Which are the features that make Linux more secure?

And why Linux has "much less issue of virus attack"?

No support question asked. Moved to Linux Chat.

No support question asked. Moved to Linux Chat.What wayne means is:

No support question such as "How do I turn on my computer and boot into linux".

As for OP Q,

It is because of the way Linux permissions the files.

I'll answer to you! :D :cool:

Which are the features that make Linux more secure?
1) By default you don't run with the root/administrator account :cool:
2) You don't have internet explorer with its activex support! :D :p
3) linux is open source, so you can look at the source code of (any) software
4) You can disable useless services :D
5) With IPTables and SElinux you can seal up your server :cool:
6) if you find an executable, on linux you have to chmod it with the Execution permission at first!
7) i'm here! :D :p

And why Linux has "much less issue of virus attack"?
1) Even if you found a remote exploitable bug in Firefox, it won't run as root.
2) Viruses don't get installed by browsing on the Net.
3) You don't have to wait for ages because Microsoft programmers are too lazy to release new updates :p :rolleyes:
4) On linux you don't have any Remote Procedure Call service so bugged and active on the internet...
5) By default, there are no good security tools installed on Windows servers to protect them in the "kernel-space" :p
6) Double click... and you get it! (you can suppose "what and where" :D :p jk! :D)
7) Honey bees don't use anymore Windows! :p :D

bye! :)

Does installing software like wine, which allows windows software to run, Does helps windows virus to run in linux.

Does installing software like wine, which allows windows software to run, Does helps windows virus to run in linux.
Yeah!! it helps! :D :p :rolleyes:
WINE isn't perfect, and it doesn't run all the software for Windows, so you need to find the right virus :p ... but yeah, there are viruses that work with WINE!:D :p You need to run them manually, and you can remove them at any time... anyway they may run in WINE. :D :cool: Btw, they haven't a great power to damage your linux OS... as they don't run as root neither :D :cool: :rolleyes:

bye!:)

So I can install and use Wine without worrying about virus of window? ( I didn't used wine for this reason for these many days)

Does these virus autoruns on start-up when we boot to Linux?

And how to Identify these virus?

So I can install and use Wine without worrying about virus of window? ( I didn't used wine for this reason for these many days) Yeah, the worse thing a windows/linux virus can do, if you run it as user (as usual), is to delete your files in your /home :p :D

Does these virus autoruns on start-up when we boot to Linux?
No... :rolleyes:

And how to Identify these virus?
I dunno :confused: but i think... in the same way you identify viruses on Windows! :D... for example you can upload executable files on http://www.virustotal.com/ before open them! :confused: :rolleyes:

bye!:)

If suppose I have dual boot, one is Linux and another is windows.

And when I boot using Windows. Virus in windows could access root privileged files and folders of Linux, Right?

I have seen Avast anti-virus for Linux, What is it for?
http://www.avast.com/eng/avast-for-linux-workstation.html

Does installing software like wine, which allows windows software to run, Does helps windows virus to run in linux.http://www.linux.com/feature/42031
http://ocaoimh.ie/2005/01/27/can-i-run-windows-viruses-in-linux/

However, WINE is improving all the time, so you too can join the fun.

V

What do you think of software like DOSBOX, can it run virus?

Antivirus on Linux is mostly used for, from my point of vew, Linux based boxes that host e-mail servers to your local clients. It helps to protect the internal network this way. AV is also used in filtering network traffic from the outside world in conjunction with a proxy or something like dansguardian.

The reason there is a version of AV for linux I feel is mostly to help protect the windows based computers that are on the network. I could be wrong on this but this is the type of scenario I can see the benefit of AV on Linux.

If suppose I have dual boot, one is Linux and another is windows.

And when I boot using Windows. Virus in windows could access root privileged files and folders of Linux, Right?
Right, if and only if: you can access to your Linux partitions from Windows. :rolleyes: :cool: It's possible only whenever you have "mounted" your linux-partitions in windows (http://www.fs-driver.org/) or if the "virus" contains a own driver to mount them! (never seen before :p :D)
Anyway it's impossible if your Linux partitions are un-mounted and encrypted .... and you don't give to the virus the decryption password : :D :p

I have seen Avast anti-virus for Linux, What is it for?
http://www.avast.com/eng/avast-for-linux-workstation.htmlSomeone doesn't need an antivirus software on Windows :rolleyes:... and a lot of people don't need antivirus app. on Linux. :D :p :cool:
What could you expect from an antivirus company?! :confused: :rolleyes: i think... one antivirus! :D :p

bye!:)

The reason there is a version of AV for linux I feel is mostly to help protect the windows based computers that are on the network.

