Maybe linux isn't as safe as you would think after all.....

[madasahatter]

http://www.theregister.co.uk/2008/09/04/linux_rootkit_released/

[Rik]

Well, that will change the direction of OS discussions a bit, won't it.

[esh]

You'll need to be su/root to do anything truly devious. If you're sensible, you won't be. Windows you generally have to be admin/root to do anything useful. Spent 3 hours getting a game to run in multiplayer on Vista the other day. It would not find any other computer at all and the game was giving generic errors. As soon as the account was upgraded to admin class, presto, all is just fine. This is an inherent flaw with the method of Windows, mostly because security was not really an issue when the foundations the modern OS is built on was made - namely Win 3.0/3.1. To fix it, you destroy backwards compatibility and the general user base's expectations.

I have to admit even I have given up running Windows as non-admin. I want to change my power settings on my laptop or my network settings when I'm plugging in.... argh.

[Rik]

I know what you mean about backwards compatibility. At some point, MS are going to have to start afresh, and not try to build in all the legacy support. Risky decision for them, though.

[john]

I have to admit even I have given up running Windows as non-admin. I want to change my power settings on my laptop or my network settings when I'm plugging in.... argh.

I have to log on as root on the Unix servers at work too esh for the same reason.

[somanyholes]

Linux is as unsecure as most other os's. Linux gets hacked a lot, especially webservers etc. The main differences between linux/microsoft is that microsoft os's  get worms and linux generally doesn't. And yes mac's are as vulnerable as the next os regardless of how secure their users think they are.....

All os's have issues. The more marketshare an os gets, the more issues it will have due to more people playing with it and it becoming a bigger target therefore more people will attempt to bypass it's security.

[Dangerjunkie]

Well, that will change the direction of OS discussions a bit, won't it.

I don't think this really changes much. Rootkits existed on Unix systems before they ever did on Windows. In fact they take their name from the account name of the default Unix administrator, "root". This rootkit just uses a new and clever way to hide itself. Since this new technique leverages the  technology built into the processor it could be used on any OS, all someone has to do is write an installer for the OS of their choice to add the trick to whatever piece of malware they are working on. This implementation just happens to have reached our attention first on Linux. If it really is that good the bad guys will be working on bringing it to an OS near us all soon.

This technology allows malware to be hidden once a machine has been hacked. It is not a new hack the damages the security of the system; By the time it's of any use to an attacker you've already failed to keep them out and it's too late. The average user of any OS will only realise his machine has fallen if the malware makes it unacceptably slow or makes it malfunction in some way so whether it is hidden or not is most often irrelevant. A reformat is the only way to be 100% sure there's no nasties lurking once you realise it's happened.

The following are generally accepted:

• Every piece of software has bugs.
• Most of these are just annoying or can make the program crash.
• A few bugs allow really bad things to happen like unknown program code to be run with the permissions of whoever started the original program.
• If the program was started by the administrator this is very bad and this code can do anything to your system it likes.
• There is a probability of any program containing such a bug.
• The more programs you run as administrator the more chance there is that someone will be able to use one of these bugs against you to do something really bad.
• Therefore, the less programs you run as administrator the safer you are.
• Programs that take unknown data off the Internet are much more vulnerable as anybody could have "poisoned" this data.
• This makes running things like IE/Firefox/Opera/Safari, Email, Messenger, Media player or P2P software as administrator very dangerous. 

The big difference between Windows and Unix/Linux is the security model. As it ships, most editions of Windows assume every user will be an administrator. This problem is further compounded by the fact that this behaviour is encouraged in XP as many programs simply won't work as a non-admin user on Windows. I applaud MS for trying to address this in Vista. There is also the social-engineering aspect when a user is tricked into running a malicious program thinking it is something good. eCard anyone?

The Linux security model is entirely different. It was being hacked before windows was even thought of and the lessons were learned. It assumes that users will not be administrators by default and permission to do things is granted rather than everybody having it unless it's been taken away, a-la Windows. One of the first lessons any Linux administrator learns is "never take the name of root in vain." This means that you should never be root (the administrator) unless you need to be for the task you're doing right now. This isn't a limitation, it's also an important protection from the administrator's greatest enemy, himself. Imagine on Windows having two DOS prompts open and typing "del *.*" then suddenly realising you were in the wrong one and that one was in /windows/system32 rather than the folder you thought you were in. If you're not administrator then you'll get told no. If you were administrator then I hope you wanted to reinstall anyway.

