[clug] My windows box got rooted last week... how at risk is
Linux?
Kim Holburn
kim.holburn at gmail.com
Wed Jun 11 09:00:18 GMT 2008
On 2008/Jun/11, at 2:08 AM, Jason Stokes wrote:
> Appeared to be downloading trojanish stuff over http from urls I
> never connect to. I had to pull the internet connection and spend
> the weekend reinstalling everything. I hate Microsoft.
>
> I've heard of Linux getting rooted, but the distros are pretty
> secure out of the box these days, right?
Yes but you can easily configure linux badly and I've seen it done. A
linux box doesn't have to be rooted to be doing bad.
While linux in general is less insecure than windows, I believe it is
entirely possible to configure a linux box so it is secure, really
really secure, using SELinux or App Armour etc. Mind you, I've never
known anyone who actually did it successfully though ;-) and I guess
that kind of hardening would be much more suitable for a server rather
than a desktop.
> I don't hear much about Linux viruses, or massive botnets of Linux
> boxes.
Negligible viruses. Linux is still fairly diverse. It is vulnerable
to network attacks but not usually automated attacks like windows is.
Each attack needs a person so you can't get botnets. On the other
hand, I have heard that the botnets are sometimes controlled by pwned
linux servers.
Unless you have a really good reason, put a firewall between the
machine and the internet. That goes quadruple for windows boxes.
Auscert has papers on how to secure machines on the internet. Strange
I seem to only be able to find unix/linux.
AusCERT UNIX and Linux Security Checklist:
https://www.auscert.org.au/render.html?it=1935
cert has tips for all OSes:
http://www.cert.org/tech_tips/before_you_plug_in.html
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux
mailing list