On searching I also came to feel same thing.

I think DosBox may run virus easily because first we have to run dosbox before running exe. Is anyone used DosBos, what's your opinion.

Right, if and only if: you can access to your Linux partitions from Windows. It's possible only whenever you have "mounted" your linux-partitions in windows (http://www.fs-driver.org/) or if the "virus" contains a own driver to mount them! (never seen before )
Anyway it's impossible if your Linux partitions are un-mounted and encrypted .... and you don't give to the virus the decryption password

But virus can use partition making tool in windows and just format the Linux partition to FAT or NTFS.

But virus can use partition making tool in windows and just format the Linux partition to FAT or NTFS.Yup, which is why you keep your files on a Linux file server, which runs AV to protect the Windows clients that connect to it :)

Edit: And only if you're running as an administrator in Windows -- which you shouldn't be :p

But virus can use partition making tool in windows and just format the Linux partition to FAT or NTFS.
A virus, executed as administrator :rolleyes:, can just open a disk/partition as a file (yea, it's like in linux :D :p) and overwrite everything with zeros... :D :cool:

bye!:)

What you tell about VMWare and Virus in Linux?

Silly Q: But why do you *want* to catch a virus?

Silly Q: But why do you *want* to catch a virus?

Just to know possible risk of virus on Linux and how to protect it.

linux is just as vulnerable to attack and exploit as windows is.

>linux is just as vulnerable to attack and exploit as windows is. [citation needed]
and because of what? :confused: :rolleyes:

I don't think there are the same exposure to vulnerabilities :rolleyes:. It's something of inborn! :D :p :cool: the structure of Windows is different from Linux's! :cool:

bye!:)

If you want to see strange and wonderful things happen; turn selinux off, make eth# a trusted device, let samba share / anonymously, let squid run as an anonymous proxy server, permit root to log into ssh, log in as root for everyday/everything operations, and besure to visit 5 porn sites and 5 commercial sites daily.

Windows just has to set on a network to get infected so any site I have to support (automation) where an operator has no IT support, well another linux box is born. It took a while but I understand why no one sells linux; it just works, no support needed!

well theoretically there might by linux virii (viruses?) as well, just as stated linux is often run as a non-root user but in theory 'sudo' users or just-plain-stupid users that run X under root can also be compromised and harm a system.

But then again most linux computer savvy users don't run their OS this way, besides we only have a market share of 0.00005% in the desktop market so virus makers don't really target linux for their exploits.

one can also safe windows infected files on a linux samba share and that way helping a windows virus to spread, but of course there is always clamav to scan a linux system. And besides a virus there is also spam, worms, etc. etc. to be worried about. But well realistically the chances of catching a virus on linux are practically quite slim. I am *very* paranoid but not paranoid enough to doubt my integrity with a router firewall, linux firewall, SElinux and clamav enabled.

stefan

Linux is secure only if the user has a clue.

And don't worry about virus deleting your ~/ directory.. it's much more profitable to data-mining it that deleting it from the virus author's point of view.

Be afraid. Be very, very afraid...

Windows just has to set on a network to get infected so any site I have to support (automation) where an operator has no IT support, well another linux box is born. It took a while but I understand why no one sells linux; it just works, no support needed!

That is not true. If you are a sysadmin and this happens, you should get fired.

You should also get fired for having any computer for which you have no protection (firewall/av) visible to the internet while those protections are not installed.

You should also not be running under an Admin Account unless the computer (which will allow malware from web sites to do whatever they want). The minute Windows is installed you should change over to running a Normal User account and using "Run As..." to install Software and Drivers (for "All Users" so that any user [created] gets the menu Items for things like Office, Visual Studio, or whatever you run).

This happening to you shows how bad you are at your job, to be honest...

Computer Security 101.

