malware and virus recommendation

[morteza87]

does enybody know if any badware like trojan or worm could possibly work on linux (esp fedora12), is there any security program to prevent it, if they plz recommend (url for download and line for install it)

does any body experience kind of these badware..?

[macemoneta]

There are currently about four-dozen Linux malware. They all require you to provide your root password (they pretend to be other software, like a game). As long as you only install software from the standard repositories, and keep your system up to date, you really have no need for malware detection and removal.

[madhavdiwan]

If by malware you mean viruses and trojans then , yes there is a list of known Linux/Unix viruses and trojans . they are usually well known , and there are various methods to prevent or contain them.

If you are curious about them , you can find the lists on the internet witha google search.

Programs such as rootkit hunter (rkhunter) and chkrootkit as well as clamav and various other commercial and non commercial antimalware and antivirus are quite effective in Linux in identyfing and controlling malware on Linux

spyware and annoying adware is also incredibly rare on Linux as compared to Windows

Most Linux Distributions have many security protocols , from the very design of Linux and GNu systems, to add on security systems such as SELINUX , to antivirus programs.

Usually you do not have to do anything to protect yourself when using Linux other than be careful on the internet, and be careful what you install or enable.

If you want some reassurance that you are not compromised , then i suggest you run rkhunter, chkrootkit and clamav against your system. If you are running Fedora you can get these programs by running

yum install rkhunter chkrotkit clamav

Please let us know if you get any warning from these programs , we can then tell you if the warning is simply a caution , or if you actaully have a promblem.

Note again it is not as easy to get viruses and trojans in Linux as you would if you were running Windows, and the probability that you have something to worry about is very small.

[morteza87]

thanks people thats help
so if I aware of what I install, then I mustn't be affraid of such things..
know I install what you said and seems there is no problem here yet(does rkhunter load every time at start up and search for malware?)
and one more question, is yum install is always safe..?

[madhavdiwan]

rkhunter in its default install will search every morning for any issues , and send an email to the root user account.

I suggest that you create an alias to root so you can get this mail yourself in your own account , or change rkhunter's config to send you the mail instead of root

making an alias to root user is very simple , all you do is add an entry to the /etc/aliases file
for instance this is what i have in mine

Quote:

# Person who should get root's mail
root: madhav

then configure evolution , or thunderbird , or whatever mail client you want , to read your mail from your mail spool file at /var/spool/mail/$USER .. to see how to do this you can read up on evolution/thunderbird configuration
or use their setup wizards for new accounts

Yum is safe as long as you keep it configured to point to official Fedora repositories , and Repositores that you are certain are safe. Do not add any repo configuration file to yum for a site/repo you are unsure of and you should be fine. I recommend only two , the offficial Fedora / Redhat repos which come with yum by default, and rpmfusion.org

[dsmyth]

thanks for posting this information madhavdiwan.

[forkbomb]

Quote:

Originally Posted by macemoneta

There are currently about four-dozen Linux malware.

Is there an up-to-date online database that tracks these? I hear a few numbers bandied about from time to time but nobody seems to be able or willing to produce a source. The number I always hear is something like a couple to a few dozen, some of which are just proof-of-concept with no malignant payload. But I rarely see a citation so I never really know.

Suffice it to say I've never seen malware in action on Linux, though I believe that some probably do exist.

Just wondering when I'm going to see a source.

[madhavdiwan]

Tom,

wikipedia actually has a small list , but its well documented using footnotes

http://en.wikipedia.org/wiki/Linux_malware

there are of course ,on the rootkit defs and the virus def files from rkhunter and clamav ...

But you are correct , I do not think anyone has made a truly dedicated effort in compiling all of them together.

[pete_1967]

Quote:

Originally Posted by tjvanwyk

Is there an up-to-date online database that tracks these? I hear a few numbers bandied about from time to time but nobody seems to be able or willing to produce a source. The number I always hear is something like a couple to a few dozen, some of which are just proof-of-concept with no malignant payload. But I rarely see a citation so I never really know.

Suffice it to say I've never seen malware in action on Linux, though I believe that some probably do exist.

Just wondering when I'm going to see a source.

These should give you a better overview:

http://www.sophos.com/blogs/sophoslabs/v/post/750

Quote:

Since Linux malware is pretty unusual

In that article pretty much says it all.

And quick search for 'linux' on same site (http://www.sophos.com/security/analy...s-and-spyware/):
http://www.sophos.com/security/analy...earch&x=55&y=9
http://www.sophos.com/security/analy...&action=search

(Note that some of the listings are duplicates.)

Second source: http://www.viruslist.com/en/viruslis...&findTxt=linux

And third source: http://www.sunbeltsecurity.com/SearchThreat.aspx

More:
http://search.mcafee.com/search?q=li...TF-8&filter=0&
http://searchg.symantec.com/search?q...&ud=1&filter=0

Should give a bit better picture of what's out there.