In Linux if I do visit a booby-trapped website as an ordinary user and it manages to make Firefox do something bad it won't be able to touch any of the system files or affect the running of the kernel. This means that whatever nasty it is may be able to damage some of my user's files but it is very unlikely to be able to make changes to the OS underneath. Privilege escalation (the act of increasing a program's permission to that of administrator if it was started as an ordinary user) is also significantly harder on Linux than it is on XP. I can't comment on Vista as so far I've managed to avoid it.

I would qualify So's statement. Linux is insecure as any OS if you ignore the advice above and run your desktop as root. Most Linux versions I've used make this deliberately difficult to do. I visit some very bad sites in the course of my job and I've not had a breach on any of my machines in the last 5 years. Apache (the most used Linux web server) is the most popular server product in the world. If you look at the number of compromised Apache servers and MS IIS servers as a percentage of the total number of each installed you will find Apache wins hands down. Many, if not most, hacks are caused by people not keeping their servers up to date when security updates come out. No product on any OS is going to keep you safe if you just install it then leave it in the big wide world assuming everything will be OK.

I have been a Windows administrator on every version since Windows 95 until XP, except Windows Me, during the last 11 years. I've been a Linux admin for 6 years now. I see good in all of them. What I will say is that I choose to run Linux as my day to day OS as I have greater confidence in it and am more productive in it as I have to spend much less time looking after it. It's the right choice for me but I'm not saying it's the right choice for everyone.

All the best,
Paul.

[madasahatter]

Good post Paul 

The only problem I have is that, reading between the lines (and correct me if I'm wrong - I often am ) you are saying that only stupid users of linux would be open to this kind of attack. From where I'm standing, only stupid users of windows run without the relevant safeguards in place - unfortunately, due to the prevalence of the OS on machines bought by the general public, the majority of users of windows are probably generally "stupid" as far as that goes, and therefore you saying that windows gets far more problems percentage wise really means nothing tbh, as it has more than it's fair share of "stupid" users (I know a fair few of them )

Don't get me wrong, I regularly administer both windows and linux (including apache) systems in my job, and my OP wasn't against linux and for windows per se - it was merely pointing out that linux perhaps isn't as foolproof or safe as some of the evangelists would have you believe.

[Dangerjunkie]

Hi,

That wasn't quite my intent. My most current experience of Windows is XP (I'm keeping away from Vista until  it's a bit more mature.) What I was getting at was that if I went to PC World, bought a brand new PC with XP and switched it on it would make me administrator by default and that I would have to understand this was bad and actively do something to make a restricted user to mitigate the problem. I would them probably have trouble with not being able to change power settings, wireless etc.

If I take Linux out of the box it will make me a normal user by default rather than an administrator and I would need to enter the root password when I wanted to do something that affected the whole system. I was trying to make the point that I would have to actively do something stupid to make myself administrator all the time and open up the same can of worms the new Windows user faces by default. I believe that the non-technical PC user, particularly the newbie will accept the default configuration assuming it to be the way things should be which I why I prefer things to default to safe and require a conscious action to make them unsafe rather than the other way around.

Cheers,
Paul.

[madasahatter]

Get your point entirely, but to the average user who wants things as easy as possible? Unfortunately, this is the average windows user simply because they are the peeps most likely to buy a new computer. The OS shouldn't be to blame for the shortcomings of it's users - but all too often it is 

[Dangerjunkie]

I agree but I don't think changing this would be a problem for users. Mac users accept that when they install a piece of software a little box will pop up saying that this is a system action. Please make sure you really want to do it. Enter your password to proceed. I've never once heard a Mac user complain about this as a burden or imposition.

Software authors should understand more about their computers and what is right or wrong than the average user. The average user will take the easy route to their goal. If we want them to do the right or responsible thing then we need to make sure the software we write makes doing the right thing the easy option.

I understand one problem with Vista (and security products like Zonealarm) is that the pop messages far too often asking for permission to do things. The average user will, quite quickly, become desensitised to these warnings and click "yes" without reading them as they need to in order to "make it work." Most Windows users I know will stick a CD in or download something then just click "OK" on everything that pops up, assuming it will get them the result they want. This is leveraged by a number of adware/spyware products to get install permission or to stop someone uninstalling (I know one that pops one box that says  "Are you sure you want to uninstall Crapware Deluxe?" then another that says something like "Do you want to continue leveraging click tracking to receive targeting benefits?" - If the user clicks yes on both then the package doesn't uninstall, you have to click yes, no.) The password box appearing on Mac or Linux is an infrequent occurrence and I've seen some of the least computer literate people I know on Macs stop and think when it happens. It really does work.

I would also argue for permissions to be set depending on what a machine is. On a server I consider it quite proper that only the administrator should be allowed to select which network a wireless adaptor connects to. On a laptop however this is entirely different. Ubuntu, for example, gets it right. Ordinary users can change this unless the owner takes that right away in the user manager. I'm all for letting a single user change what the need to change but keeping the dangerous stuff locked so they can't accidentally touch it without knowing.