And yes there are *NIX Viruses. NIX machines get attacked all the time. It's easier to find vulnerabilities in Linux because the source is freely available. I don't know anyone who runs a Linux/Unix server without a good AntiVirus solution installed and running. Passing on viruses unknowingly and negligently is just as bad as getting a virus yourself. Virus scanners can detect new viruses/malware through Heuristics. They are necessary if you share files/communicate info with others through the internet.

There is nothing stopping a virus from executing when it is in a package you think is trustworthy that tells you to execute it as root, etc.

Windows insecurity has more to do with the default setup than the OS itself. That, and the popularity of the Operating System. The backward compatibillity crap was hurting, but they are removing it (XP64/Vista cannot run any DOS/Win16 Apps for example). Linux takes security more seriously because it was designed for server use. Windows Server versions compare favorably with Linux though, when they are used as Workstation Operating Systems (Windows Server 2003 R2 Standard is more stable, more performant, more secure than XP for me. I game on it, Lol).

Also, if you have a Windows XP Home Edition Computer or an OEM Windows Media Center/Professional Install you may want to actually SET the Administrator Password so that Viruses don't use use the blank password to run/install themselves (since you are running under a Normal User Account, right?)

>linux is just as vulnerable to attack and exploit as windows is. [citation needed]
and because of what? :confused: :rolleyes:

I don't think there are the same exposure to vulnerabilities :rolleyes:. It's something of inborn! :D :p :cool: the structure of Windows is different from Linux's! :cool:

bye!:)

don't assume that you are more secure because you run linux or windows, make sure you are more secure because you have taken the appropriate steps to secure your system from unauthorized access. it's just kind of a pet peeve of mine, windows is insecure! linux is super secure! I hate it when people say that, they obviously haven't ever done any vulnerability assessments or penetration testing. It all boils down to the person that is responsible for administering the system.

put a windows system say server 2003, with no special security, no virus scan, no firewall (etc), simple passwords and a linux system, say fedora 10 with no selinux, no iptables, simple passwords and see which one gets hacked (they both will)

does that mean the operating systems are insecure? or does it mean that they have been configured improperly?

don't assume that you are more secure because you run linux or windows, make sure you are more secure because you have taken the appropriate steps to secure your system from unauthorized access.That pretty much sums it up.

Just because Linux as an OS is inherently more secure than Windows - as in the default setup, Windows is now pretty secure with privilege escalation, provided your running as a user in the first place, but neither of the OS's security is going to protect you from a browser exploit that runs in your user space. That's where AV comes in.

Your user space is more valuable than root access these days anyway, as that's where the data is, and data = money. Viruses and the like have gone from being developed for fun, causing damage for the hell of seeing how much disruption you can cause, to slyly stealing peoples data and flogging it on or holding it to ransom.

One day a browser exploit will come along that allows code to be run on Linux systems (even if restricted to the users account), and when that happens, I can see the whole community being shocked, while millions of MS fanboys scream out "we told you so".

Good security practises are your best defence with any OS.

What you tell about VMWare and Virus in Linux?

if you run windows in VMware, it could get infected. being a virtual machine however, it is isolated from the host OS. Other than possibly infecting any other windows computers on your network, the only thing you'd really notice on the host is the CPU usage.

That is not true. If you are a sysadmin and this happens, you should get fired.

You should also get fired for having any computer for which you have no protection (firewall/av) visible to the internet while those protections are not installed.

You should also not be running under an Admin Account unless the computer (which will allow malware from web sites to do whatever they want). The minute Windows is installed you should change over to running a Normal User account and using "Run As..." to install Software and Drivers (for "All Users" so that any user [created] gets the menu Items for things like Office, Visual Studio, or whatever you run).

This happening to you shows how bad you are at your job, to be honest...

Computer Security 101.

And yes there are *NIX Viruses. NIX machines get attacked all the time. It's easier to find vulnerabilities in Linux because the source is freely available. I don't know anyone who runs a Linux/Unix server without a good AntiVirus solution installed and running. Passing on viruses unknowingly and negligently is just as bad as getting a virus yourself. Virus scanners can detect new viruses/malware through Heuristics. They are necessary if you share files/communicate info with others through the internet.

There is nothing stopping a virus from executing when it is in a package you think is trustworthy that tells you to execute it as root, etc.

