joe User when his MP3 collection in hos home directory was wiped out.

Hell, it's hard enough to even infect a binary in the first place.


No it isn't.

and, ran as regular users, they will be totally harmless to the system


Again, who gives a shit? The system can be restored from installation media in a short time. Your corrupted data can't and that doesn't even take into account the damage from your stolen data.

All they can do is probably some nasty stuff to the user's home directory, which is easily solved with a regular batch of backups.


Please show me where I can get a backup solution easy enough for Joe Average that will effortlessly backup 100's of GB's of data.
Plus they can read all your data files and who knows what interesting secrets you have in those?


In case you havent kept up to date, malware isn't about getting respect for rooting boxes anymore, it's big time crime that is often after your personal data.

Reply Parent Score: 2

RE: Wrong assumptions...
by abraxas on Sun 20th Jul 2008 13:57 in reply to "Wrong assumptions..."
abraxas Member since:
2005-07-07

first, the most serious misconception is that "root" account is somewhat more important for desktop OS than user account and that virus needs to access this root account. That is total nonsense. Reinstalling OS on the desktop is simple. Recovering deleted user data usually impossible. And virus does not need root to spread, all it needs is some form of internet connection. As long as user can display pages and sent emails, virus can spread.

I hear this argument all the time and it makes no sense. First of all reinstalling an OS is no simple task for the ordinary user (nevermind the plethora of third party apps most likely installed). Second data loss has nothing to do with viruses. Most viruses don't delete data and a simple hard drive failure is much more likely. The security of having a separate root account is to eliminate propogation of viruses and to keep system level processes secure. User level access doesn't allow you to take over an entire system and turn it into a spambot.

second, the idea that malware cannot hide in sources is flawed as well. All it needs is to put its scripts somewhere in ~/.gtk/desktop/myapps. Moreover, these scripts are platform independent - they will run on any unix and any CPU. And then can be written in dozen of languages linux distro usually supports. Moreover, mutating sources to make them hard to detect by antivirus software might be even easier than mutating binary

This is unlikely on most distributions because most software is installed from a central repository that uses some kind of hashing algorithm to ensure package reliability. An average user doesn't install from source. Source level malware would actually be a lot easier to detect. Just use grep.

Reply Parent Score: 5

RE[2]: Wrong assumptions...
by luzr on Sun 20th Jul 2008 15:06 in reply to "RE: Wrong assumptions..."
luzr Member since:
2005-11-20


I hear this argument all the time and it makes no sense. First of all reinstalling an OS is no simple task for the ordinary user (nevermind the plethora of third party apps most likely installed).


Come on. In recent Linux distros it is very simple task. My last ubuntu install took about 20 minutes and zero intervention on my side.


The security of having a separate root account is to eliminate propogation of viruses


How does separate root account eliminate the propagation of malware to another machine?

As long as user is able to use internet, malware can spread.


User level access doesn't allow you to take over an entire system and turn it into a spambot.


The problem you do not see is that you do not to take over the entire system to turn it into spambot. All you need is the ability to send emails, which is something usually allowed on user level access.


This is unlikely on most distributions because most software is installed from a central repository that uses some kind of hashing algorithm to ensure package reliability. An average user doesn't install from source.


Average user can get "security update by email from his distro vendor" and install it. This is how malware really works these days.


Source level malware would actually be a lot easier to detect. Just use grep.


What are you going to grep?

BTW, I am speaking from my experience. The only computer I ever had infected was my Fedora base house server. And it worked just like this....

Edited 2008-07-20 15:11 UTC

Reply Parent Score: 5

RE: Wrong assumptions...
by pandronic on Sun 20th Jul 2008 18:28 in reply to "Wrong assumptions..."
pandronic Member since:
2006-05-18

Well, be it Linux or Windows the weakest link is the user. The user will happily click Allow in UAC or enter his password in Linux just to get his favorite smileys or his dancing desktop showgirl.

As the original poster said not running as root doesn't make that much of a difference if you are the only user using that machine. And this happens to be the case most of the time when talking about desktop machines. It's true, it would save you from reinstalling which in Linux anyway is a breeze (20-30 min tops), but that's pretty much it.

Your data is compromised, the malware could do what you, as a normal user, could and that's quite a lot, including internet access, access to network shares, access to your address book, sending emails via your favorite mail client and access to all important files (YOUR files not the system files).

Infecting executable files is not the way modern malware prefers to work. The articles speaks of a problem you might have had 5-10 years ago.

I'm not saying running as root is a problem under Linux - it's painless actually and it's a welcome addition, but running as a regular user under Windows, including Vista is shooting yourself in the foot and I don't think it's the biggest attack vector. The clueless user is. Linux doesn't have enough of those to make it a feasible target.

Reply Parent Score: 2

RE: Wrong assumptions...
by melkor on Mon 21st Jul 2008 03:10 in reply to "Wrong assumptions..."
melkor Member since:
2006-12-16

I don't understand your [flawed] logic... Firstly - those "source files" need to have root access to hit various parts of the system that are outside of normal user access rights. Sure, your ~ will get bollocksed, but the rest of the system will be OK, unless there is some sort of priviledge escalation attack that takes place.

With Windows, you *have* to run it as root basically to get things even remotely working. And that means the normal user has absolute access to the rest of the system, including system files. Herein lies the problem.

Most Windows based software application developers should be shot for their pi$$ poor efforts. UAC is a small step in the right direction for Microsoft.

Dave

Reply Parent Score: 3