Cheers,
Paul.

[Simon]

In my limited experience with Ubuntu, one annoyance I find is that I can't just simply download and install something, without fiddling about with the package manager, which isn't always up to date.  For example, I wanted to install SeaMonkey, and the latest version is 1.1.11, but it's only up to 1.1.09 in the package manager, so I'm missing out on security updates and patches.  Apparently it is possible to manually install the latest version, but to do so, you have to know enough codes and commands to launch a NASA space shuttle!  Most users want a simple 'point and click' OS, not to have to learn, what is essentially, a new language in order to use Linux.

[Sebby]

My experience was the same, Simon. I found that everything was a hassle. I'm sure that more experience would have changed my perception a bit.

[Rik]

That's the key really. Most of us want to just get on and do things, not have to learn how to. Once you have years of investment in Windows, it makes it hard to change.

[Dangerjunkie]

I find it interesting that you perceive one of the great beauties of the system as an annoyance. The whole point of the package manager is that you don't have to download stuff then worry about installing it. You press search, enter the name or some keyword that describes what you want, select the application from the list, hit install then apply. The package manager downloads it and anything else that's required to run it like other packages or DLLs, sets it up then keeps it up to date automatically for you. I find the package manager so much easier than downloading by hand, installing then having to remember to go back and check for updates. I only ever download programs and install them by hand as a last resort now. Hand installing software can be challenging and I wouldn't recommend it for someone just starting out.

You do have a valid point about Ubuntu's software not being as up to date as it might. That is a deliberate decision on their part. They use the Debian definition of what is "stable" software so their policy is to by default always have the latest release of everything that they consider proven. Unless an update is security critical they stand back a bit and wait for the bug reports to come in instead of always installing the latest release of everything immediately. Being slightly behind the curve has never really beei a problem to me and I think I've only found two programs in the last year that I needed (rather than wanted) a newer version than was in the system. You can bring what the package manager installs much more up to date by ticking the "backports" and "proposed" sections in the "repositories" section. I've done this and haven't perceived any bad consequences. Their are other Linux distributions that like to be far more bleeding edge and you might be more comfortable with one of those. I can ask our group for a recommendation if you like.

Cheers,
Paul.

[Simon]

I'm happy to try any distros, Paul, as long as they can go onto an Asus Eee PC.  I actually have my Ubuntu more or less as I want it now, but hardly ever use it, more through limitations of the hardware than anything else.  As Rik said, though, after years of using Windows, I can't see myself fully switching to Linux any time soon.

[Sebby]

Good post, Paul, and certainly shows it from another angle.

[esh]

Yeah... Paul basically nailed what I was getting at

Any security model is useless if the end user doesn't use it properly. It's an issue of trust as with all things. If the OS security model trusts the user and they screw up, it may as well not be there. If the OS security model doesn't trust the user you get Vista. *cough* At least before SP1.

It is very easy to do things as non-root in Unix. It is not so in Windows. That is all what I was saying comes down to.

It's true that Unix has lead to a lot of awesome innovations too - because of its previous deficiencies. Things like OpenSSH are now part of *nix like notepad is part of Windows. For those that don't know, OpenSSH allows you to effectively open an encrypted command line shell to a remote system. Prior to this, telnet was order of the day, plain and unencrypted, and basically asking for it. Those were more innocent times. Children roamed happily in the street and nobody locked their doors and... okay, maybe not.

If you think Ubuntu's software repository is old, try Debian's!
For the most part I try to stick to the package manager. This is how the operating system is *meant* to work. However, you occasionally have to step in yourself. This isn't usually too hard, especially if you install the package for yourself locally not globally.

If you want to try a distribution with *really* up-to-date packages, then Arch Linux is the way to go. But beware, it's mostly for old-hands at *nix.

There's nothing quite like installing a fresh copy of a Linux distro then simply typing "sudo apt-get install xorg emacs openoffice gcc g++ gimp xmms..." and coming back half-an-hour later to have a complete system. No driver grabbing or so on as like with Windows. The joys of high-speed internet and large hard drives.

[Simon]

I like the way you say "simply typing" sudo apt-get install...etc.  That would take me half an hour on it's own! 

[madasahatter]

Typing all that doesn't look too simple to me either Simon - and I work with some linux systems in my job 

[john]

....... The joys of high-speed internet and large hard drives.

It may well have been when I installed Linux if it hadn't steadfastly refused to recognize my (then) Speedtouch modem (okay I was with Orange Dial-up at the time so it wouldn't have been 'highspeed')