Windows insecurity has more to do with the default setup than the OS itself. That, and the popularity of the Operating System. The backward compatibillity crap was hurting, but they are removing it (XP64/Vista cannot run any DOS/Win16 Apps for example). Linux takes security more seriously because it was designed for server use. Windows Server versions compare favorably with Linux though, when they are used as Workstation Operating Systems (Windows Server 2003 R2 Standard is more stable, more performant, more secure than XP for me. I game on it, Lol).

Also, if you have a Windows XP Home Edition Computer or an OEM Windows Media Center/Professional Install you may want to actually SET the Administrator Password so that Viruses don't use use the blank password to run/install themselves (since you are running under a Normal User Account, right?)


Sorry man, in theory you're correct but it just doesn't work that way. No I don't do IT, in fact I hate computers but often get pulled in because our front-end runs on someone's computer/server. I can assure you no user input is needed to infect Windows and I also assure you that I've never had to return after laying down an ext3 partition (by by windows). So in my experience Windows is for kids and not in an industrial environment.

Sorry man, in theory you're correct but it just doesn't work that way. No I don't do IT, in fact I hate computers but often get pulled in because our front-end runs on someone's computer/server.

LOLOL?!?! No way...

I can assure you no user input is needed to infect Windows and I also assure you that I've never had to return after laying down an ext3 partition (by by windows). So in my experience Windows is for kids and not in an industrial environment.

You have only assured me that people who deal with computers are dumb enough to have them connected to the internet before Security Software and/or countermeasures are installed on the system. I have worked extensively with UNIX in Government (HP-UX) as well as proprietary systems (hardware and software) and Windows Servers. There is almost no way to get infected by a virus unless a hacker breaks in and plants it, the AV/FW Heuristics fails on a new Virus, your computer is not patched (slammer, etc. affected mostly unpached Windows machines FYI), or you don't know what you're doing... The latter most likely being the case IRT yourself: that is not a dig.

You are talking about industrial (I'm assuming you meant ENTERPRISE) environment, when you seem clueless of software like Microsoft System Management Server which allows you to patch Windows Workstations without having to connect to the Internet (but from your own Protected Windows Server which connects to the Internet).

You seem oblivious that you can utilize Disk Images to Install Windows Workstations complete with all software and security software needed on the hard drive at first boot (how do you think OEMs install software, by having a person sit at the computer and install it, complete with Norton Anti Virus 90 day Trial, etc.?). Most Enterprises use Volume Licenses, which doesn't require the Windows OS or other Microsoft Software to phone home to activate (thus, totally nullifying the need to plug an ethernet wire in before the system is completely set up).

Any computer can get infected without user intervention, because a hacker doesn't need you to sit at the computer to break into it. If the hacker is good, than the hacker is good. Windows isn't the only OS with security vulnerabilities, says my RHEL Errata (which is based off Fedora, mind you).

Rest assured that both *Nix and Windows Workstations and Servers are hacked and compromised every day. You just don't hear about it, but those in the know, know.

Excuse the redundancy.

Microsoft SQL Server 2005 was proven to be more secure (less Vulnurabilities) than Oracle's Enterprise Database.

Windows Server 2003 is an order of magnitude more secure than Windows XP 32-Bit. Windows XP 64-Bit and Server 2003 are NT 5.2. XP 32Bit (Home, Pro, MCE) are NT 5.1. Vista/Server 2008 are even more secure. The default Solaris 10 (dunno about OpenSolaris, but I can assume similar) and Windows Server 2003 (haven't tried 2008 yet) install is an order of magnitude more secure than both RHEL Server and RHEL Workstation OSes (I have a subscription).

Do not compare Windows XP 32-Bit (a workstation OS based off of old code) to Linux (a Server OS). I actually think it's time to stop comparing XP of any flavor to Linux! Vista is an order of magnitude more secure than any XP. Most Workstations in the Enterprise will be behind a Firewall that is much more reliable than the software firewalls we install on our computers. This will most likely be a hardware firewall.

For example, my USR8200 is better than any software firewall I've used.

Protected Servers that need to face the internet are usually put in the DMZ. Database Servers and Workstations are usually on Domain, and protected ("how can I access xxx site from work?!?!" - how many times have we heard that?).

A spirited debate is one thing; mud-slinging and name-calling are quite another. Consider this a warning.

Thread closed.

V