[clug] My windows box got rooted last week... how at risk is Linux?

Paul Wayper paulway at mabula.net
Wed Jun 11 01:25:57 GMT 2008

Hash: SHA1

Jason Stokes wrote:
| Appeared to be downloading trojanish stuff over http from urls I never
connect to.  I had to pull the internet connection and spend the weekend
reinstalling everything.  I hate Microsoft.
| I've heard of Linux getting rooted, but the distros are pretty secure out of
the box these days, right?  I don't hear much about Linux viruses, or massive
botnets of Linux boxes.

Linux boxes do get rooted, usually by exploits based on web packages such as
WordPress, Joomla, Webmin, AWStats and so forth.  A lot of these projects have
gone through extensive clean-ups, but anything that does any scripting is a

However, Windows and Linux get attacked for different reasons.  Linux servers
typically get rooted to set up phishing sites and host other nasties, often in
a 'set and forget' style.  They're basically hoping that the admin won't pick
up a few strange URLs in the access logs.  Windows machines are used as bots
that actively work as part of the botnet, which might include components to
send email, host files and attack computers, but they do most of that
themselves rather than assuming you've got a webserver installed and people
are allowed in through your firewall.  A few exploits I've seen have Linux
servers used in more traditional rootkits, where a root shell is opened up to
remote connections from the internet, but that's dying off - mainly because
cracking is now ruled by large illegal business operations rather than script
kiddies and they don't have the time to sit at a console and herd bots manually.

So basically Linux on the desktop is very secure, for two reasons.  Foremost,
it's an environment that the bot writers just don't give much consideration
to, although that may change.  Secondly, security has always been baked into
Linux rather than being the kludge it is with Windows.  There's plenty of good
evidence to show that even with a vulnerable web application, SELinux (which
comes standard in most distros now) will stop any tainted code doing anything
to the operating system (or even your own files).  And if you're not running a
web server on your desktop (not an unusual thing for a Linux web hacker to do
then you can completely ignore about 90% of the real threats to your desktop

There are plenty of people on the list, myself included, who are happy to help
with installing Linux and getting yourself set up.  Windows Virus removal is
... less commonly offered... :-)


Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


More information about the linux mailing list